Take a look at your /etc/krb5.conf file. This configures the Kerberos network authentication service. It is not configured on these machines, so your default realm should be set to EXAMPLE.COM. If we were to write classes that could use Kerberos authentication, it would likely be useful to know what this is set to.
Your task is to write a default_realm fact to expose this information as a global variable. Using the command line to parse this value might look something like
awk '/default_realm/{print $NF}' /etc/krb5.conf
-
Change directory to your
[modulepath]$ cd $(puppet agent --configprint environmentpath)/production/modules -
Create a new module
kerberoswith thepdkcommand.$ pdk new module -
You will see several questions requiring an answer. Enter the answers as you see below:
Replace the N in studentN with your student number, e.g.
student8Question Answer Module Name kerberosForge Name studentNCredit author Student NLicense Apache-2.0Operating systems RedHat -
Change directories to
kerberos. -
Create your
default_realm.rbcustom fact.- Edit
lib/facter/default_realm.rb - Execute the sample shell command as a
setcodestring.
- Edit
-
Syntax check and test your new fact locally.
/opt/puppetlabs/puppet/bin/ruby -c lib/facter/default_realm.rbRUBYLIB="kerberos/lib" facter default_realm
-
Deploy your codebase.
-
Trigger pluginsync as part of a Puppet run:
puppet agent -t -
Review the log output. You should see the md5 hash of the file as it syncs.
-
Syntax check the fact file.
ruby -c $(puppet config print plugindest)/facter/default_realm.rb -
Run facter to retrieve the value of your fact.
facter -p default_realm
A full fledged development workstation would likely have Puppet available locally, meaning that you could validate code before deploying and syncing.
[root@training modules]# tree kerberos/
kerberos/
└── lib
└── facter
└── default_realm.rb
Facter.add("default_realm") do
setcode "/bin/awk '/^#/ {next} /default_realm/{print $NF}' /etc/krb5.conf"
end| Previous Lab | Next Lab |