11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# File 'manifests/client.pp', line 11
class ipa::client (
Optional[Array[String]] $package_name = undef,
Boolean $force_join = false,
) {
assert_private()
unless $ipa::domain_join_password {
fail("When creating a ${ipa::ipa_role} the parameter named domain_join_password cannot be empty.")
}
unless $ipa::ipa_master_fqdn {
fail("When creating a ${ipa::ipa_role} the parameter named ipa_master_fqdn cannot be empty.")
}
stdlib::ensure_packages($package_name)
if $ipa::mkhomedir {
$client_install_cmd_opts_mkhomedir = '--mkhomedir'
} else {
$client_install_cmd_opts_mkhomedir = ''
}
if $ipa::fixed_primary {
$client_install_cmd_opts_fixed_primary = '--fixed-primary'
} else {
$client_install_cmd_opts_fixed_primary = ''
}
if $ipa::configure_ntp {
$client_install_cmd_opts_no_ntp = ''
} else {
$client_install_cmd_opts_no_ntp = '--no-ntp'
}
if $ipa::enable_dns_updates {
$client_install_cmd_opts_dns_updates = '--enable-dns-updates'
} else {
$client_install_cmd_opts_dns_updates = ''
}
if $ipa::enable_hostname {
$client_install_cmd_opts_hostname = "--hostname=${fact('networking.fqdn')}"
} else {
$client_install_cmd_opts_hostname = ''
}
if $force_join {
$client_install_cmd_opts_force_join= '--force-join'
} else {
$client_install_cmd_opts_force_join = ''
}
$client_install_cmd = "\
/usr/sbin/ipa-client-install \
--server=${ipa::ipa_master_fqdn} \
--realm=${ipa::final_realm} \
--domain=${ipa::domain} \
--principal='${ipa::domain_join_principal.unwrap}' \
--password=\"\${IPA_DOMAIN_JOIN_PASSWORD}\" \
${client_install_cmd_opts_dns_updates} \
${client_install_cmd_opts_hostname} \
${client_install_cmd_opts_mkhomedir} \
${client_install_cmd_opts_fixed_primary} \
${client_install_cmd_opts_no_ntp} \
${client_install_cmd_opts_force_join} \
${ipa::opt_no_ssh} \
${ipa::opt_no_sshd} \
--unattended"
exec { 'ipa-client-install':
environment => "IPA_DOMAIN_JOIN_PASSWORD=${ipa::domain_join_password.unwrap}",
command => $client_install_cmd,
timeout => 0,
unless => "cat /etc/ipa/default.conf | grep -i \"${ipa::domain}\"",
creates => '/etc/ipa/default.conf',
logoutput => on_failure,
provider => shell,
require => Package[$package_name],
}
if fact('os.family') == 'Debian' and $ipa::mkhomedir {
contain ipa::client::debian
}
}
|