FreeIPA client registration now functional
This commit is contained in:
parent
463065b850
commit
e76a909879
2 changed files with 17 additions and 10 deletions
|
@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
|
||||||
license 'GPLv3'
|
license 'GPLv3'
|
||||||
description 'Installs/Configures freeipa'
|
description 'Installs/Configures freeipa'
|
||||||
long_description 'Installs/Configures freeipa'
|
long_description 'Installs/Configures freeipa'
|
||||||
version '0.1.3'
|
version '0.1.4'
|
||||||
|
|
||||||
depends 'ohai'
|
depends 'ohai'
|
||||||
depends 'chef-vault'
|
depends 'chef-vault'
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
include_recipe 'chef-vault'
|
||||||
|
|
||||||
node.set[:freeipa][:client] = true
|
node.set[:freeipa][:client] = true
|
||||||
|
|
||||||
# become aware servers
|
# become aware servers
|
||||||
|
@ -38,17 +40,22 @@ unless freeipa_servers.empty? then
|
||||||
action [:enable,:start]
|
action [:enable,:start]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
passwords = chef_vault_item(:freeipa, 'passwords')
|
||||||
|
|
||||||
#### Join node to freeipa 'domain'
|
#### Join node to freeipa 'domain'
|
||||||
# configures kerberos client to point to kdc on freeipa::server
|
# configures kerberos client to point to kdc on freeipa::server
|
||||||
# configures ldap to look up posix information via sssd/nss
|
# configures ldap to look up posix information via sssd/nss
|
||||||
execute "joining freeipa client to domain" do
|
execute "joining freeipa client to domain" do
|
||||||
not_if "ls /var/lib/ipa-client/sysrestore/sysrestore.index"
|
not_if { File.exist?("/var/lib/ipa-client/sysrestore/sysrestore.index") }
|
||||||
cmd = "ipa-client-install -U"
|
cmd = "ipa-client-install"
|
||||||
cmd += " --server " + freeipa_masters[0][:fqdn]
|
cmd += " --server " + freeipa_masters[0][:fqdn]
|
||||||
cmd += " --domain " + node[:domain]
|
cmd += " --domain " + node[:domain]
|
||||||
cmd += " --realm " + node[:domain].upcase
|
cmd += " --realm " + node[:domain].upcase
|
||||||
|
cmd += " --mkhomedir --unattended"
|
||||||
|
cmd += " -p admin -w " + passwords['ldap_server_admin_pwd']
|
||||||
|
sensitive true
|
||||||
command cmd
|
command cmd
|
||||||
ignore_failure true
|
#ignore_failure true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue