From 383a128a460cb02d628276da91c4683172065174 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 15 Dec 2023 14:17:09 +0000 Subject: [PATCH 1/3] puppet8 support --- examples/ad.pp | 6 +-- examples/ipa.pp | 6 +-- examples/ldap.pp | 6 +-- examples/simple.pp | 6 +-- manifests/init.pp | 117 ++++++++++++++------------------------------- metadata.json | 4 +- 6 files changed, 51 insertions(+), 94 deletions(-) diff --git a/examples/ad.pp b/examples/ad.pp index d80270b..3ef44f8 100644 --- a/examples/ad.pp +++ b/examples/ad.pp @@ -1,4 +1,4 @@ -class {'::sssd': +class { 'sssd': config => { 'sssd' => { 'domains' => 'ad.example.com', @@ -19,6 +19,6 @@ 'fallback_homedir' => '/home/%d/%u', 'access_provider' => 'simple', 'simple_allow_groups' => ['admins', 'users'], - } - } + }, + }, } diff --git a/examples/ipa.pp b/examples/ipa.pp index e4a0e2d..09ebff3 100644 --- a/examples/ipa.pp +++ b/examples/ipa.pp @@ -1,4 +1,4 @@ -class {'::sssd': +class { 'sssd': config => { 'sssd' => { 'domains' => 'example.com', @@ -15,6 +15,6 @@ 'cache_credentials' => true, 'krb5_store_password_if_offline' => true, 'ldap_tls_cacert' => '/etc/ipa/ca.crt', - } - } + }, + }, } diff --git a/examples/ldap.pp b/examples/ldap.pp index 03ee34c..6004c8c 100644 --- a/examples/ldap.pp +++ b/examples/ldap.pp @@ -1,4 +1,4 @@ -class {'::sssd': +class { 'sssd': config => { 'sssd' => { 'domains' => 'example.com', @@ -14,6 +14,6 @@ 'ldap_id_use_start_tls' => true, 'ldap_tls_reqcert' => 'demand', 'ldap_tls_cacert' => '/etc/pki/tls/certs/ca-bundle.crt', - } - } + }, + }, } diff --git a/examples/simple.pp b/examples/simple.pp index 2ed45bc..bf8ef2c 100644 --- a/examples/simple.pp +++ b/examples/simple.pp @@ -1,4 +1,4 @@ -class {'::sssd': +class { 'sssd': config => { 'sssd' => { 'domains' => 'example.com', @@ -8,6 +8,6 @@ 'domain/example.com' => { 'access_provider' => 'simple', 'simple_allow_users' => ['user1', 'user2'], - } - } + }, + }, } diff --git a/manifests/init.pp b/manifests/init.pp index b8a8906..fea8bdc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -35,28 +35,26 @@ # managing sssd related services. Intended to be used to manage messagebus # service to prevent `Error: Could not start Service[oddjobd]`. # -# @param enable_mkhomedir_flags Array of flags to use with authconfig -# or authselect to enable auto-creation of home directories. +# @param enable_mkhomedir_flags Array of flags to use with authconfig to enable +# auto-creation of home directories. # -# @param disable_mkhomedir_flags Array of flags to use with authconfig -# or authselect to disable auto-creation of home directories. +# @param disable_mkhomedir_flags Array of flags to use with authconfig to disable +# auto-creation of home directories. # # @param pam_mkhomedir_umask Umask to set for pam_mkhomedir (oddjobd-mkhomedir on RedHat uses UMASK from login.defs) # # @param ensure_absent_flags Array of flags to use with authconfig when service # is disabled. # -# @param authselect_profile Name of authselect profile to use -# class sssd ( Enum['present', 'absent'] $ensure = 'present', Hash $config = { 'sssd' => { - 'domains' => $::domain, + 'domains' => $facts['networking']['domain'], 'config_file_version' => 2, 'services' => ['nss', 'pam'], }, - "domain/${::domain}" => { + "domain/${facts['networking']['domain']}" => { 'access_provider' => 'simple', 'simple_allow_users' => ['root'], }, @@ -87,45 +85,34 @@ '--disablesssd', '--disablesssdauth', ], - String $authselect_profile='sssd', ) { - # Warn on unsupported platforms - if ($::facts['os']['family'] == 'RedHat') { - if ($::facts['os']['name'] == 'Amazon') { - if !($::facts['os']['release']['major'] in ['2']) { - warning("osname Amazon's os.release.major is <${::facts['os']['release']['major']}> and must be 2.") - } - } elsif ($::facts['os']['name'] in ['RedHat', 'CentOS']) { - if !($::facts['os']['release']['major'] in ['6', '7', '8']) { - warning("osname RedHat's os.release.major is <${::facts['os']['release']['major']}> and must be 6, 7 or 8.") - } - } elsif ($::facts['os']['name'] == 'Fedora') { - if !($::facts['os']['release']['major'] in ['30', '31', '32', '33']) { - warning("osname Fedora's os.release.major is <${::facts['os']['release']['major']}> and must be 29, 30, 31, 32 or 33.") - } - } else { - warning("osname, \"${::facts['os']['name']}\", is recongnized as part of the RedHat family but is unsupported") + if ($facts['os']['family'] == 'RedHat') { + if ($facts['os']['name'] == 'Amazon') and !($facts['os']['release']['major'] in ['2']) { + warning("osname Amazon's os.release.major is <${::facts['os']['release']['major']}> and must be 2.") + } + if !($facts['os']['name'] == 'Amazon') and !($facts['os']['release']['major'] in ['5', '6', '7', '26', '27']) { + warning("osfamily RedHat's os.release.major is <${::facts['os']['release']['major']}> and must be 5, 6 or 7 for EL and 26 or 27 for Fedora.") } } - if $::facts['os']['family'] == 'Suse' { - if !($::facts['os']['release']['major'] in ['11', '12', '15']) { - warning("osfamily Suse's os.release.major is <${::facts['os']['release']['major']}> and must be 11, 12 or 15.") + if $facts['os']['family'] == 'Suse' { + if !($facts['os']['release']['major'] in ['11', '12']) { + warning("osfamily Suse's os.release.major is <${::facts['os']['release']['major']}> and must be 11 or 12.") } - if ($::facts['os']['release']['major'] == '11') and !($::facts['os']['release']['minor'] in ['3', '4']) { + if ($facts['os']['release']['major'] == '11') and !($facts['os']['release']['minor'] in ['3', '4']) { warning("Suse 11's os.release.minor is <${::facts['os']['release']['minor']}> and must be 3 or 4.") } } - if ($::facts['os']['family'] == 'Debian') and !($::facts['os']['release']['major'] in ['8', '9', '14.04', '16.04', '18.04']) { - warning("osfamily Debian's os.release.major is <${::facts['os']['release']['major']}> and must be 8 or 9 for Debian and 14.04, 16.04 or 18.04 for Ubuntu.") + if ($facts['os']['family'] == 'Debian') and !($facts['os']['release']['major'] in ['7', '8', '9', '14.04', '16.04', '18.04']) { + warning("osfamily Debian's os.release.major is <${::facts['os']['release']['major']}> and must be 7, 8 or 9 for Debian and 14.04, 16.04 or 18.04 for Ubuntu.") } # Manually set service provider to systemd on Amazon Linux 2 # which is based off el7 and includes systemd. # See issue PUP-8248 - https://tickets.puppetlabs.com/browse/PUP-8248 - if ($::facts['os']['name'] == 'Amazon') and ($::facts['os']['release']['major'] == '2') { + if ($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] == '2') { $service_provider = 'systemd' } else { $service_provider = undef @@ -197,55 +184,26 @@ content => template($config_template), } - case $::osfamily { + case $facts['os']['family'] { 'RedHat': { - if ($::facts['os']['name'] == 'Fedora' and versioncmp($::facts['os']['release']['major'], '28') >= 0) or - ( $::facts['os']['family'] == 'RedHat' and versioncmp($::facts['os']['release']['major'], '8') >= 0) { - if $ensure == 'present' { - $authselect_options = join( - concat( - [$authselect_profile], - $mkhomedir ? { - true => $enable_mkhomedir_flags, - false => $disable_mkhomedir_flags, - } - ), - ' ', - ) - } else { - $authselect_options = join(concat([$authselect_profile],$ensure_absent_flags), ' ') - } - $authselect_exec = '/bin/authselect' - - # The --force option is required in the event that the - # previous configuration contained in /etc/pam.d was not - # created by authselect. This condition is true on fresh - # installations. - exec { 'authselect-mkhomedir': - command => "${authselect_exec} select ${authselect_options} --force", - unless => "/usr/bin/test \"`${authselect_exec} current --raw`\" = \"${authselect_options}\"", - require => File['sssd.conf'], - } - } else { - if $ensure == 'present' { - $authconfig_flags = $mkhomedir ? { - true => join($enable_mkhomedir_flags, ' '), - false => join($disable_mkhomedir_flags, ' '), - } - } - else { - $authconfig_flags = join($ensure_absent_flags, ' ') + if $ensure == 'present' { + $authconfig_flags = $mkhomedir ? { + true => join($enable_mkhomedir_flags, ' '), + false => join($disable_mkhomedir_flags, ' '), } + } + else { + $authconfig_flags = join($ensure_absent_flags, ' ') + } - $authconfig_update_cmd = "/usr/sbin/authconfig ${authconfig_flags} --update" - $authconfig_test_cmd = "/usr/sbin/authconfig ${authconfig_flags} --test" - $authconfig_check_cmd = "/usr/bin/test \"`${authconfig_test_cmd}`\" = \"`/usr/sbin/authconfig --test`\"" + $authconfig_update_cmd = "/usr/sbin/authconfig ${authconfig_flags} --update" + $authconfig_test_cmd = "/usr/sbin/authconfig ${authconfig_flags} --test" + $authconfig_check_cmd = "/usr/bin/test \"`${authconfig_test_cmd}`\" = \"`/usr/sbin/authconfig --test`\"" - exec { 'authconfig-mkhomedir': - command => $authconfig_update_cmd, - unless => $authconfig_check_cmd, - require => File['sssd.conf'], - } + exec { 'authconfig-mkhomedir': + command => $authconfig_update_cmd, + unless => $authconfig_check_cmd, + require => File['sssd.conf'], } } 'Debian': { @@ -262,7 +220,6 @@ exec { 'pam-auth-update': path => '/bin:/usr/bin:/sbin:/usr/sbin', refreshonly => true, - require => Package[$sssd_package], } } } @@ -272,7 +229,6 @@ $pamconfig_check_cmd = '/usr/sbin/pam-config -q --sss | grep session:' if $mkhomedir { - exec { 'pam-config -a --mkhomedir': path => '/bin:/usr/bin:/sbin:/usr/sbin', unless => $pamconfig_mkhomedir_check_cmd, @@ -288,7 +244,8 @@ unless => $pamconfig_check_cmd, } } - default: { } + default: { + } } $service_ensure_real = $sssd::ensure ? { diff --git a/metadata.json b/metadata.json index f1c227b..5a093c1 100644 --- a/metadata.json +++ b/metadata.json @@ -47,9 +47,9 @@ } ], "requirements": [ - {"name":"puppet","version_requirement":">= 5.5.10 < 7.0.0" } + {"name":"puppet","version_requirement":">= 5.5.10 < 9.0.0" } ], "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 5.2.0 < 7.0.0"} + {"name":"puppetlabs/stdlib","version_requirement":">= 5.2.0 < 10.0.0"} ] } From 90294b2d5f796cd39af7e780aadd88f98af2ddcf Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 15 Dec 2023 15:24:34 +0100 Subject: [PATCH 2/3] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8652250..6290447 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +### 2023-12-15 (3.1.0) + * Add support for puppet8x + ### 2020-01-28 (3.1.0) * Add support for RHEL 8 and newer Fedora versions (robertc99) * Add missing dependency (Thodoris Sotiropoulos) From 2e7b465ddd49b3fa65c840ec56e7352d20e71003 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 15 Dec 2023 15:45:48 +0100 Subject: [PATCH 3/3] Update 8.yaml --- data/os/RedHat/8.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/data/os/RedHat/8.yaml b/data/os/RedHat/8.yaml index f0d0366..a50fc86 100644 --- a/data/os/RedHat/8.yaml +++ b/data/os/RedHat/8.yaml @@ -5,7 +5,4 @@ sssd::extra_packages: sssd::manage_oddjobd: true -sssd::enable_mkhomedir_flags: - - 'with-mkhomedir' - sssd::disable_mkhomedir_flags: []