Code cleanup per food-critic
This commit is contained in:
parent
52e9ae202c
commit
718f810b8b
4 changed files with 36 additions and 32 deletions
|
|
@ -4,7 +4,9 @@ maintainer_email 'psi-jack@linux-help.org'
|
|||
license 'GPLv3'
|
||||
description 'Installs/Configures freeipa'
|
||||
long_description 'Installs/Configures freeipa'
|
||||
version '0.1.5'
|
||||
version '0.1.6'
|
||||
issues_url 'http://git.linux-help.org/Linux-Help/freeipa/issues'
|
||||
source_url 'http://git.linux-help.org/Linux-Help/freeipa'
|
||||
|
||||
depends 'ohai'
|
||||
depends 'chef-vault'
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ def whyrun_supported?
|
|||
true
|
||||
end
|
||||
|
||||
use_inline_resources
|
||||
|
||||
action :remove do
|
||||
Chef::Log.warn('Remove ipa_group triggered')
|
||||
end
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@
|
|||
|
||||
include_recipe 'chef-vault'
|
||||
|
||||
node.set[:freeipa][:client] = true
|
||||
node.set["freeipa"]["client"] = true
|
||||
|
||||
# become aware servers
|
||||
freeipa_servers = search(:node, "freeipa_server:true")
|
||||
freeipa_clients = search(:node, "freeipa_client:true")
|
||||
freeipa_masters = search(:node, "freeipa_master:true")
|
||||
freeipa_servers = search("node", "freeipa_server:true")
|
||||
freeipa_clients = search("node", "freeipa_client:true")
|
||||
freeipa_masters = search("node", "freeipa_master:true")
|
||||
|
||||
unless freeipa_servers.empty? then
|
||||
package "ipa-client"
|
||||
|
|
@ -49,8 +49,8 @@ unless freeipa_servers.empty? then
|
|||
not_if { File.exist?("/var/lib/ipa-client/sysrestore/sysrestore.index") }
|
||||
cmd = "ipa-client-install"
|
||||
cmd += " --server " + freeipa_masters[0][:fqdn]
|
||||
cmd += " --domain " + node[:domain]
|
||||
cmd += " --realm " + node[:domain].upcase
|
||||
cmd += " --domain " + node["domain"]
|
||||
cmd += " --realm " + node["domain"].upcase
|
||||
cmd += " --mkhomedir --unattended"
|
||||
cmd += " -p admin -w " + passwords['ldap_server_admin_pwd']
|
||||
sensitive true
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
include_recipe 'chef-vault'
|
||||
|
||||
node.set[:freeipa][:server] = true
|
||||
node.normal["freeipa"]["server"] = true
|
||||
|
||||
# become aware of clients and servers
|
||||
freeipa_servers = search(:node, "freeipa_server:true")
|
||||
|
|
@ -28,7 +28,7 @@ freeipa_clients = search(:node, "freeipa_client:true")
|
|||
# gather data bag secrets
|
||||
#secret = Chef::EncryptedDataBagItem.load_secret("/home/psi-jack/.chef/encrypted_data_bag_secret")
|
||||
#passwords = Chef::EncryptedDataBagItem.load("secrets", "passwords", secret)
|
||||
passwords = chef_vault_item(:freeipa, 'passwords')
|
||||
passwords = chef_vault_item("freeipa", 'passwords')
|
||||
#ldap_server_admin_pwd = data_bag_item('secrets','ldap_server_admin_pwd')['value']
|
||||
#kdc_database_master_key = data_bag_item('secrets','kdc_database_master_key')['value']
|
||||
#ipa_user_pwd = data_bag_item('secrets','ipa_user_pwd')['value']
|
||||
|
|
@ -41,7 +41,7 @@ passwords = chef_vault_item(:freeipa, 'passwords')
|
|||
#package "rsync"
|
||||
|
||||
package 'ipa-server' do
|
||||
case node[:platform]
|
||||
case node["platform"]
|
||||
when 'redhat', 'centos'
|
||||
package_name 'ipa-server'
|
||||
end
|
||||
|
|
@ -80,10 +80,10 @@ if freeipa_masters.empty? then
|
|||
execute "initializing freeipa-server" do
|
||||
not_if { File.exist?('/var/liv/ipa/sysrestore/sysrestore.state') }
|
||||
cmd = "ipa-server-install"
|
||||
cmd += " --hostname " + node[:fqdn]
|
||||
cmd += " --hostname " + node["fqdn"]
|
||||
#cmd += " -u " + "ipaadmin"
|
||||
cmd += " -r " + node[:domain].upcase
|
||||
cmd += " -n " + node[:domain]
|
||||
cmd += " -r " + node["domain"].upcase
|
||||
cmd += " -n " + node["domain"]
|
||||
cmd += " -p " + passwords['ldap_server_admin_pwd']
|
||||
cmd += " -P " + passwords['kdc_database_master_key']
|
||||
cmd += " -a " + passwords['ipa_user_pwd']
|
||||
|
|
@ -114,11 +114,11 @@ if freeipa_masters.empty? then
|
|||
# end
|
||||
#end
|
||||
|
||||
node.set[:freeipa][:master] = true
|
||||
node.normal["freeipa"]["master"] = true
|
||||
|
||||
#elsif (node[:freeipa][:master].nil? && node[:freeipa][:master] == false) && (node[:freeipa][:replica].nil? && node[:freeipa][:replica] == false) then
|
||||
elsif (node[:freeipa][:master] && node[:freeipa][:master].respond_to?(:value) && node[:freeipa][:master] == false) &&
|
||||
(node[:freeipa][:replica] && node[:freeipa][:replica].respond_to?(:value) && node[:freeipa][:replica] == false) then
|
||||
elsif (node["freeipa"]["master"] && node["freeipa"]["master"].respond_to?(:value) && node["freeipa"]["master"] == false) &&
|
||||
(node["freeipa"]["replica"] && node["freeipa"]["replica"].respond_to?(:value) && node["freeipa"]["replica"] == false) then
|
||||
### Subsequent Replica Nodes
|
||||
|
||||
# check to see if slave is setup to replicat from master
|
||||
|
|
@ -126,9 +126,9 @@ elsif (node[:freeipa][:master] && node[:freeipa][:master].respond_to?(:value) &&
|
|||
ssh_noauth = "-o StrictHostKeyChecking=yes -o PasswordAuthentication=no"
|
||||
|
||||
execute "prepare replica from master" do
|
||||
cmd = "ssh #{ssh_noauth} root@#{freeipa_masters[0][:fqdn]} ipa-replica-prepare -p #{passwords['ldap_server_admin_pwd']}"
|
||||
cmd = "ssh #{ssh_noauth} root@#{freeipa_masters[0]['fqdn']} ipa-replica-prepare -p #{passwords['ldap_server_admin_pwd']}"
|
||||
command cmd
|
||||
not_if "ssh #{ssh_noauth} root@#{freeipa_masters[0][:fqdn]} test -f /var/lib/ipa/replica-info-#{node[:fqdn]}.gpg"
|
||||
not_if "ssh #{ssh_noauth} root@#{freeipa_masters[0]['fqdn']} test -f /var/lib/ipa/replica-info-#{node['fqdn']}.gpg"
|
||||
#notifies :run, 'execute[rsyncing freeipa replication data]', :immediately
|
||||
end
|
||||
|
||||
|
|
@ -137,25 +137,25 @@ elsif (node[:freeipa][:master] && node[:freeipa][:master].respond_to?(:value) &&
|
|||
# Fail gracefully if not found.
|
||||
execute "scping freeipa replication data" do
|
||||
#only_if "ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{freeipa_masters[0][:fqdn]} list | grep #{node[:fqdn]}"
|
||||
only_if "ssh #{ssh_noauth} root@#{freeipa_masters[0][:fqdn]} test -f /var/lib/ipa/replica-info-#{node[:fqdn]}.gpg"
|
||||
not_if { File.exist?("/var/lib/ipa/replica-info-#{node[:fqdn]}.gpg") }
|
||||
only_if "ssh #{ssh_noauth} root@#{freeipa_masters[0]['fqdn']} test -f /var/lib/ipa/replica-info-#{node['fqdn']}.gpg"
|
||||
not_if { File.exist?("/var/lib/ipa/replica-info-#{node['fqdn']}.gpg") }
|
||||
#cmd = "rsync -a -e \"ssh " + ssh_noauth
|
||||
cmd = "scp " + ssh_noauth
|
||||
cmd += " root@" + freeipa_masters[0][:fqdn]
|
||||
cmd += ":/var/lib/ipa/replica-info-#{node[:fqdn]}.gpg"
|
||||
cmd += " root@" + freeipa_masters[0]["fqdn"]
|
||||
cmd += ":/var/lib/ipa/replica-info-#{node['fqdn']}.gpg"
|
||||
cmd += " /var/lib/ipa/"
|
||||
command cmd
|
||||
notifies :run, 'execute[joining freeipa cluster]', :immediately
|
||||
end
|
||||
|
||||
execute "joining freeipa cluster" do
|
||||
not_if "ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{freeipa_masters[0][:fqdn]} list | grep #{node[:fqdn]}"
|
||||
not_if "ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{freeipa_masters[0]['fqdn']} list | grep #{node['fqdn']}"
|
||||
#only_if "ls /var/lib/ipa/replica-info-#{node[:fqdn]}.gpg"
|
||||
only_if { File.exist?("/var/lib/ipa/replica-info-#{node[:fqdn]}.gpg") }
|
||||
only_if { File.exist?("/var/lib/ipa/replica-info-#{node['fqdn']}.gpg") }
|
||||
cmd = "ipa-replica-install"
|
||||
cmd += " -p " + passwords['ldap_server_admin_pwd']
|
||||
cmd += " --unattended --mkhomedir --skip-conncheck"
|
||||
cmd += " /var/lib/ipa/replica-info-#{node[:fqdn]}.gpg"
|
||||
cmd += " /var/lib/ipa/replica-info-#{node['fqdn']}.gpg"
|
||||
command cmd
|
||||
sensitive true
|
||||
action :nothing
|
||||
|
|
@ -165,13 +165,13 @@ elsif (node[:freeipa][:master] && node[:freeipa][:master].respond_to?(:value) &&
|
|||
# copy CA private key
|
||||
# /etc/dirsrv/slapd-DEV-US-EAST-1-AWS-AFISTFULOFSERVERS-NET/pwdfile.txt
|
||||
execute "copying CA private key" do
|
||||
only_if "ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{freeipa_masters[0][:fqdn]} list | grep #{node[:fqdn]}"
|
||||
only_if { File.exist?("/etc/dirsrv/slapd-#{node[:domain].upcase}/") }
|
||||
not_if { File.exist?("/etc/dirsrv/slaved-#{node[:domain].upcase}/cacert.p12") }
|
||||
only_if "ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{freeipa_masters[0]['fqdn']} list | grep #{node['fqdn']}"
|
||||
only_if { File.exist?("/etc/dirsrv/slapd-#{node['domain'].upcase}/") }
|
||||
not_if { File.exist?("/etc/dirsrv/slaved-#{node['domain'].upcase}/cacert.p12") }
|
||||
cmd = "scp " + ssh_noauth
|
||||
cmd += " root@" + freeipa_masters[0][:fqdn]
|
||||
cmd += ":/etc/dirsrv/slapd-#{node[:domain].upcase}/cacert.p12"
|
||||
cmd += " /etc/dirsrv/slapd-#{node[:domain].upcase}/"
|
||||
cmd += " root@" + freeipa_masters[0]['fqdn']
|
||||
cmd += ":/etc/dirsrv/slapd-#{node['domain'].upcase}/cacert.p12"
|
||||
cmd += " /etc/dirsrv/slapd-#{node['domain'].upcase}/"
|
||||
command cmd
|
||||
ignore_failure true
|
||||
action :nothing
|
||||
|
|
@ -180,7 +180,7 @@ elsif (node[:freeipa][:master] && node[:freeipa][:master].respond_to?(:value) &&
|
|||
|
||||
ruby_block "set node as replica" do
|
||||
block do
|
||||
node.set[:freeipa][:replica] = true
|
||||
node.normal["freeipa"]["replica"] = true
|
||||
end
|
||||
action :nothing
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue