Skip to content

Commit

Permalink
Replace ipa config execs by a single ipa console batch exec
Browse files Browse the repository at this point in the history
  • Loading branch information
@cmd-ntrf
cmd-ntrf committed Nov 22, 2024
1 parent 3bb08f2 commit 6606068
Showing 1 changed file with 12 additions and 39 deletions.
51 changes: 12 additions & 39 deletions site/profile/manifests/freeipa.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,17 +311,13 @@

$ipa_server_base_config = @("EOF")
api.Command.batch(
# { 'method': 'service_add', 'params': [['${service_name}'], {}]},
# { 'method': 'service_add_principal', 'params': [['${service_name}', 'jupyterhub/jupyterhub'], {}]},
# { 'method': 'role_add', 'params': [['JupyterHub'], {'description' : 'JupyterHub User management'}]},
# { 'method': 'role_add_privilege', 'params': [['JupyterHub'], {'privilege' : 'Group Administrators'}]},
# { 'method': 'role_add_privilege', 'params': [['JupyterHub'], {'privilege' : 'User Administrators'}]},
# { 'method': 'role_add_member', 'params': [['JupyterHub'], {'service' : '${service_name}'}]},
{ 'method': 'config_mod', 'params': [[], {'user-auth-type': 'otp'}]},
{ 'method': 'config_mod', 'params': [[], {'defaultshell': '/bin/bash'}]},
{ 'method': 'pwpolicy_add', 'params': [['admins'], {'minlife': 0, 'maxlife': 0, 'priority': 1}]},
{ 'method': 'dnsrecord_add', 'params': [['${int_domain_name}', 'ipa'], {'cname_rec': "${facts['networking']['hostname']}"]},
{ 'method': 'host_add', 'params': [['ipa.${int_domain_name}'], {'force': ''},
{ 'method': 'dnsrecord_add', 'params': [['${int_domain_name}', 'ipa'], {'cname_rec': '${facts['networking']['hostname']}'}]},
{ 'method': 'host_add', 'params': [['ipa.${int_domain_name}'], {'force': ''}]},
{ 'method': 'service_add_principal', 'params': [['HTTP/${fqdn}', 'HTTP/ipa.${int_domain_name}'], {}]},
{ 'method': 'service_add_principal', 'params': [['ldap/${fqdn}', 'ldap/ipa.${int_domain_name}'], {}]},
)
|EOF

Expand All @@ -330,47 +326,24 @@
require => Exec['ipa-install'],
}

# Configure the password of the admin accounts to never expire
~> exec { 'ipa_admin_passwd_reset':
command => 'echo -e "$IPA_ADMIN_PASSWD\n$IPA_ADMIN_PASSWD\n$IPA_ADMIN_PASSWD" | kinit_wrapper kpasswd',
refreshonly => true,
environment => ["IPA_ADMIN_PASSWD=${admin_password}"],
path => ['/bin', '/usr/bin', '/sbin','/usr/sbin'],
}

exec { 'ipa_add_host_ipa':
command => "kinit_wrapper ipa host-add ipa.${int_domain_name} --force",
refreshonly => true,
require => [File['kinit_wrapper'],],
environment => ["IPA_ADMIN_PASSWD=${admin_password}"],
path => ['/bin', '/usr/bin', '/sbin','/usr/sbin'],
subscribe => Exec['ipa-install'],
}

exec { 'ipa_add_service_principal_http':
command => "kinit_wrapper ipa service-add-principal HTTP/${fqdn} HTTP/ipa.${int_domain_name}",
exec { 'ipa_server_base_config':
command => 'kinit_wrapper ipa console /etc/ipa/ipa_server_base_config.py',
refreshonly => true,
require => [
File['kinit_wrapper'],
Exec['ipa_add_record_CNAME'],
Exec['ipa_add_host_ipa'],
File['/etc/ipa/ipa_server_base_config.py'],
Exec['ipa-install'],
],
subscribe => File['/etc/ipa/ipa_server_base_config.py'],
environment => ["IPA_ADMIN_PASSWD=${admin_password}"],
path => ['/bin', '/usr/bin', '/sbin','/usr/sbin'],
subscribe => Exec['ipa-install'],
}

exec { 'ipa_add_service_principal_ldap':
command => "kinit_wrapper ipa service-add-principal ldap/${fqdn} ldap/ipa.${int_domain_name}",
# Configure the password of the admin accounts to never expire
~> exec { 'ipa_admin_passwd_reset':
command => 'echo -e "$IPA_ADMIN_PASSWD\n$IPA_ADMIN_PASSWD\n$IPA_ADMIN_PASSWD" | kinit_wrapper kpasswd',
refreshonly => true,
require => [
File['kinit_wrapper'],
Exec['ipa_add_record_CNAME'],
Exec['ipa_add_host_ipa'],
],
environment => ["IPA_ADMIN_PASSWD=${admin_password}"],
path => ['/bin', '/usr/bin', '/sbin','/usr/sbin'],
subscribe => Exec['ipa-install'],
}

$regen_cert_cmd = 'ipa-getcert list | grep -oP "Request ID \'\K[^\']+" | xargs -I \'{}\' ipa-getcert resubmit -i \'{}\' -w'
Expand Down

0 comments on commit 6606068

Please sign in to comment.