Puppet Class: ipa::master

Defined in:
manifests/master.pp

Overview

Class: ipa::master

This class configures an IPA master

Parameters:

Actions:

Requires: Exported resources, puppetlabs/puppetlabs-firewall, puppetlabs/stdlib

Sample Usage:

Parameters:

  • svrpkg (Any) (defaults to: {})
  • dns (Any) (defaults to: {})
  • realm (Any) (defaults to: {})
  • domain (Any) (defaults to: {})
  • adminpw (Any) (defaults to: {})
  • dspw (Any) (defaults to: {})
  • kstart (Any) (defaults to: {})
  • sssd (Any) (defaults to: {}) 


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'manifests/master.pp', line 13

class ipa::master (
  $svrpkg  = {},
  $dns     = {},
  $realm   = {},
  $domain  = {},
  $adminpw = {},
  $dspw    = {},
  $kstart  = {},
  $sssd    = {}
) {

  Ipa::Serverinstall[$::fqdn] -> Service['ipa'] -> Ipa::Hostadd <<| |>> -> Ipa::Replicareplicationfirewall <<| tag == 'ipa-replica-replication-firewall' |>> -> Ipa::Replicaprepare <<| tag == 'ipa-replica-prepare' |>>

  Ipa::Replicareplicationfirewall <<| tag == 'ipa-replica-replication-firewall' |>>
  Ipa::Replicaprepare <<| tag == 'ipa-replica-prepare' |>>
  Ipa::Hostadd <<| |>>

  $principals = suffix(prefix([$::fqdn], "host/"), "@${ipa::master::realm}")

  if $::osfamily != 'RedHat' {
    fail("Cannot configure an IPA master server on ${::operatingsystem} operating systems. Must be a RedHat-like operating system.")
  }

  realize Package[$ipa::master::svrpkg]

  if $ipa::master::sssd {
    realize Service["sssd"]
  }

  if $ipa::master::kstart {
    realize Package["kstart"]
  }

  realize Service['ipa']

  $dnsopt = $ipa::master::dns ? {
    true    => '--setup-dns',
    default => ''
  }

  ipa::serverinstall { "$::fqdn":
    realm   => $ipa::master::realm,
    domain  => $ipa::master::domain,
    adminpw => $ipa::master::adminpw,
    dspw    => $ipa::master::dspw,
    dnsopt  => $ipa::master::dnsopt,
    require => Package[$ipa::master::svrpkg]
  }

  firewall { "101 allow IPA master TCP services (http,https,kerberos,kpasswd,ldap,ldaps)":
    ensure => 'present',
    action => 'accept',
    proto  => 'tcp',
    dport  => ['80','88','389','443','464','636']
  }

  firewall { "102 allow IPA master UDP serivces (kerberos,kpasswd,ntp)":
    ensure => 'present',
    action => 'accept',
    proto  => 'udp',
    dport  => ['88','123','464']
  }

  @@ipa::replicapreparefirewall { "$::fqdn":
    source => $::ipaddress,
    tag    => "ipa-replica-prepare-firewall"
  }

  @@ipa::masterreplicationfirewall { "$::fqdn":
    source => $::ipaddress,
    tag    => "ipa-master-replication-firewall"
  }

  @@ipa::masterprincipal { "$::fqdn":
    realm => $ipa::master::realm,
    tag   => "ipa-master-principal"
  }

  @@ipa::clientinstall { "$::fqdn":
    masterfqdn => $::fqdn,
    domain     => $ipa::master::domain,
    realm      => $ipa::master::realm,
    dspw       => $ipa::master::dspw,
    otp        => '', 
    mkhomedir  => '', 
    ntp        => ''
  }
}