[Ovirt-devel] [PATCH server] separate ipa common tasks freeipa::common and rename ipa_server_install to ipa_install
Joey Boggs
jboggs at redhat.com
Wed May 6 20:54:09 UTC 2009
This breaks out the common steps for a bundled/remote ipa server in to its own class to support the use of a remote ipa server. Also renames ipa_server_install to ipa_install to form a consistency for the dependencies after ipa is configured for either bundled or remote. The installer now includes the freeipa::common class by default to support either methods.
---
installer/bin/ovirt-installer | 1 +
installer/modules/ovirt/manifests/freeipa.pp | 58 ++++++++++++++------------
2 files changed, 32 insertions(+), 27 deletions(-)
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index 2d88886..ad4d56d 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -327,6 +327,7 @@ firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= admin_dev
firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= guest_dev %>", protocol => "", action => "MASQUERADE"}
<% end %>
include postgres::bundled
+include freeipa::common
include freeipa::bundled
include ovirt::setup
END_OF_TEMPLATE
diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp
index aa806fe..796b8b4 100644
--- a/installer/modules/ovirt/manifests/freeipa.pp
+++ b/installer/modules/ovirt/manifests/freeipa.pp
@@ -18,6 +18,35 @@
# Author: Joey Boggs <jboggs at redhat.com>
#--
+class freeipa::common{
+
+ exec {"get_krb5_tkt":
+ command => "/bin/echo $freeipa_password|/usr/kerberos/bin/kinit admin",
+ require => Single_Exec[ipa_install]
+ }
+
+ single_exec {"ipa_modify_username_length":
+ command => "/usr/sbin/ipa-defaultoptions --maxusername=12",
+ require => Exec["get_krb5_tkt"]
+ }
+
+ single_exec {"ipa_add_ovirtadmin_user":
+ command => "/usr/sbin/ipa-adduser -f Ovirt -l Admin -p $freeipa_password ovirtadmin",
+ require => Single_exec[ipa_modify_username_length]
+ }
+
+ single_exec {"ipa_ovirtadmin_group":
+ command => "/usr/sbin/ipa-modgroup -a ovirtadmin admins",
+ require => Single_exec[ipa_add_ovirtadmin_user]
+ }
+
+ single_exec {"set_pw_expiration":
+ command => "/usr/sbin/ipa-moduser --setattr krbPasswordExpiration=19700101000000Z ovirtadmin",
+ require => Single_exec[ipa_ovirtadmin_group]
+ }
+
+}
+
class freeipa::bundled{
package {"ipa-server":
@@ -36,7 +65,7 @@ class freeipa::bundled{
exec {"replace_line_returns":
command => "/bin/sed -i -e 's/^/#/' /etc/httpd/conf.d/ipa-rewrite.conf",
- require => Single_Exec[ipa_server_install]
+ require => Single_Exec[ipa_install]
}
file_replacement{"ipa_proxy_config_1":
@@ -59,36 +88,11 @@ class freeipa::bundled{
require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]]
}
- single_exec {"ipa_server_install":
+ single_exec {"ipa_install":
command => "/usr/sbin/ipa-server-install -r $realm_name -p $freeipa_password -P $freeipa_password -a $freeipa_password --hostname $ipa_host -u dirsrv -U",
require => [Exec[set_kdc_defaults],Single_exec[dnsmasq_restart]]
}
- exec {"get_krb5_tkt":
- command => "/bin/echo $freeipa_password|/usr/kerberos/bin/kinit admin",
- require => Single_Exec[ipa_server_install]
- }
-
- single_exec {"ipa_modify_username_length":
- command => "/usr/sbin/ipa-defaultoptions --maxusername=12",
- require => Exec["get_krb5_tkt"]
- }
-
- single_exec {"ipa_add_ovirtadmin_user":
- command => "/usr/sbin/ipa-adduser -f Ovirt -l Admin -p $freeipa_password ovirtadmin",
- require => Single_exec[ipa_modify_username_length]
- }
-
- single_exec {"ipa_ovirtadmin_group":
- command => "/usr/sbin/ipa-modgroup -a ovirtadmin admins",
- require => Single_exec[ipa_add_ovirtadmin_user]
- }
-
- single_exec {"set_pw_expiration":
- command => "/usr/sbin/ipa-moduser --setattr krbPasswordExpiration=19700101000000Z ovirtadmin",
- require => Single_exec[ipa_ovirtadmin_group]
- }
-
firewall_rule{"krb5": destination_port => "88"}
firewall_rule {"ldap": destination_port => '389'}
firewall_rule {"freeip-636": destination_port => '636'}
--
1.6.0.6
More information about the ovirt-devel
mailing list