README.md 4.38 KB
Newer Older
1
# Freeipa Puppet module
2 3


4
#### Table of Contents
5

6 7 8 9 10 11 12 13
1. [Description](#description)
2. [Setup - The basics of getting started with Freeipa Puppet Module](#setup)
    * [What Freeipa Puppet module affects](#what-freeipa-pupppet-module-affects)
    * [Setup requirements](#setup-requirements)
3. [Usage - Configuration options and additional functionality](#usage)
4. [Limitations - OS compatibility, etc.](#limitations)
5. [Authors](#authors)
6. [License](#license)
14

15 16
## Description

17
This module will install and configure FreeIPA servers, replicas, and clients.
18 19 20 21 22

## Setup

### What Freeipa Pupppet module affects

23 24 25 26 27 28 29 30 31
The module should not affect a previous installation of FreeIPA, it should fail trying.

Below are all items that module can affect:

 - Modifiy /etc/hosts

 - Modify /etc/resolv.conf

 - Install the following packages if not present: autofs, bind-dyndb-ldap, epel-release, sssd-common, sssdtools, ipa-client, ipa-server, ipa-server-dns, kstart, openldap-clients
32 33 34 35 36


Installation of Freeipa server will obviously install a ntp server, a DNS server, a LDAP Directory, a Kerberos server, apache, Certmonger and PKI Tomcat.

### Setup Requirements
37 38 39 40 41 42 43 44 45

This module requires [puppetlabs/stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib) >= 4.13.0.

## Usage

### Example usage:

Creating an IPA master, with the WebUI proxied to `https://localhost:8440`.
```puppet
46
class {'freeipa':
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
    ipa_role                    => 'master',
    domain                      => 'vagrant.example.lan',
    ipa_server_fqdn             => 'ipa-server-1.vagrant.example.lan',
    admin_password              => 'vagrant123',
    directory_services_password => 'vagrant123',
    install_ipa_server          => true,
    ip_address                  => '192.168.44.35',
    enable_ip_address           => true,
    enable_hostname             => true,
    manage_host_entry           => true,
    install_epel                => true,
    webui_disable_kerberos      => true,
    webui_enable_proxy          => true,
    webui_force_https           => true,
}
```

Adding a replica:
```puppet
66
class {'::freeipa':
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
    ipa_role             => 'replica',
    domain               => 'vagrant.example.lan',
    ipa_server_fqdn      => 'ipa-server-2.vagrant.example.lan',
    domain_join_password => 'vagrant123',
    install_ipa_server   => true,
    ip_address           => '192.168.44.36',
    enable_ip_address    => true,
    enable_hostname      => true,
    manage_host_entry    => true,
    install_epel         => true,
    ipa_master_fqdn      => 'ipa-server-1.vagrant.example.lan',
}
```

Adding a client:
```puppet
83
class {'::freeipa':
84 85 86 87 88 89 90 91
ipa_role             => 'client',
domain               => 'vagrant.example.lan',
domain_join_password => 'vagrant123',
install_epel         => true,
ipa_master_fqdn      => 'ipa-server-1.vagrant.example.lan',
}
```

92 93 94
### REFERENCE

A full description can be found in `REFERENCE.md`.
95 96 97

## Limitations

98
IPA masters and replicas works only on Centos >= 7.5
99

100 101 102 103 104 105 106 107
Acceptance tests are done :

 * with puppet5 from puppetlabs packages.

 * master and replica with centos7

 * clients with centos7 and ubuntu1604

Fabien Combernous's avatar
Fabien Combernous committed
108 109
Even if puppet4 should work, it is not tested.

110 111 112
## Authors

Original work from Harvard University Information Technology, mainly written by Rob Ruma (https://github.com/huit/puppet-ipa)
113

114
then forked by John Puskar (https://github.com/jpuskar/puppet-freeipa)
115

116 117 118 119
then forked by ADULLACT (https://gitlab.adullact.net/adullact/puppet-freeipa) currently written by :
  * ADULLACT with Fabien Combernous
  * PHOSPHORE.si with Scott Barthelemy and Bertrand RETIF

120 121 122
## License

    Copyright (C) 2013 Harvard University Information Technology
123 124
    Copyright (C) 2018 Association des Développeurs et Utilisateurs de Logiciels Libres
                         pour les Administrations et Colléctivités Territoriales.
125

126 127 128 129
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
130

131 132 133 134
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
135

136 137
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
138