Puppet Class: ipa::replica
- Defined in:
- manifests/replica.pp
Overview
Class: ipa::replica
This class configures an IPA replica
Parameters:
Actions:
Requires: Exported resources, puppetlabs/puppetlabs-firewall, puppetlabs/stdlib
Sample Usage:
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'manifests/replica.pp', line 13
class ipa::replica (
$svrpkg = {},
$adminpw = {},
$dspw = {},
$kstart = {},
$sssd = {}
) {
Class['ipa::client'] -> Ipa::Masterprincipal <<| tag == 'ipa-master-principal' |>> -> Ipa::Replicapreparefirewall <<| tag == 'ipa-replica-prepare-firewall' |>> -> Ipa::Masterreplicationfirewall <<| tag == 'ipa-master-replication-firewall' |>> -> Ipa::Replicainstall[$::fqdn] -> Service['ipa']
Ipa::Replicapreparefirewall <<| tag == 'ipa-replica-prepare-firewall' |>>
Ipa::Masterreplicationfirewall <<| tag == 'ipa-master-replication-firewall' |>>
Ipa::Masterprincipal <<| tag == 'ipa-master-principal' |>>
if $::osfamily != "RedHat" {
fail("Cannot configure an IPA replica server on ${::operatingsystem} operating systems. Must be a RedHat-like operating system.")
}
realize Package[$ipa::replica::svrpkg]
realize Service['ipa']
if $ipa::replica::kstart {
realize Package["kstart"]
}
if $ipa::replica::sssd {
realize Service["sssd"]
}
firewall { "101 allow IPA replica TCP services (kerberos,kpasswd,ldap,ldaps)":
ensure => 'present',
action => 'accept',
proto => 'tcp',
dport => ['88','389','464','636']
}
firewall { "102 allow IPA replica UDP services (kerberos,kpasswd,ntp)":
ensure => 'present',
action => 'accept',
proto => 'udp',
dport => ['88','123','464']
}
ipa::replicainstall { "$::fqdn":
adminpw => $ipa::replica::adminpw,
dspw => $ipa::replica::dspw,
require => Package[$ipa::replica::svrpkg]
}
@@ipa::replicareplicationfirewall { "$::fqdn":
source => $::ipaddress,
tag => "ipa-replica-replication-firewall"
}
@@ipa::replicaprepare { "$::fqdn":
dspw => $ipa::replica::dspw,
tag => "ipa-replica-prepare"
}
}
|