Puppet Class: sssd::config

Defined in:
manifests/config.pp

Overview

Configuration class called from sssd.

Sets up the “[sssd]“ section of ‘/etc/sssd/sssd.conf’, and, optionally, a domain section for the IPA domain to which the host is joined. When the IPA domain is configured, the IPA domain is automatically added to “$domains“ to generate the list of domains in the “[sssd]“ section.

Parameters:

  • authoritative (Boolean) (defaults to: pick(getvar("${module_name}::authoritative"), false))

    Set to ‘true` to purge unmanaged configuration files

Author:



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'manifests/config.pp', line 15

class sssd::config (
  Boolean $authoritative = pick(getvar("${module_name}::authoritative"), false)
){
  assert_private()

  include $module_name

  if ($sssd::auto_add_ipa_domain and $facts['ipa']) {
    # this host has joined an IPA domain
    $_domains = unique(concat($sssd::domains, $facts['ipa']['domain']))
    include 'sssd::config::ipa_domain'
  }
  else {
    $_domains = unique($sssd::domains)
  }

  $_debug_level           = $sssd::debug_level
  $_debug_timestamps      = $sssd::debug_timestamps
  $_debug_microseconds    = $sssd::debug_microseconds
  $_description           = $sssd::description
  $_enable_files_domain   = $sssd::enable_files_domain
  $_config_file_version   = $sssd::config_file_version
  $_services              = $sssd::services
  $_reconnection_retries  = $sssd::reconnection_retries
  $_re_expression         = $sssd::re_expression
  $_full_name_format      = $sssd::full_name_format
  $_try_inotify           = $sssd::try_inotify
  $_krb5_rcache_dir       = $sssd::krb5_rcache_dir
  $_user                  = $sssd::user
  $_default_domain_suffix = $sssd::default_domain_suffix
  $_override_space        = $sssd::override_space

  if $sssd::include_svc_config {
    $_services.each | $service | {
      include "sssd::service::${service}"
    }
  }

  file { '/etc/sssd':
    ensure => 'directory',
    mode   => 'go-rw'
  }

  file { '/etc/sssd/conf.d':
    ensure  => 'directory',
    purge   => $authoritative,
    recurse => true
  }

  unless $authoritative {
    tidy { '/etc/sssd/conf.d':
      matches => '*_puppet_*.conf',
      recurse => true
    }
  }

  file { '/etc/sssd/sssd.conf':
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    content => template("${module_name}/sssd.conf.erb"),
    notify  => Class["${module_name}::service"]
  }
}