Puppet Class: stns::client

Defined in:
manifests/client.pp

Overview

Class: stns::client

stns::client is to install and configure libnss-stns.

Parameters:

  • api_end_point (Variant[String, Array]) (defaults to: 'http://localhost:1104')
  • user (Optional[String]) (defaults to: undef)
  • password (Optional[String]) (defaults to: undef)
  • wrapper_path (String) (defaults to: '/usr/local/bin/stns-query-wrapper')
  • chain_ssh_wrapper (Optional[String]) (defaults to: undef)
  • ssl_verify (Boolean) (defaults to: true)
  • request_timeout (Integer) (defaults to: 3)
  • http_proxy (Optional[String]) (defaults to: undef)
  • request_header (Optional[Hash]) (defaults to: undef)
  • uid_shift (Integer) (defaults to: 0)
  • gid_shift (Integer) (defaults to: 0)
  • libnss_stns_ensure (String) (defaults to: 'present')
  • libpam_stns_ensure (String) (defaults to: 'present')
  • handle_nsswitch (Boolean) (defaults to: false)
  • handle_sshd_config (Boolean) (defaults to: false) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'manifests/client.pp', line 5

class stns::client (
  Variant[String, Array] $api_end_point      = 'http://localhost:1104',
  Optional[String]       $user               = undef,
  Optional[String]       $password           = undef,
  String                 $wrapper_path       = '/usr/local/bin/stns-query-wrapper',
  Optional[String]       $chain_ssh_wrapper  = undef,
  Boolean                $ssl_verify         = true,
  Integer                $request_timeout    = 3,
  Optional[String]       $http_proxy         = undef,
  Optional[Hash]         $request_header     = undef,
  Integer                $uid_shift          = 0,
  Integer                $gid_shift          = 0,
  String                 $libnss_stns_ensure = 'present',
  String                 $libpam_stns_ensure = 'present',
  Boolean                $handle_nsswitch    = false,
  Boolean                $handle_sshd_config = false,
) {

  require stns::repo

  include stns::client::install
  include stns::client::config

  Class['stns::repo']
  -> Class['stns::client::install']
  -> Class['stns::client::config']

  if $handle_nsswitch {
    augeas { 'nsswitch stns':
      context => '/files/etc/nsswitch.conf',
      changes => [
        "set *[self::database = 'passwd']/service[1] files",
        "set *[self::database = 'passwd']/service[2] stns",
        "set *[self::database = 'shadow']/service[1] files",
        "set *[self::database = 'shadow']/service[2] stns",
        "set *[self::database = 'group']/service[1] files",
        "set *[self::database = 'group']/service[2] stns",
      ],
    }
  }

  if $handle_sshd_config {
    if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease != '7') {
      $cmd_user = 'AuthorizedKeysCommandRunAs'
    } else {
      $cmd_user = 'AuthorizedKeysCommandUser'
    }

    $ssh_service = $::osfamily ? {
      'RedHat' => 'sshd',
      'Debian' => 'ssh',
    }

    augeas {'sshd_config with stns':
      context => '/files/etc/ssh/sshd_config',
      changes => [
        'set PubkeyAuthentication yes',
        'set AuthorizedKeysCommand /usr/lib/stns/stns-key-wrapper',
        "set ${cmd_user} root",
      ],
      require => Package['openssh-server'],
      notify  => Service[$ssh_service],
    }
  }

}