Successfully deployed functional freeipa-server

Berksfile

@@ -4,4 +4,6 @@ metadata
 
 cookbook 'chef-vault'
 cookbook 'ohai'
-cookbook 'sshroot2rootssh', path: '/home/psi-jack/Chef/cookbooks/sshroot2rootssh'
+cookbook 'ohai-rootsshkey', path: '../ohai-rootsshkey'
+cookbook 'sshroot2rootssh', path: '../sshroot2rootssh'
+

recipes/server.rb

@@ -37,16 +37,24 @@ passwords = chef_vault_item(:freeipa, 'passwords')
 #package "dbus"
 #package "oddjob"
 #package "ipa-client"
-package "ipa-server"
+#package "ipa-server"
 package "rsync"
 
+package 'ipa-server' do
+  case node[:platform]
+  when 'redhat', 'centos'
+    package_name 'ipa-server'
+  end
+  action :install
+end
+
 ##### Security considerations
 # All FreeIPA server hosts need to be able to ssh to each other as root to copy replication configs
 # That kind of sucks, but what are the real consequences?
 # Since they are replicants of each other, this can be justified, since the data is already compromised.
 # Can selinux help mitigate this?
 #include_recipe "ohai"
-#include_recipe "sshroot2rootssh" 
+include_recipe "sshroot2rootssh" 
 
 ##### Replication
 # We're going to have to 
@@ -65,11 +73,11 @@ package "rsync"
 # negotiate for master
 freeipa_masters = search(:node, "freeipa_master:true")
 if freeipa_masters.empty? then
-  node.set[:freeipa][:master] = "true"
+  node.set[:freeipa][:master] = true
-end
+#end
 
 ##### Do master stuff
-if node[:freeipa][:master] then
+#if node[:freeipa][:master] then
 
   # write better tests to see if freeipa is already set up.
   ## Bootstrap FreeIPA
@@ -87,33 +95,34 @@ if node[:freeipa][:master] then
     cmd += " -U "
     cmd += " --no-host-dns "
     command "#{cmd}"
-    notifies :start, "service[dirsrv]"
+    #notifies :start, "service[dirsrv]"
   end
 
   # Compare list of freeipa_servers with contents of /var/lib/ipa/
   #configured_replicants =`ipa-replica-manage -p #{ldap_server_admin_pwd} -H #{node[:fqdn]} list`.split
-  configured_replicants =`ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{node[:fqdn]} list`.split
+  #configured_replicants = `ipa-replica-manage -p #{passwords['ldap_server_admin_pwd']} -H #{node[:fqdn]} list`.split
-  configured_replicants.each { |r| puts "DEBUG: configured_replicant: #{r}" }
+  #configured_replicants.each { |r| puts "DEBUG: configured_replicant: #{r}" }
 
-  freeipa_server_fqdns  = Array.new
+  #freeipa_server_fqdns  = Array.new
-  freeipa_servers.each { |n|  freeipa_server_fqdns << n[:fqdn] }
+  #freeipa_servers.each { |n|  freeipa_server_fqdns << n[:fqdn] }
-  freeipa_server_fqdns.compact!
+  #freeipa_server_fqdns.compact!
 
-  freeipa_server_fqdns.each do |f|
+  #freeipa_server_fqdns.each do |f|
-    unless node[:fqdn] == f then
+  #  unless node[:fqdn] == f then
-      unless configured_replicants.include?( f ) then
+  #    unless configured_replicants.include?( f ) then
-        execute "generating replica config for #{f}" do
+  #      execute "generating replica config for #{f}" do
-          not_if "ls /var/lib/ipa/replica-info-#{f}.gpg"
+  #        not_if "ls /var/lib/ipa/replica-info-#{f}.gpg"
-          command "ipa-replica-prepare -p #{passwords['ldap_server_admin_pwd']} #{f}"
+  #        command "ipa-replica-prepare -p #{passwords['ldap_server_admin_pwd']} #{f}"
-        end
+  #      end
-      end
+  #    end
-    end
+  #  end
-  end
+  #end
 
-end
+#end
 
 ### Subsequent nodes 
-unless node[:freeipa][:master] then
+#unless node[:freeipa][:master] then
+else
 
   # check to see if slave is setup to replicat from master
   #"ipa-replica-manage -p 0123456789 -H authentication-1.dev.us-east-1.aws.afistfulofservers.net list"