From f91dc48802aae37bf1843702534aa6499ccc574a Mon Sep 17 00:00:00 2001 From: Bill Glick Date: Thu, 4 Mar 2021 08:23:12 -0600 Subject: [PATCH] ASDPLNG-80: Create puppet-profile_motd --- Puppetfile | 1 + site-modules/profile/manifests/base.pp | 2 +- site-modules/profile/manifests/sssd.pp | 54 -------------------------- 3 files changed, 2 insertions(+), 55 deletions(-) delete mode 100644 site-modules/profile/manifests/sssd.pp diff --git a/Puppetfile b/Puppetfile index 3db544b..872751a 100644 --- a/Puppetfile +++ b/Puppetfile @@ -16,6 +16,7 @@ mod 'ncsa/profile_allow_ssh_from_bastion', tag: 'v0.2.0', git: 'https://github.c # mod 'ncsa/profile_chrony', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_chrony' # mod 'ncsa/profile_email', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_email' # mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall' +mod 'ncsa/profile_motd', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_motd' mod 'ncsa/profile_pam_access', tag: 'v0.0.4', git: 'https://github.com/ncsa/puppet-profile_pam_access' # mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master' mod 'ncsa/profile_sudo', tag: 'v0.1.1', git: 'https://github.com/ncsa/puppet-profile_sudo' diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index 0afea1f..4742d45 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -5,10 +5,10 @@ class profile::base { include ::profile_additional_yumrepos include ::profile_allow_ssh_from_bastion # include ::profile_email + include ::profile_motd include ::profile_pam_access include ::profile_sudo # include ::profile_timezone -# include ::profile::sssd include ::profile_system_auth include ::profile_virtual include ::sshd diff --git a/site-modules/profile/manifests/sssd.pp b/site-modules/profile/manifests/sssd.pp deleted file mode 100644 index f3e0b4b..0000000 --- a/site-modules/profile/manifests/sssd.pp +++ /dev/null @@ -1,54 +0,0 @@ -# Configure SSSD for use with LDAP and Kerberos -# -# @summary Configure SSSD for use with LDAP and Kerberos -# Requires ncsa/sssd and bodgit/sssd as dependancy. -# -# @example -# include profile::sssd -class profile::sssd ( - # PARAMETERS: general - Boolean $enablemkhomedir, - Array[String] $authconfig_pkgs, - #String $cacert-content, - #String $cacert-file-path, - -) { - - # INSTALL INCOMMON ROOT CA - # TODO - make this a paramter, then use a hiera interpolation lookup in hiera - #file { ${cacert-file-path} : - # content => "${cacert-content}", - # mode => '0444', - # before => Service['sssd'], - #} - - include ::sssd - - # ENABLE MKHOMEDIR (create homedir on first login) - ensure_packages( $authconfig_pkgs ) - # create appropriate args - if $enablemkhomedir { - $authconfig_args = ['--enablemkhomedir', '--enablesssd', '--enablesssdauth'] - } - else { - $authconfig_args = ['--disablemkhomedir', '--enablesssd', '--enablesssdauth'] - } - $authconfig_args_f = join($authconfig_args, ' ') - # run authconfig - exec { 'enablesssdauth': - path => '/bin/:/sbin/:/usr/bin/:/usr/sbin/', - onlyif => 'test `grep -i "SSSD" /etc/sysconfig/authconfig | grep "=yes" | wc -l` -lt 2', - command => "authconfig ${authconfig_args_f} --updateall", # should we just be using '--update'? - } - - # ENSURE SSSD SERVICE IS RESTARTED IF/WHEN ANY KRB5 CFG FILES CHANGE -# $krb_cfgfile_data = lookup( 'system_authnz::kerberos::cfg_file_settings', -# Hash, -# 'hash' ) -# # setup a "notify" relationship from filename to service -# $krb_cfgfile_data.each() | $filename, $junk | { -# File[ $filename ] ~> Class[ '::sssd::service' ] -# } - -} -