Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , ,
Tasks:
- join
- leave
Start using this module
Add this module to your Puppetfile:
mod 'simp-simp_ipa', '0.4.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
Description
This is a module for managing simp_ipa server and client installations.
Reference
See REFERENCE.md for the full module reference.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they may be submitted to our bug tracker.
Setup
What simp_ipa affects
The simp_ipa module is quite minimal at the moment, it can only join and
remove hosts from an IPA domain.
Usage
The simp_ipa class is a just a placeholder for now.
simp_ipa::client::install and related parameters will run ipa-client-install on systems if it needs it. You can either use discovery
(provided you have DNS set up correctly) or manually set all the parameters
required. See the reference material for further documentation.
Tasks
Join a domain using ipa-client-install:
bolt task run simp_ipa::join --nodes <nodes> server=ipa.example.com options='--verbose --mkhomedir'
Other options can be added to the options parameter, like
options='--mkhomedir --verbose'.
Leave a domain:
bolt task run simp_ipa::leave --nodes <nodes> domain=<domain> options='--verbose'
Tasks are also available from the Puppet Enterprise console.
Development
Please read our Contribution Guide.
Acceptance tests
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle install
bundle exec rake beaker:suites
NOTE: When testing this module, you will probably want to run with
BEAKER_destroy=no, install the simp_ipa client locally and connect to the
running VM to ensure proper functionality.
Please refer to the SIMP Beaker Helpers documentation for more information.
Reference
Table of Contents
Classes
Public Classes
simp_ipa: Placeholder class for nowsimp_ipa::client::install: Run ipa-client-install on puppet clients
Private Classes
simp_ipa::client::packages: Class to contain packages required for simp::simp_ipa::install
Tasks
Classes
simp_ipa
Placeholder class for now
simp_ipa::client::install
Run ipa-client-install on puppet clients
-
Note Not all parameters here are required. If the DNS is properly configured on the host, nothing needs to be set besides $password. Be sure to read the man page in ipa-client-install or the help for guidance
-
See also
- ipa-client-install(1)
Parameters
The following parameters are available in the simp_ipa::client::install class:
ensureip_addresshostnamepasswordprincipalserverdomainrealmno_acinstall_optionsipa_client_ensureadmin_tools_ensurentp_server
ensure
Data type: Enum['present','absent']
'present' to add host to an IPA domain, 'absent' to remove
ip_address
Data type: Optional[Array[Simplib::IP]]
IP address of host being connected
Default value: undef
hostname
Data type: Optional[Simplib::Hostname]
Hostname of the host being connected
Default value: undef
password
Data type: Optional[String]
The password used for joining. The password can be of one of two types:
- If $principal is set, this is the password relating to that administrative user
- A one time password. A host-based one-time-password generated by
ipa host-addor the GUI
Default value: undef
principal
Data type: Optional[String]
The administrative user krb5 principal that $password relates to, if the $password is not a one time password
Default value: undef
server
Data type: Optional[Array[Simplib::Hostname]]
IPA server to connect to
Default value: undef
domain
Data type: Optional[Simplib::Hostname]
IPA Domain
Default value: undef
realm
Data type: Optional[String]
IPA Realm
Default value: undef
no_ac
Data type: Boolean
Run without authconfig, defaults to true, appropriate on systems
using simp/pam
Default value: true
install_options
Data type: Hash
Hash of other options for the ipa-client-install command. Any key
here that is also a class parameters will be overwritten with the value
of the corresponding class parameter. Also, if the option doesn't need a
value, (e.g., the debug option), just set the value of the setting to
Undef or nil in Hiera.
@see ipa-client-install --help
Default value: {}
ipa_client_ensure
Data type: String
Ensure attribute of the package resource managing the ipa-client package
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
admin_tools_ensure
Data type: String
Deprecated: Was only applicable on EL6.
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
ntp_server
Data type: Optional[Array[Simplib::Host]]
Default value: undef
Tasks
join
Join nodes to an IPA domain
Supports noop? false
Parameters
server
Data type: Optional[Simplib::Host]
The IPA server to join to
hostname
Data type: Optional[Simplib::Hostname]
The hostname of the node to be set
password
Data type: Optional[String]
Password for authorization to the IPA server
principal
Data type: Optional[String]
Kerberos principal for authorization
domain
Data type: Optional[Simplib::Hostname]
IPA domain to join
realm
Data type: Optional[String]
IPA kerberos realm to join
ip_address
Data type: Optional[Array[Simplib::IP]]
IP address of the host, used in for creating DNS records in IPA
options
Data type: Optional[String]
Other command line options from ipa-client-install, specified as an argument string. For example: --verbose
leave
Leave an IPA domain
Supports noop? false
Parameters
options
Data type: Optional[String]
Other command line options from ipa-client-install, specified as an arguments string. For example: --verbose
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
- Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 0.4.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
- These updates may include the following:
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.0
- Add RockyLinux 8 support
- Fri Jul 30 2021 Liz Nemsick lnemsick.simp@gmail.com - 0.2.1
- Drop advertised support for EL8, as
simp_ipa::client::installhas not been updated to integrate with the SIMP-managed PAM stack on EL8.
- Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.2.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Wed Jan 13 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.1.1
- Removed EL6 from supported OSes
- Deprecated
simp_ipa::client::install::admin_tools_ensure. It was only used for EL6.
- Tue Dec 10 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.0
- Add support for EL8
- Tue Dec 10 2019 Alexander Fisher alex@infratech.co.uk - 0.1.0
- Make IPA server optional in join task
- Fri Aug 02 2019 Robert Vincent pillarsdotnet@gmail.com - 0.1.0
- Drop Puppet 4 support
- Add Puppet 6 support
- Add puppetlabs-stdlib 6 support
- Thu Mar 07 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.0.2
- Update the upper bound of stdlib to < 6.0.0
- Update a URL in the README.md
- Tue Feb 05 2019 Nick Miller nick.miller@onyxpoint.com - 0.0.2
- Added Puppet Tasks for joining and leaving a domain
- Fix bug where ntp-server wasn't passed in client install
- Thu May 17 2018 Trevor Vaughan tvaughan@onyxpoint.com - 0.0.1
- Initial release of the simp_ipa module
Dependencies
- simp/simplib (>= 4.9.0 < 5.0.0)
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
- puppetlabs-ruby_task_helper (>= 0.2.0)
simp_ipa - Puppet module for managing simp_ipa server and client
Per Section 105 of the Copyright Act of 1976, these works are not entitled to
domestic copyright protection under US Federal law.
The US Government retains the right to pursue copyright protections outside of
the United States.
The United States Government has unlimited rights in this software and all
derivatives thereof, pursuant to the contracts under which it was developed and
the License under which it falls.
---
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.