FreeIPA client registration now functional

2016-07-17 02:23:44 -04:00 · 2016-07-17 02:23:44 -04:00 · e76a909879
parent 463065b850
commit e76a909879
2 changed files with 17 additions and 10 deletions
--- a/metadata.rb
+++ b/metadata.rb
@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
 license          'GPLv3'
 description      'Installs/Configures freeipa'
 long_description 'Installs/Configures freeipa'
-version          '0.1.3'
+version          '0.1.4'

 depends 'ohai'
 depends 'chef-vault'
--- a/recipes/client.rb
+++ b/recipes/client.rb
@ -17,6 +17,8 @@
 # limitations under the License.
 #

+include_recipe 'chef-vault'
+
 node.set[:freeipa][:client] = true

 # become aware servers
@ -32,23 +34,28 @@ unless freeipa_servers.empty? then

  puts "DEBUG: got here!"
  service "messagebus" do
-    action [:enable,:start]
+    action	[:enable,:start]
  end
  service "certmonger" do
-    action [:enable,:start]
+    action	[:enable,:start]
  end

+  passwords = chef_vault_item(:freeipa, 'passwords')
+
  #### Join node to freeipa 'domain'
  # configures kerberos client to point to kdc on freeipa::server
  # configures ldap to look up posix information via sssd/nss
  execute "joining freeipa client to domain" do
-    not_if "ls /var/lib/ipa-client/sysrestore/sysrestore.index"
-    cmd = "ipa-client-install -U"
-    cmd += " --server " + freeipa_masters[0][:fqdn]
-    cmd += " --domain " + node[:domain]
-    cmd += " --realm " + node[:domain].upcase
-    command cmd
-    ignore_failure true
+    not_if	{ File.exist?("/var/lib/ipa-client/sysrestore/sysrestore.index") }
+    cmd =	"ipa-client-install"
+    cmd +=	" --server " + freeipa_masters[0][:fqdn]
+    cmd +=	" --domain " + node[:domain]
+    cmd +=	" --realm " + node[:domain].upcase
+    cmd +=	" --mkhomedir --unattended"
+    cmd +=      " -p admin -w " + passwords['ldap_server_admin_pwd']
+    sensitive	true
+    command	cmd
+    #ignore_failure true
  end