ASDPLNG-80: Create puppet-profile_motd
This commit is contained in:
parent
7384f0857a
commit
f91dc48802
@ -16,6 +16,7 @@ mod 'ncsa/profile_allow_ssh_from_bastion', tag: 'v0.2.0', git: 'https://github.c
|
||||
# mod 'ncsa/profile_chrony', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_chrony'
|
||||
# mod 'ncsa/profile_email', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_email'
|
||||
# mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall'
|
||||
mod 'ncsa/profile_motd', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_motd'
|
||||
mod 'ncsa/profile_pam_access', tag: 'v0.0.4', git: 'https://github.com/ncsa/puppet-profile_pam_access'
|
||||
# mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master'
|
||||
mod 'ncsa/profile_sudo', tag: 'v0.1.1', git: 'https://github.com/ncsa/puppet-profile_sudo'
|
||||
|
@ -5,10 +5,10 @@ class profile::base {
|
||||
include ::profile_additional_yumrepos
|
||||
include ::profile_allow_ssh_from_bastion
|
||||
# include ::profile_email
|
||||
include ::profile_motd
|
||||
include ::profile_pam_access
|
||||
include ::profile_sudo
|
||||
# include ::profile_timezone
|
||||
# include ::profile::sssd
|
||||
include ::profile_system_auth
|
||||
include ::profile_virtual
|
||||
include ::sshd
|
||||
|
@ -1,54 +0,0 @@
|
||||
# Configure SSSD for use with LDAP and Kerberos
|
||||
#
|
||||
# @summary Configure SSSD for use with LDAP and Kerberos
|
||||
# Requires ncsa/sssd and bodgit/sssd as dependancy.
|
||||
#
|
||||
# @example
|
||||
# include profile::sssd
|
||||
class profile::sssd (
|
||||
# PARAMETERS: general
|
||||
Boolean $enablemkhomedir,
|
||||
Array[String] $authconfig_pkgs,
|
||||
#String $cacert-content,
|
||||
#String $cacert-file-path,
|
||||
|
||||
) {
|
||||
|
||||
# INSTALL INCOMMON ROOT CA
|
||||
# TODO - make this a paramter, then use a hiera interpolation lookup in hiera
|
||||
#file { ${cacert-file-path} :
|
||||
# content => "${cacert-content}",
|
||||
# mode => '0444',
|
||||
# before => Service['sssd'],
|
||||
#}
|
||||
|
||||
include ::sssd
|
||||
|
||||
# ENABLE MKHOMEDIR (create homedir on first login)
|
||||
ensure_packages( $authconfig_pkgs )
|
||||
# create appropriate args
|
||||
if $enablemkhomedir {
|
||||
$authconfig_args = ['--enablemkhomedir', '--enablesssd', '--enablesssdauth']
|
||||
}
|
||||
else {
|
||||
$authconfig_args = ['--disablemkhomedir', '--enablesssd', '--enablesssdauth']
|
||||
}
|
||||
$authconfig_args_f = join($authconfig_args, ' ')
|
||||
# run authconfig
|
||||
exec { 'enablesssdauth':
|
||||
path => '/bin/:/sbin/:/usr/bin/:/usr/sbin/',
|
||||
onlyif => 'test `grep -i "SSSD" /etc/sysconfig/authconfig | grep "=yes" | wc -l` -lt 2',
|
||||
command => "authconfig ${authconfig_args_f} --updateall", # should we just be using '--update'?
|
||||
}
|
||||
|
||||
# ENSURE SSSD SERVICE IS RESTARTED IF/WHEN ANY KRB5 CFG FILES CHANGE
|
||||
# $krb_cfgfile_data = lookup( 'system_authnz::kerberos::cfg_file_settings',
|
||||
# Hash,
|
||||
# 'hash' )
|
||||
# # setup a "notify" relationship from filename to service
|
||||
# $krb_cfgfile_data.each() | $filename, $junk | {
|
||||
# File[ $filename ] ~> Class[ '::sssd::service' ]
|
||||
# }
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user