93 lines
2.4 KiB
Text
93 lines
2.4 KiB
Text
{% set hostname=grains['host'] %}
|
|
{% set ip=grains['fqdn_ip4'][0] %}
|
|
install_sssd:
|
|
pkg.installed:
|
|
- name: sssd
|
|
|
|
/etc/sssd/sssd.conf:
|
|
file.managed:
|
|
- source: salt://productionize/freeipa/manual/sssd.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 600
|
|
- template: jinja
|
|
- context:
|
|
hostname: {{hostname}}
|
|
|
|
/etc/nsswitch.conf:
|
|
file.managed:
|
|
- source: salt://productionize/freeipa/manual/nsswitch.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
/etc/nscd.conf:
|
|
file.managed:
|
|
- source: salt://productionize/freeipa/manual/nscd.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
/etc/krb5.conf:
|
|
file.managed:
|
|
- source: salt://productionize/freeipa/manual/krb5.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
/etc/pam.d:
|
|
file.recurse:
|
|
- source: salt://productionize/freeipa/manual/pam.d/
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 755
|
|
- file_mode: 644
|
|
|
|
freeipa_sshpass:
|
|
pkg.installed:
|
|
- name: sshpass
|
|
|
|
set_salt_ipa_password:
|
|
environ.setenv:
|
|
- name: SALT_PASSWORD
|
|
- value: "{%- include 'secure/passwords/ipa_salt_password.txt' -%}"
|
|
|
|
create_host:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;echo $SALT_PASSWORD | kinit salt;ipa host-add --force --ip-address={{ip}} {{hostname}}.actcur.com; ipa host-allow-create-keytab {{hostname}}.actcur.com --groups enroller;/usr/sbin/ipa-getkeytab -s ipa.actcur.com -p host/{{hostname}}.actcur.com -k ./{{hostname}}.keytab"'
|
|
|
|
grab_keytab:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD scp -oStrictHostKeyChecking=no salt@ipa.actcur.com:./{{hostname}}.keytab /etc/krb5.keytab'
|
|
|
|
delete_keytab:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;"'
|
|
|
|
unset_salt_ipa_password:
|
|
environ.setenv:
|
|
- name: SALT_PASSWORD
|
|
- value: "False"
|
|
- false_unsets: true
|
|
|
|
freeipa_sssd_service:
|
|
service.running:
|
|
- name: sssd
|
|
- enable: true
|
|
- watch:
|
|
- file: /etc/sssd/sssd.conf
|
|
- file: /etc/nsswitch.conf
|
|
- file: /etc/nscd.conf
|
|
- file: /etc/krb5.conf
|
|
- file: /etc/pam.d
|
|
|
|
freeipa_nscd_service:
|
|
service.running:
|
|
- name: nscd
|
|
- enable: true
|
|
- watch:
|
|
- file: /etc/sssd/sssd.conf
|
|
- file: /etc/nsswitch.conf
|
|
- file: /etc/nscd.conf
|
|
- file: /etc/krb5.conf
|
|
- file: /etc/pam.d
|