Commit 5d0bf8fc authored by Fabien Combernous's avatar Fabien Combernous

Resolve "add fact that gives ipa role"

parent 61224e85
Facter.add(:iparole) do
confine kernel: 'Linux'
setcode do
pkicfg = '/etc/pki/pki-tomcat/ca/CS.cfg'
if File.exist? pkicfg
data = Facter::Core::Execution.execute("cat #{pkicfg}")
role = if data.gsub!(%r{ca.crl.MasterCRL.enableCRLUpdates=true}, '')
'master'
elsif data.gsub!(%r{ca.crl.MasterCRL.enableCRLUpdates=false}, '')
'replica'
else
nil
end
else
role = if (!File.exist? '/usr/sbin/ipactl') && (File.exist? '/usr/sbin/ipa-client-install')
'client'
else
nil
end
end
role
end
end
......@@ -6,6 +6,7 @@
#
class freeipa::install::client {
if ! $facts['iparole'] or $facts['iparole'] == 'client' {
package{$freeipa::ipa_client_package_name:
ensure => present,
}
......@@ -66,4 +67,7 @@ class freeipa::install::client {
require => Package[$freeipa::sssd_package_name],
}
}
} else {
fail ("to change ipa_role from '${facts['iparole']}' to 'client' is not supported.")
}
}
......@@ -5,6 +5,7 @@
# include freeipa::install::server
class freeipa::install::server {
if $facts['iparole'] != 'client' {
Exec {
path => '/usr/local/bin/:/bin/:/sbin',
}
......@@ -103,5 +104,7 @@ class freeipa::install::server {
freeipa::helpers::flushcache { "server_${freeipa::ipa_server_fqdn}": }
class {'freeipa::config::admin_user': }
} else {
fail ("to change ipa_role from '${facts['iparole']}' to '${freeipa::ipa_role}' is not supported.")
}
}
......@@ -20,6 +20,7 @@ class freeipa::install::server::master {
--auto-reverse \
--unattended"
if ! $facts['iparole'] or $facts['iparole'] == 'master' {
file { '/etc/ipa/primary':
ensure => 'file',
content => 'Added by IPA Puppet module. Designates primary master. Do not remove.',
......@@ -39,5 +40,7 @@ class freeipa::install::server::master {
minute => '*/1',
require => Package[$freeipa::kstart_package_name],
}
} else {
fail ("to change ipa_role from '${facts['iparole']}' to 'master' is not supported.")
}
}
......@@ -18,6 +18,7 @@ class freeipa::install::server::replica {
${freeipa::install::server::server_install_cmd_opts_no_ui_redirect} \
--unattended"
if ! $facts['iparole'] or $facts['iparole'] == 'replica' {
# TODO: config-show and grep for IPA\ masters
file { '/etc/ipa/primary':
ensure => 'file',
......@@ -38,5 +39,7 @@ class freeipa::install::server::replica {
minute => '*/1',
require => Package[$freeipa::kstart_package_name],
}
} else {
fail ("to change ipa_role from '${facts['iparole']}' to 'replica' is not supported.")
}
}
......@@ -88,6 +88,55 @@ describe 'freeipa class' do
end
end
context 'with ipa_role replica on master' do
hosts_as('master').each do |master|
it 'fails' do
pp = <<-EOS
class { 'freeipa':
ipa_role => 'replica',
domain => 'example.lan',
ipa_server_fqdn => 'ipa-server-1.example.lan',
admin_password => 'vagrant123',
directory_services_password => 'vagrant123',
install_ipa_server => true,
ip_address => '10.10.10.35',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
install_epel => true,
webui_disable_kerberos => true,
webui_enable_proxy => true,
webui_force_https => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
}
EOS
apply_manifest_on(master, pp, expect_failures: true)
end
end
end
context 'with ipa_role client on master' do
hosts_as('master').each do |master|
it 'fails' do
pp = <<-EOS
class { 'freeipa':
ipa_role => 'client',
domain => 'example.lan',
admin_password => 'vagrant123',
directory_services_password => 'vagrant123',
password_usedto_joindomain => 'vagrant123',
ip_address => '10.10.10.35',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
}
EOS
apply_manifest_on(master, pp, expect_failures: true)
end
end
end
context 'Test ssh connnections for toto user with pre-defined ssh-key' do
# Install ssh key on root on master
hosts_as('master').each do |master|
......
require 'spec_helper'
describe 'freeipa::install::client' do
context 'with node not yet configured' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
......@@ -25,4 +24,55 @@ describe 'freeipa::install::client' do
it { is_expected.to compile }
end
end
end
context 'with node configured as client' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'client') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'client',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
context 'with node configured as master' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'master') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'client',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'master' to 'client' is not supported}) }
end
end
end
end
require 'spec_helper'
describe 'freeipa::install::server::master' do
context 'with node not yet configured' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:pre_condition) do
......@@ -25,4 +24,80 @@ describe 'freeipa::install::server::master' do
it { is_expected.to compile }
end
end
end
context 'with node configured as master' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'master') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
context 'with node configured as replica' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'replica') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'replica' to 'master' is not supported}) }
end
end
end
context 'with node configured as client' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'client') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'client' to 'master' is not supported}) }
end
end
end
end
require 'spec_helper'
describe 'freeipa::install::server::replica' do
context 'with node not yet configured' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:pre_condition) do
......@@ -25,4 +24,80 @@ describe 'freeipa::install::server::replica' do
it { is_expected.to compile }
end
end
end
context 'with node configured configured as replica' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'replica') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'replica',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
context 'with node configured configured as master' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'master') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'replica',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'master' to 'replica' is not supported}) }
end
end
end
context 'with node configured configured as client' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'client') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'replica',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'client' to 'replica' is not supported}) }
end
end
end
end
......@@ -3,6 +3,7 @@
require 'spec_helper'
describe 'freeipa::install::server' do
context 'with node not yet configured' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
......@@ -25,4 +26,55 @@ describe 'freeipa::install::server' do
it { is_expected.to compile }
end
end
end
context 'with node configured as master' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'master') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile }
end
end
end
context 'with node configured as client' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(iparole: 'client') }
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
it { is_expected.to compile.and_raise_error(%r{to change ipa_role from 'client' to 'master' is not supported}) }
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment