README.md 4.3 KB
Newer Older
1
# Freeipa Puppet module
2

3
#### Table of Contents
4

5 6 7 8 9 10 11 12
1. [Description](#description)
2. [Setup - The basics of getting started with Freeipa Puppet Module](#setup)
    * [What Freeipa Puppet module affects](#what-freeipa-pupppet-module-affects)
    * [Setup requirements](#setup-requirements)
3. [Usage - Configuration options and additional functionality](#usage)
4. [Limitations - OS compatibility, etc.](#limitations)
5. [Authors](#authors)
6. [License](#license)
13

14 15
## Description

16
This module will install and configure FreeIPA servers, replicas, and clients.
17 18 19 20 21

## Setup

### What Freeipa Pupppet module affects

22 23 24 25
The module should not affect a previous installation of FreeIPA, it should fail trying.

Below are all items that module can affect:

26
 * Modifiy /etc/hosts (if `$freeipa::manage_host_entry` true)
27

28
 * Install the following packages if not present: autofs, bind-dyndb-ldap, epel-release, sssd-common, sssdtools, ipa-client, ipa-server, ipa-server-dns, kstart, openldap-clients
29 30 31 32

Installation of Freeipa server will obviously install a ntp server, a DNS server, a LDAP Directory, a Kerberos server, apache, Certmonger and PKI Tomcat.

### Setup Requirements
33

34 35 36 37 38
This module requires :

  * puppetlabs-stdlib

  * stahnma-epel
39 40 41 42 43 44 45

## Usage

### Example usage:

Creating an IPA master, with the WebUI proxied to `https://localhost:8440`.
```puppet
46
class {'freeipa':
47
    ipa_role                    => 'master',
48 49
    domain                      => 'example.lan',
    ipa_server_fqdn             => 'ipa-server-1.example.lan',
50 51 52
    admin_password              => 'vagrant123',
    directory_services_password => 'vagrant123',
    install_ipa_server          => true,
53
    ip_address                  => '10.10.10.35',
54 55 56 57 58 59 60 61 62 63 64 65
    enable_ip_address           => true,
    enable_hostname             => true,
    manage_host_entry           => true,
    install_epel                => true,
    webui_disable_kerberos      => true,
    webui_enable_proxy          => true,
    webui_force_https           => true,
}
```

Adding a replica:
```puppet
66
class {'::freeipa':
67
    ipa_role             => 'replica',
68 69
    domain               => 'example.lan',
    ipa_server_fqdn      => 'ipa-server-2.example.lan',
70 71
    domain_join_password => 'vagrant123',
    install_ipa_server   => true,
72
    ip_address           => '10.10.10.36',
73 74 75 76
    enable_ip_address    => true,
    enable_hostname      => true,
    manage_host_entry    => true,
    install_epel         => true,
77
    ipa_master_fqdn      => 'ipa-server-1.example.lan',
78 79 80 81 82
}
```

Adding a client:
```puppet
83
class {'::freeipa':
84
ipa_role             => 'client',
85
domain               => 'example.lan',
86 87
domain_join_password => 'vagrant123',
install_epel         => true,
88
ipa_master_fqdn      => 'ipa-server-1.example.lan',
89 90 91
}
```

92 93 94
### REFERENCE

A full description can be found in `REFERENCE.md`.
95 96 97

## Limitations

98
IPA masters and replicas works only on Centos >= 7.5
99

100 101 102 103 104 105 106 107
Acceptance tests are done :

 * with puppet5 from puppetlabs packages.

 * master and replica with centos7

 * clients with centos7 and ubuntu1604

Fabien Combernous's avatar
Fabien Combernous committed
108 109
Even if puppet4 should work, it is not tested.

110 111 112
## Authors

Original work from Harvard University Information Technology, mainly written by Rob Ruma (https://github.com/huit/puppet-ipa)
113

114
then forked by John Puskar (https://github.com/jpuskar/puppet-freeipa)
115

116 117 118 119
then forked by ADULLACT (https://gitlab.adullact.net/adullact/puppet-freeipa) currently written by :
  * ADULLACT with Fabien Combernous
  * PHOSPHORE.si with Scott Barthelemy and Bertrand RETIF

120 121 122
## License

    Copyright (C) 2013 Harvard University Information Technology
123 124
    Copyright (C) 2018 Association des Développeurs et Utilisateurs de Logiciels Libres
                         pour les Administrations et Colléctivités Territoriales.
125

126 127 128 129
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
130

131 132 133 134
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
135

136 137
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
138