diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-30 20:10:34 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-30 20:10:34 +0200 |
| commit | e5cc123b5d9d871cf20ea947df9352a54a007b7b (patch) | |
| tree | 8c3002f94a4bf4f8789a43f87fa328cdb7eceb87 | |
| parent | 54460a893b4266d88fe23eb114a5b4e8a5b79077 (diff) | |
| parent | d83778a66ca5effd6489fc56be2834adcf93fa58 (diff) | |
| download | Puppet-e5cc123b5d9d871cf20ea947df9352a54a007b7b.tar.gz Puppet-e5cc123b5d9d871cf20ea947df9352a54a007b7b.tar.zst Puppet-e5cc123b5d9d871cf20ea947df9352a54a007b7b.zip | |
Merge branch 'dev'
| -rw-r--r-- | modules/base_installation/manifests/ldap.pp | 62 | ||||
| -rwxr-xr-x | scripts/arch_install_script.sh | 4 |
2 files changed, 35 insertions, 31 deletions
diff --git a/modules/base_installation/manifests/ldap.pp b/modules/base_installation/manifests/ldap.pp index d5d871c..5a35327 100644 --- a/modules/base_installation/manifests/ldap.pp +++ b/modules/base_installation/manifests/ldap.pp | |||
| @@ -22,46 +22,48 @@ class base_installation::ldap inherits base_installation { | |||
| 22 | } | 22 | } |
| 23 | 23 | ||
| 24 | $password_seed = lookup("base_installation::puppet_pass_seed") | 24 | $password_seed = lookup("base_installation::puppet_pass_seed") |
| 25 | $ldap_server = lookup("base_installation::ldap_server") | 25 | unless empty(find_file($password_seed)) { |
| 26 | $ldap_base = lookup("base_installation::ldap_base") | 26 | $ldap_server = lookup("base_installation::ldap_server") |
| 27 | $ldap_dn = lookup("base_installation::ldap_dn") | 27 | $ldap_base = lookup("base_installation::ldap_base") |
| 28 | $ldap_password = generate_password(24, $password_seed, "ldap") | 28 | $ldap_dn = lookup("base_installation::ldap_dn") |
| 29 | $ldap_attribute = "uid" | 29 | $ldap_password = generate_password(24, $password_seed, "ldap") |
| 30 | $ldap_attribute = "uid" | ||
| 30 | 31 | ||
| 31 | ensure_packages(["pam_ldap", "ruby-augeas"]) | 32 | ensure_packages(["pam_ldap", "ruby-augeas"]) |
| 32 | file { "/etc/pam_ldap.conf": | 33 | file { "/etc/pam_ldap.conf": |
| 33 | ensure => "present", | 34 | ensure => "present", |
| 34 | mode => "0400", | 35 | mode => "0400", |
| 35 | owner => "root", | 36 | owner => "root", |
| 36 | group => "root", | 37 | group => "root", |
| 37 | content => template("base_installation/ldap/pam_ldap.conf.erb"), | 38 | content => template("base_installation/ldap/pam_ldap.conf.erb"), |
| 38 | } | ||
| 39 | |||
| 40 | ["system-auth", "passwd"].each |$service| { | ||
| 41 | pam { "Allow to change ldap password via $service": | ||
| 42 | ensure => present, | ||
| 43 | service => $service, | ||
| 44 | type => "password", | ||
| 45 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", | ||
| 46 | module => "pam_ldap.so", | ||
| 47 | arguments => "ignore_unknown_user", | ||
| 48 | position => 'before *[type="password" and module="pam_unix.so"]', | ||
| 49 | require => Package["ruby-augeas"], | ||
| 50 | } | 39 | } |
| 51 | } | ||
| 52 | 40 | ||
| 53 | ["system-auth", "su", "su-l"].each |$service| { | 41 | ["system-auth", "passwd"].each |$service| { |
| 54 | ["auth", "account"].each |$type| { | 42 | pam { "Allow to change ldap password via $service": |
| 55 | pam { "Allow $service to $type with ldap password": | ||
| 56 | ensure => present, | 43 | ensure => present, |
| 57 | service => $service, | 44 | service => $service, |
| 58 | type => $type, | 45 | type => "password", |
| 59 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", | 46 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", |
| 60 | module => "pam_ldap.so", | 47 | module => "pam_ldap.so", |
| 61 | arguments => "ignore_unknown_user", | 48 | arguments => "ignore_unknown_user", |
| 62 | position => "before *[type=\"$type\" and module=\"pam_unix.so\"]", | 49 | position => 'before *[type="password" and module="pam_unix.so"]', |
| 63 | require => Package["ruby-augeas"], | 50 | require => Package["ruby-augeas"], |
| 64 | } | 51 | } |
| 65 | } | 52 | } |
| 53 | |||
| 54 | ["system-auth", "su", "su-l"].each |$service| { | ||
| 55 | ["auth", "account"].each |$type| { | ||
| 56 | pam { "Allow $service to $type with ldap password": | ||
| 57 | ensure => present, | ||
| 58 | service => $service, | ||
| 59 | type => $type, | ||
| 60 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", | ||
| 61 | module => "pam_ldap.so", | ||
| 62 | arguments => "ignore_unknown_user", | ||
| 63 | position => "before *[type=\"$type\" and module=\"pam_unix.so\"]", | ||
| 64 | require => Package["ruby-augeas"], | ||
| 65 | } | ||
| 66 | } | ||
| 67 | } | ||
| 66 | } | 68 | } |
| 67 | } | 69 | } |
diff --git a/scripts/arch_install_script.sh b/scripts/arch_install_script.sh index 2d0d695..3f99ec9 100755 --- a/scripts/arch_install_script.sh +++ b/scripts/arch_install_script.sh | |||
| @@ -9,7 +9,9 @@ rm -rf $CODE_PATH | |||
| 9 | pacman-key --init | 9 | pacman-key --init |
| 10 | pacman-key --populate archlinux | 10 | pacman-key --populate archlinux |
| 11 | 11 | ||
| 12 | git clone -b $git_branch --recursive https://git.immae.eu/perso/Immae/Projets/Puppet.git $CODE_PATH | 12 | git clone -b $git_branch https://git.immae.eu/perso/Immae/Projets/Puppet.git $CODE_PATH |
| 13 | cd $CODE_PATH | ||
| 14 | git submodule update --init | ||
| 13 | 15 | ||
| 14 | export FACTER_in_chroot="yes" | 16 | export FACTER_in_chroot="yes" |
| 15 | puppet apply --environment $environment --tags base_installation --modulepath $CODE_PATH/modules:$CODE_PATH/external_modules --test $CODE_PATH/manifests/site.pp | 17 | puppet apply --environment $environment --tags base_installation --modulepath $CODE_PATH/modules:$CODE_PATH/external_modules --test $CODE_PATH/manifests/site.pp |