Skip to content

Latest commit

 

History

History
497 lines (287 loc) · 12.7 KB

REFERENCE.md

File metadata and controls

497 lines (287 loc) · 12.7 KB

Reference

Table of Contents

Classes

Public Classes

Private Classes

  • freeipa::install: Installs the packages needed for servers and clients
  • freeipa::install::client: Install freeipa client
  • freeipa::install::server: This class mainly defines options for the ipa install command, then install master or replica regarding the role set.
  • freeipa::install::server::master: Installs freeipa server as master
  • freeipa::install::server::replica: Installs freeipa server as replica

Tasks

  • manage_admin: Manage (create or delete) a FreeIPA admin account

Classes

freeipa

Parameters

Examples

class {'freeipa':
    ipa_role                    => 'master',
    domain                      => 'example.lan',
    ipa_server_fqdn             => 'ipa-server-1.example.lan',
    puppet_admin_password       => 'vagrant123',
    directory_services_password => 'vagrant123',
    install_ipa_server          => true,
    ip_address                  => '10.10.10.35',
    enable_ip_address           => true,
    enable_hostname             => true,
    manage_host_entry           => true,
    install_epel                => true,
    ipa_master_fqdn             => 'ipa-server-1.example.lan',
}

Parameters

The following parameters are available in the freeipa class:

domain

Data type: Stdlib::Fqdn

The name of the IPA domain to create or join.

ipa_role

Data type: Enum['master','replica','client']

What role the node will be.

puppet_admin_password

Data type: Variant[String[8],Sensitive[String[8]]]

Password which will be assigned to the IPA account named admin and used by Puppet.

directory_services_password

Data type: Variant[String[8],Sensitive[String[8]]]

Password which will be passed into the ipa setup's parameter named --ds-password.

autofs_package_name

Data type: String

Name of the autofs package to install if enabled.

Default value: 'autofs'

client_install_ldaputils

Data type: Boolean

If true, then the ldaputils packages are installed if ipa_role is set to client.

Default value: false

configure_dns_server

Data type: Boolean

If true, then install and configure an integrated DNS server, create DNS zone specified by domain, and fill it with service records necessary for IPA deployment.

Default value: true

configure_ntp

Data type: Boolean

If false, then do not configure NTP.

Default value: true

custom_dns_forwarders

Data type: Array[String]

Each element in this array is prefixed with --forwarder and passed to the IPA server installer.

Default value: []

principal_usedto_joindomain

Data type: String

The principal (usually username) used to join a client or replica to the IPA domain.

Default value: 'admin'

password_usedto_joindomain

Data type: Variant[String,Sensitive[String]]

The password for the domain_join_principal.

Default value: $puppet_admin_password

enable_hostname

Data type: Boolean

If true, then the installer flag --hostname is populated with the parameter ipa_server_fqdn and passed to the IPA installer.

Default value: true

enable_ip_address

Data type: Boolean

If true, then the installer flag --ip-address is populated with the parameter ip_address and passed to the IPA installer.

Default value: false

enable_random_serial_numbers

Data type: Boolean

If true, then the installer flag --random-serial-numbers is added during installation Only valid on IPA >= 4.10

Default value: false

enable_zone_overlap

Data type: Boolean

If true, then the installer flag --allow-zone-overlap is defined and passed to the IPA installer

Default value: false

fixed_primary

Data type: Boolean

If true, on client it configure SSSD to use a fixed server as the primary IPA server. The default behavior of client is to use DNS SRV records to determine the primary server to use.

Default value: false

idstart

Data type: Integer[10000]

From the IPA man pages: "The starting user and group id number".

Default value: 60000

install_autofs

Data type: Boolean

If true, then the autofs packages are installed.

Default value: false

install_epel

Data type: Boolean

If true, then the epel repo is installed. The epel repo is usually required for sssd packages.

Default value: true

install_sssdtools

Data type: Boolean

If true, then the sssdtools packages are installed.

Default value: true

ipa_client_package_name

Data type: String

Name of the IPA client package.

Default value:

$facts['os']['family'] ? {
    'Debian' => 'freeipa-client',
    default  => 'ipa-client'
ipa_server_package_name

Data type: String

Name of the IPA server package.

Default value: 'ipa-server'

install_ipa_client

Data type: Boolean

If true, then the IPA client packages are installed if the parameter ipa_role is set to client.

Default value: true

install_ipa_server

Data type: Boolean

If true, then the IPA server packages are installed if the parameter ipa_role is not set to client.

Default value: true

install_sssd

Data type: Boolean

If true, then the sssd packages are installed.

Default value: true

ip_address

Data type: Stdlib::IP::Address

The IP address of this server. If this address does not match the address the host resolves to and configure_dns_server is not true, the installation will fail.

ipa_server_fqdn

Data type: Stdlib::Fqdn

Actual fqdn of the IPA server being configured.

Default value: $facts['networking']['fqdn']

ldaputils_package_name

Data type: String

Name of the ldaputils package.

Default value:

$facts['os']['family'] ? {
    'Debian' => 'ldap-utils',
    default  => 'openldap-clients'
ipa_master_fqdn

Data type: Stdlib::Fqdn

FQDN of the server to use for a client or replica domain join.

manage_host_entry

Data type: Boolean

If true, then a host entry is created using the parameters ipa_server_fqdn and ip_address.

Default value: false

mkhomedir

Data type: Boolean

If true, on client configure PAM to create a users home directory if it does not exist.

Default value: true

webui_redirect

Data type: Boolean

If true, then web requests to URL root / will be redirected to webui https://example.com/ipa/ui.

Default value: true

realm

Data type: Stdlib::Fqdn

The name of the IPA realm to create or join.

Default value: upcase($domain)

server_install_ldaputils

Data type: Boolean

If true, then the ldaputils packages are installed if ipa_role is not set to client.

Default value: true

sssd_package_name

Data type: String

Name of the sssd package.

Default value: 'sssd-common'

sssdtools_package_name

Data type: String

Name of the sssdtools package.

Default value: 'sssd-tools'

install_ca

Data type: Boolean

If true, install and configure a CA even on replica.

Default value: true

external_ca

Data type: Boolean

If true, generate csr to be signed

Default value: false

external_ca_type_ms_cs

Data type: Boolean

If true, add option to csr to be signed by Microsoft AD CA

Default value: false

external_ca_profile

Data type: Array[String]

Array of profiles to define (OID) in the csr to generate

Default value: []

ca_subject

Data type: String

The CA certificate subject DN. (default CN=Certificate Authority,O=). RDNs are in LDAP order (most specific RDN first).

Default value: "CN=Certificate Authority,O=${realm}"

freeipa::helpers::flushcache

Flushcache sss for Debian and RedHat only

Examples

include freeipa::helpers::flushcache

Tasks

manage_admin

Manage (create or delete) a FreeIPA admin account

Supports noop? false

Parameters

operator_login

Data type: String[1]

FreeIPA login of operator running the task

operator_password

Data type: String[1]

Password of operator running the task

login

Data type: String[1]

Login name of managed administrator account

ensure

Data type: Enum['present','absent']

Ensure the login account should exist or not

firstname

Data type: Optional[String[1]]

First name of managed administrator account

lastname

Data type: Optional[String[1]]

Last name of managed administrator account

password

Data type: Optional[String[8]]

Password of managed administrator account