Add LDAP support

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2017-08-30 22:16:39 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2017-08-31 22:59:53 +0200
commit: 548061112d2e2627317f9379d2f501fcf3f6ea54 (patch)
tree: 19fb949ad1fb965b4705897650809b4ffb6e9f29 /modules/base_installation/manifests
parent: 1508e956adaa97b7a82c27537f4b124266dacdf0 (diff)
download: Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.tar.gz
Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.tar.zst
Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.zip
4 files changed, 99 insertions, 0 deletions
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
index 65c5178..f9fdcd4 100644
--- a/modules/base_installation/manifests/init.pp
+++ b/modules/base_installation/manifests/init.pp
@@ -1,6 +1,15 @@
 class base_installation (
  Optional[String]        $grub_device      = $base_installation::params::grub_device,
+  Optional[String]        $ldap_base        = $base_installation::params::ldap_base,
+  Optional[String]        $ldap_cert_path   = $base_installation::params::ldap_cert_path,
+  Optional[String]        $ldap_cn          = $base_installation::params::ldap_cn,
+  Optional[String]        $ldap_dn          = $base_installation::params::ldap_dn,
+  Optional[String]        $ldap_server      = $base_installation::params::ldap_server,
+  Optional[String]        $ldap_uri         = $base_installation::params::ldap_uri,
  Optional[String]        $puppet_code_path = $base_installation::params::puppet_code_path,
+  Optional[String]        $puppet_conf_path = $base_installation::params::puppet_conf_path,
+  Optional[String]        $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
+  Optional[String]        $puppet_ssl_path  = $base_installation::params::puppet_ssl_path,
  Optional[String]        $system_hostname  = $base_installation::params::system_hostname,
  Optional[Array[String]] $system_locales   = $base_installation::params::system_locales,
  Optional[String]        $system_timezone  = $base_installation::params::system_timezone,
@@ -15,7 +24,9 @@ class base_installation (
  contain ::base_installation::logs
  contain ::base_installation::cronie
  contain ::base_installation::ssh
+  contain ::base_installation::ldap
  contain ::base_installation::services
  contain ::base_installation::users
  contain ::base_installation::package_managers
+  contain ::base_installation::puppet
 }
diff --git a/modules/base_installation/manifests/ldap.pp b/modules/base_installation/manifests/ldap.pp
new file mode 100644
index 0000000..1825700
--- /dev/null
+++ b/modules/base_installation/manifests/ldap.pp
@@ -0,0 +1,24 @@
+class base_installation::ldap inherits base_installation {
+  ensure_packages(["openldap"])
+  File {
+    mode  => "0644",
+    owner => "root",
+    group => "root",
+  }
+  file { '/etc/openldap':
+    ensure  => directory,
+    require => Package["openldap"],
+    recurse => true,
+    purge   => true,
+    force   => true,
+  }
+  file { '/etc/openldap/ldap.conf':
+    ensure  => present,
+    content => template("base_installation/ldap/ldap.conf.erb"),
+    require => File['/etc/openldap'],
+  }
+}
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
index f09f01a..c03eb1e 100644
--- a/modules/base_installation/manifests/params.pp
+++ b/modules/base_installation/manifests/params.pp
@@ -1,6 +1,15 @@
 class base_installation::params {
  $puppet_code_path = "/etc/puppetlabs/code"
+  $puppet_conf_path = "/etc/puppetlabs/puppet"
+  $puppet_pass_seed = "/etc/puppetlabs/puppet/password_seed"
+  $puppet_ssl_path  = "/etc/puppetlabs/ssl"
  $grub_device      = "/dev/sda"
+  $ldap_base        = "dc=example,dc=com"
+  $ldap_cn          = "node"
+  $ldap_dn          = "cn=node,ou=hosts,dc=example,dc=com"
+  $ldap_cert_path   = "/etc/ssl/certs/ca-certificates.crt"
+  $ldap_uri         = "ldaps://ldap.example.com"
+  $ldap_server      = "ldap.example.com"
  $system_hostname  = "example.com"
  $system_locales   = ["en_US.UTF-8"]
  $system_timezone  = "UTC"
diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp
new file mode 100644
index 0000000..cd5697a
--- /dev/null
+++ b/modules/base_installation/manifests/puppet.pp
@@ -0,0 +1,55 @@
+class base_installation::puppet (
+  $password_seed = $base_installation::puppet_pass_seed
+) inherits base_installation {
+  File {
+    mode  => "0600",
+    owner => "root",
+    group => "root",
+  }
+  exec { 'generate_password_seed':
+    command     => "/usr/bin/openssl rand -base64 -out $password_seed 256",
+    creates     => $password_seed,
+    environment => "RANDFILE=/dev/null",
+  }
+  unless empty(find_file($password_seed)) {
+    $ldap_password = generate_password(24, $password_seed, "ldap")
+    $ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed")
+    package { 'gem:ruby-ldap':
+      name            => "ruby-ldap",
+      ensure          => present,
+      provider        => "gem",
+      install_options => "--no-user-install"
+    }
+    file { $password_seed:
+      mode => "0600",
+    }
+    file { $base_installation::puppet_conf_path:
+      ensure  => directory,
+      require => [Package["puppet"], Package["gem:ruby-ldap"]],
+      recurse => true,
+      purge   => true,
+      force   => true,
+    }
+    file { "$base_installation::puppet_conf_path/puppet.conf":
+      content => template("base_installation/puppet/puppet.conf.erb"),
+      require => File[$base_installation::puppet_conf_path],
+    }
+    file { "$base_installation::puppet_conf_path/host_ldap.info":
+      content => template("base_installation/puppet/host_ldap.info.erb"),
+      require => File[$base_installation::puppet_conf_path],
+      notify  => Notify_refresh["notify-ldap-password"],
+    }
+    notify_refresh { "notify-ldap-password":
+      message     => template("base_installation/puppet/host_ldap.info.erb"),
+      refreshonly => true
+    }
+  }
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2017-08-30 22:16:39 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2017-08-31 22:59:53 +0200
commit	548061112d2e2627317f9379d2f501fcf3f6ea54 (patch)
tree	19fb949ad1fb965b4705897650809b4ffb6e9f29 /modules/base_installation/manifests
parent	1508e956adaa97b7a82c27537f4b124266dacdf0 (diff)
download	Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.tar.gz Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.tar.zst Puppet-548061112d2e2627317f9379d2f501fcf3f6ea54.zip

diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp index 65c5178..f9fdcd4 100644 --- a/modules/base_installation/manifests/init.pp +++ b/modules/base_installation/manifests/init.pp
@@ -1,6 +1,15 @@
1	class base_installation (	1	class base_installation (
2	Optional[String] $grub_device = $base_installation::params::grub_device,	2	Optional[String] $grub_device = $base_installation::params::grub_device,
		3	Optional[String] $ldap_base = $base_installation::params::ldap_base,
		4	Optional[String] $ldap_cert_path = $base_installation::params::ldap_cert_path,
		5	Optional[String] $ldap_cn = $base_installation::params::ldap_cn,
		6	Optional[String] $ldap_dn = $base_installation::params::ldap_dn,
		7	Optional[String] $ldap_server = $base_installation::params::ldap_server,
		8	Optional[String] $ldap_uri = $base_installation::params::ldap_uri,
3	Optional[String] $puppet_code_path = $base_installation::params::puppet_code_path,	9	Optional[String] $puppet_code_path = $base_installation::params::puppet_code_path,
		10	Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path,
		11	Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
		12	Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path,
4	Optional[String] $system_hostname = $base_installation::params::system_hostname,	13	Optional[String] $system_hostname = $base_installation::params::system_hostname,
5	Optional[Array[String]] $system_locales = $base_installation::params::system_locales,	14	Optional[Array[String]] $system_locales = $base_installation::params::system_locales,
6	Optional[String] $system_timezone = $base_installation::params::system_timezone,	15	Optional[String] $system_timezone = $base_installation::params::system_timezone,
@@ -15,7 +24,9 @@ class base_installation (
15	contain ::base_installation::logs	24	contain ::base_installation::logs
16	contain ::base_installation::cronie	25	contain ::base_installation::cronie
17	contain ::base_installation::ssh	26	contain ::base_installation::ssh
		27	contain ::base_installation::ldap
18	contain ::base_installation::services	28	contain ::base_installation::services
19	contain ::base_installation::users	29	contain ::base_installation::users
20	contain ::base_installation::package_managers	30	contain ::base_installation::package_managers
		31	contain ::base_installation::puppet
21	}	32	}


diff --git a/modules/base_installation/manifests/ldap.pp b/modules/base_installation/manifests/ldap.pp new file mode 100644 index 0000000..1825700 --- /dev/null +++ b/modules/base_installation/manifests/ldap.pp
@@ -0,0 +1,24 @@
		1	class base_installation::ldap inherits base_installation {
		2	ensure_packages(["openldap"])
		3
		4	File {
		5	mode => "0644",
		6	owner => "root",
		7	group => "root",
		8	}
		9
		10	file { '/etc/openldap':
		11	ensure => directory,
		12	require => Package["openldap"],
		13	recurse => true,
		14	purge => true,
		15	force => true,
		16	}
		17
		18	file { '/etc/openldap/ldap.conf':
		19	ensure => present,
		20	content => template("base_installation/ldap/ldap.conf.erb"),
		21	require => File['/etc/openldap'],
		22	}
		23
		24	}


diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp index f09f01a..c03eb1e 100644 --- a/modules/base_installation/manifests/params.pp +++ b/modules/base_installation/manifests/params.pp
@@ -1,6 +1,15 @@
1	class base_installation::params {	1	class base_installation::params {
2	$puppet_code_path = "/etc/puppetlabs/code"	2	$puppet_code_path = "/etc/puppetlabs/code"
		3	$puppet_conf_path = "/etc/puppetlabs/puppet"
		4	$puppet_pass_seed = "/etc/puppetlabs/puppet/password_seed"
		5	$puppet_ssl_path = "/etc/puppetlabs/ssl"
3	$grub_device = "/dev/sda"	6	$grub_device = "/dev/sda"
		7	$ldap_base = "dc=example,dc=com"
		8	$ldap_cn = "node"
		9	$ldap_dn = "cn=node,ou=hosts,dc=example,dc=com"
		10	$ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt"
		11	$ldap_uri = "ldaps://ldap.example.com"
		12	$ldap_server = "ldap.example.com"
4	$system_hostname = "example.com"	13	$system_hostname = "example.com"
5	$system_locales = ["en_US.UTF-8"]	14	$system_locales = ["en_US.UTF-8"]
6	$system_timezone = "UTC"	15	$system_timezone = "UTC"


diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp new file mode 100644 index 0000000..cd5697a --- /dev/null +++ b/modules/base_installation/manifests/puppet.pp
@@ -0,0 +1,55 @@
		1	class base_installation::puppet (
		2	$password_seed = $base_installation::puppet_pass_seed
		3	) inherits base_installation {
		4	File {
		5	mode => "0600",
		6	owner => "root",
		7	group => "root",
		8	}
		9
		10	exec { 'generate_password_seed':
		11	command => "/usr/bin/openssl rand -base64 -out $password_seed 256",
		12	creates => $password_seed,
		13	environment => "RANDFILE=/dev/null",
		14	}
		15
		16	unless empty(find_file($password_seed)) {
		17	$ldap_password = generate_password(24, $password_seed, "ldap")
		18	$ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed")
		19
		20	package { 'gem:ruby-ldap':
		21	name => "ruby-ldap",
		22	ensure => present,
		23	provider => "gem",
		24	install_options => "--no-user-install"
		25	}
		26
		27	file { $password_seed:
		28	mode => "0600",
		29	}
		30
		31	file { $base_installation::puppet_conf_path:
		32	ensure => directory,
		33	require => [Package["puppet"], Package["gem:ruby-ldap"]],
		34	recurse => true,
		35	purge => true,
		36	force => true,
		37	}
		38
		39	file { "$base_installation::puppet_conf_path/puppet.conf":
		40	content => template("base_installation/puppet/puppet.conf.erb"),
		41	require => File[$base_installation::puppet_conf_path],
		42	}
		43
		44	file { "$base_installation::puppet_conf_path/host_ldap.info":
		45	content => template("base_installation/puppet/host_ldap.info.erb"),
		46	require => File[$base_installation::puppet_conf_path],
		47	notify => Notify_refresh["notify-ldap-password"],
		48	}
		49
		50	notify_refresh { "notify-ldap-password":
		51	message => template("base_installation/puppet/host_ldap.info.erb"),
		52	refreshonly => true
		53	}
		54	}
		55	}