Skip to content
This repository has been archived by the owner on Feb 21, 2024. It is now read-only.

Latest commit

 

History

History
142 lines (111 loc) · 3.45 KB

README.md

File metadata and controls

142 lines (111 loc) · 3.45 KB

terraform-provider-freeipa

Build

Makefile has been made basically and will attempt to crosscompile for all distros. Due to kerberos and using a non-native (no golang) library this requires gcc compiler which breaks very easy across the distributions so your probably end up with failures.

TODO: separate make tasks to specify distro on build for local

make dist

Usage Example

Provider

For a test example you might not of configured your own certificates. If so please download the self-signed certs from <your-domain>/ipa/config/ca.crt and put save to /etc/ipa/ca.crt

provider "freeipa" {
  host     = var.freeipa_host
  username = var.freeipa_username
  password = var.freeipa_password
  base_dn  = var.freeipa_base_dn
}

Arguments:

  • host - host name of IPA server, example ipa.example.com (string, required)
  • username - username for authentication (string, required)
  • password - password for authentication (string, required)
  • base_dn - domain components (dc), example: dc=ipa,dc=example,dc=com (string, required)

User

resource "freeipa_user" "user" {
  uid        = var.uid
  first_name = var.first_name
  last_name  = var.last_name
  email      = var.email
  groups     = var.groups
  uid_number = var.uid_number
  gid_number = var.gid_number
}

Arguments:

  • uid - User name (string, required)
  • first_name - First name (string, required)
  • last_name - Last name (string, required)
  • email - Email address (string, optional, computed)
  • groups - Groups user will be added to (set/list, optional, computed)
  • uid_number - User ID (string, optional, computed)
  • gid_number - Group ID (string, optional, computed)

Group

resource "freeipa_user" "user" {
  gid         = var.gid
  gid_number  = var.gid_number
  description = var.description
}

Arguments:

  • gid - Group Name (string, required)
  • gid_number - Group ID (string, optional, computed)
  • description - Description for group (string, optional, default: "")

DNS zone

resource "freeipa_dnszone" "zone" {
  idnsname = "zone."
  idnssoaretry = 900
  idnssoaminimum = 100
  idnsallowdynupdate = true
}

Arguments can be found in API browser in IPA server under dnszone_add

DNS Record

Example A Record

resource "freeipa_dnsrecord" "arecord" {
  idnsname = "arecord"
  dnszoneidnsname = "zone."
  arecord = ["127.0.0.3", "127.0.0.4"]
}

Example MX Record

resource "freeipa_dnsrecord" "mxrecord" {
  idnsname = "mxrecord"
  dnszoneidnsname = "zone."
  mxrecord = ["0 testmx.pl", "1 testmx2.pl"]
}

Also you can reuse names of zone from main.tf

resource "freeipa_dnsrecord" "mxrecord" {
  idnsname = "mxrecord"
  dnszoneidnsname = freeipa_dnszone.zone.idnsname
  mxrecord = ["0 testmx.pl", "1 testmx2.pl"]
}

Useful docs:

https://www.freeipa.org/page/V2/DNS_Interface_Design#1._New_per-type_structured_API https://www.terraform.io/docs/configuration-0-11/resources.html

Arguments can be found in API browser in IPA server under dnsrecord_add

Import

# terraform import <module path> <ipauniqueid for group>

terraform import freeipa_group.group <ipauniqueid for group>
terraform import freeipa_user.user <ipauniqueid for user>

If your using FreeIPA then your likely to find that the interface does not expose the ipauniqueid. To get this you will need to log onto the IPA Server and run the following command:

ipa user-show --all <username>
ipa group-show --all <groupname>