Puppet Class: realmd

Defined in:
manifests/init.pp

Summary

realmd

Overview

Installs, configures, and joins a domain using realmd. Optionally control the Kerberos client and SSSD configuration files and the SSSD service.

Default values for all parameters are in hiera.

Parameters:

  • realmd_package_name (String)

    The name of the main Realmd package

  • realmd_package_ensure (String)
  • realmd_config_file (Stdlib::Absolutepath)

    The absolute path of the Realmd configuration file

  • realmd_config (Hash)

    A hash of configuration options structured in an ini-style format

  • homedir_umask (String)

    A string of the umask for the default directory permissions created by mkhomedir with Debian

  • adcli_package_name (String)

    The name of the adcli package

  • adcli_package_ensure (String)
  • krb_client_package_name (String)

    The name of the Kerberos client package

  • krb_client_package_ensure (String)
  • sssd_package_name (String)

    The name of the main SSSD package

  • sssd_package_ensure (String)
  • sssd_service_name (String)

    The name of the SSSD service

  • sssd_service_ensure (String)
  • sssd_config_file (Stdlib::Absolutepath)

    The absolute path of the SSSD configuration file

  • sssd_config_cache_file (Stdlib::Absolutepath)
  • sssd_config (Hash)

    A hash of configuration options structured in an ini-style format

  • manage_sssd_config (Boolean)

    Enable or disable management of the SSSD configuration file

  • manage_sssd_service (Boolean)

    Enable or disable management of the SSSD service

  • manage_sssd_package (Boolean)
  • domain (String)

    The name of the domain to join

  • netbiosname (String)

    The computer name used with one-time-password (computer account) join

  • domain_join_user (Variant[String, Undef])

    The account to be used in joining the domain

  • domain_join_password (Variant[String, Undef])

    The password of the account to be used in joining the domain

  • one_time_password (Variant[String, Undef])

    The password of the prepared computer account

  • krb_ticket_join (Boolean)

    Enable of disable joining the domain via a Kerberos keytab

  • krb_keytab (Variant[Stdlib::Absolutepath, Undef])

    The absolute path to the Kerberos keytab file to be used in joining the domain

  • krb_config_file (Stdlib::Absolutepath)

    The absolute path to the Kerberos client configuration file

  • krb_config (Hash)

    A hash of configuration options structured in an ini-style format

  • manage_krb_config (Boolean)

    Enable or disable management of the Kerberos client configuration file

  • ou (Variant[String, Undef])

    The computer organizational unit

  • required_packages (Hash)

    A hash of package resources to manage for any auxilliary functionality

  • extra_join_options (Variant[Array, Undef])

    Extra arguments passed to realm join command

  • computer_name (Variant[String[1, 15], Undef, Boolean[false]])

    The computer name used with password join



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
# File 'manifests/init.pp', line 68

class realmd (
  String $realmd_package_name,
  String $realmd_package_ensure,
  Stdlib::Absolutepath $realmd_config_file,
  Hash $realmd_config,
  String $homedir_umask,
  String $adcli_package_name,
  String $adcli_package_ensure,
  String $krb_client_package_name,
  String $krb_client_package_ensure,
  String $sssd_package_name,
  String $sssd_package_ensure,
  String $sssd_service_name,
  String $sssd_service_ensure,
  Stdlib::Absolutepath $sssd_config_file,
  Stdlib::Absolutepath $sssd_config_cache_file,
  Hash $sssd_config,
  Boolean $manage_sssd_config,
  Boolean $manage_sssd_service,
  Boolean $manage_sssd_package,
  String $domain,
  String $netbiosname,
  Variant[String, Undef] $domain_join_user,
  Variant[String, Undef] $domain_join_password,
  Variant[String, Undef] $one_time_password,
  Boolean $krb_ticket_join,
  Variant[Stdlib::Absolutepath, Undef] $krb_keytab,
  Stdlib::Absolutepath $krb_config_file,
  Hash $krb_config,
  Boolean $manage_krb_config,
  Variant[String, Undef] $ou,
  Hash $required_packages,
  Variant[Array, Undef] $extra_join_options,
  Variant[String[1, 15], Undef, Boolean[false]] $computer_name,
) {
  if $krb_ticket_join == false {
    if ($domain_join_user and !$domain_join_password) {
      fail('Cannot set domain_join_user without domain_join_password')
    }
  }
  if ($domain_join_password and !$domain_join_user) {
    fail('Cannot set domain_join_password without domain_join_user')
  }
  if ($one_time_password and $domain_join_user) {
    fail('Cannot do a machine login with one_time_password, when a domain_join_user is set')
  }

  if $manage_sssd_config and empty($sssd_config) {
    fail('The sssd_config parameter cannot be an empty hash when managing the SSSD configuration')
  }

  if $manage_krb_config and empty($krb_config) {
    fail('The krb_config parameter cannot be an empty hash when managing the Kerberos client configuration')
  }

  contain 'realmd::install'
  contain 'realmd::config'
  contain 'realmd::join'
  contain 'realmd::sssd::config'

  Class['realmd::install']
  -> Class['realmd::config']
  ~> Class['realmd::join']
  -> Class['realmd::sssd::config']

  if $manage_sssd_service {
    contain 'realmd::sssd::service'
    Class['realmd::sssd::config'] ~> Class['realmd::sssd::service']
  }
}