diff --git a/lib/facter/ipa_facts.rb b/lib/facter/ipa_facts.rb index d4b9c53..ad5631f 100644 --- a/lib/facter/ipa_facts.rb +++ b/lib/facter/ipa_facts.rb @@ -1,6 +1,14 @@ require 'facter' require 'resolv' +Facter.add('ipa_client_version') do + setcode do + if Facter::Util::Resolution.which('ipa-client-install') + Facter::Util::Resolution.exec('ipa-client-install --version') + end + end +end + if File.exist?('/etc/sssd/sssd.conf') && sssd = File.readlines('/etc/sssd/sssd.conf') sssd.each do |line| case line diff --git a/manifests/init.pp b/manifests/init.pp index 2b0576e..919e3b3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -53,6 +53,9 @@ # $sshd:: Enable SSHD Integration # Default: true # +# $subid:: Use SSSD as subid provider +# Default: false +# # $sudo:: Enable sudoers management # Default: true # @@ -102,12 +105,14 @@ $ntp = $ipaclient::params::ntp, $options = $ipaclient::params::options, $package = $ipaclient::params::package, + $package_options = $ipaclient::params::package_options, $password = $ipaclient::params::password, $principal = $ipaclient::params::principal, $realm = $ipaclient::params::realm, $server = $ipaclient::params::server, $ssh = $ipaclient::params::ssh, $sshd = $ipaclient::params::sshd, + $subid = $ipaclient::params::subid, $sudo = $ipaclient::params::sudo, $hostname = $ipaclient::params::hostname, $force_join = $ipaclient::params::force_join @@ -115,6 +120,7 @@ package { $package: ensure => installed, + install_options => $package_options, } if !str2bool($::ipa_enrolled) { @@ -194,6 +200,14 @@ $opt_force = '' } + if !empty($::ipa_client_version) and + versioncmp($::ipa_client_version, "4.9.10") >= 0 and + str2bool($subid) { + $opt_subid = '--subid' + } else { + $opt_subid = '' + } + if !str2bool($sudo) { $opt_sudo = '--no-sudo' } else { @@ -209,14 +223,19 @@ # Flatten the arrays, delete empty options, and shellquote everything $command = shellquote(delete(flatten([$installer,$opt_realm,$opt_password, $opt_principal,$opt_mkhomedir,$opt_domain,$opt_hostname, - $opt_server,$opt_fixed_primary,$opt_ssh,$opt_sshd,$opt_ntp,$opt_sudo, - $opt_force,$opt_force_join,$options,'--unattended']), '')) + $opt_server,$opt_fixed_primary,$opt_ssh,$opt_sshd,$opt_ntp, + $opt_sudo,$opt_subid,$opt_force,$opt_force_join,$options, + '--unattended']), '')) - exec { 'ipa_installer': - command => $command, - unless => "/usr/sbin/ipa-client-install -U 2>&1 \ - | /bin/grep -q 'already configured'", - require => Package[$package], + # Make sure we can collect the `ipa_client_version` fact first + # Makes us run twice, though :( + if !empty($::ipa_client_version) { + exec { 'ipa_installer': + command => $command, + unless => "/usr/sbin/ipa-client-install -U 2>&1 \ + | /bin/grep -q 'already configured'", + require => Package[$package], + } } $installer_resource = Exec['ipa_installer'] diff --git a/manifests/params.pp b/manifests/params.pp index 6e9bdfb..6fd5b4c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -15,6 +15,7 @@ $sshd = true $automount = false $mkhomedir = true + $subid = false $sudo = true $fixed_primary = false $options = '' @@ -28,6 +29,7 @@ $sssd_sudo_smart_refresh = '' $sssd_default_domain_suffix = '' $force_join = false + $package_options = [] # Determine if client needs manual sudo configuration or not # RHEL <=6.5 requires manual configuration diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 3027997..80a39be 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -97,17 +97,20 @@ # Selecting the right provider is a PITA if empty($::sssd_version) { case $::osfamily { - RedHat: { + 'RedHat': { if (versioncmp($::operatingsystemrelease, '6.6') >= 0) { $ipa_provider = 'ipa' } else { $ipa_provider = 'ldap' } } - Debian: { + 'Debian': { if (versioncmp($::operatingsystemrelease, '14.04') >= 0 and $::operatingsystem == 'Ubuntu') { $ipa_provider = 'ipa' + } elsif (versioncmp($::operatingsystemrelease, '7.0') >= 0 and + ($::operatingsystem == 'Debian' or $::operatingsystem == 'Raspbian')) { + $ipa_provider = 'ipa' } else { $ipa_provider = 'ldap' }