From afd652929ca02b4eb20f77f1eebcc34fe556bf40 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Tue, 31 Oct 2023 10:49:27 -0700 Subject: [PATCH] (*) migrate from puppet-finland/easy_ipa -> lsst/ipa --- Puppetfile | 2 +- hieradata/common.yaml | 52 +++++++++----------- hieradata/node/ipa1.dev.lsst.org.yaml | 2 +- hieradata/node/ipa1.ls.lsst.org.yaml | 2 +- hieradata/node/ipa1.tu.lsst.org.yaml | 2 +- hieradata/role/cmms.yaml | 4 +- hieradata/role/ipareplica.yaml | 23 +++------ hieradata/role/ubuntu.yaml | 4 +- hieradata/site/cp.yaml | 2 +- hieradata/site/dev.yaml | 2 +- hieradata/site/dmz.yaml | 2 +- hieradata/site/ls.yaml | 2 +- hieradata/site/tu.yaml | 2 +- site/profile/manifests/core/common.pp | 28 ++++------- site/profile/manifests/core/ipa.pp | 8 +-- site/profile/manifests/core/ipa_pwd_reset.pp | 1 - site/profile/manifests/core/krb5.pp | 3 +- site/profile/manifests/core/rke.pp | 5 +- site/profile/manifests/core/sssd.pp | 6 ++- spec/classes/archive/commmon_spec.rb | 2 +- spec/classes/core/common_spec.rb | 2 +- spec/classes/core/ipa_pwd_reset_spec.rb | 3 -- spec/classes/core/ipa_spec.rb | 8 +-- spec/classes/core/krb5_spec.rb | 6 --- spec/classes/core/rke_spec.rb | 4 +- spec/classes/core/sssd_spec.rb | 2 +- spec/fixtures/hieradata/common.yaml | 6 +-- spec/fixtures/hieradata/profile-only.yaml | 7 ++- spec/spec_helper.rb | 6 +-- spec/support/spec/sssd.rb | 4 +- 30 files changed, 80 insertions(+), 122 deletions(-) diff --git a/Puppetfile b/Puppetfile index b503e9357c..cb51589ba9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -24,6 +24,7 @@ mod 'lsst/daq', '2.2.0' mod 'lsst/dellperc', '2.0.0' mod 'lsst/foreman_envsync', '2.1.0' mod 'lsst/helm_binary', '2.1.0' +mod 'lsst/ipa', git: 'https://github.com/lsst-it/puppet-ipa', ref: '8ec66d1' mod 'lsst/java_artisanal', '3.3.0' mod 'lsst/kubectl', '1.1.0' mod 'lsst/maven', '3.1.0' @@ -39,7 +40,6 @@ mod 'puppet/chrony', '3.0.0' mod 'puppet/cron', '4.1.0' mod 'puppet/epel', '4.1.0' mod 'puppet/extlib', '7.0.0' -mod 'puppetfinland/easy_ipa', '3.1.0' mod 'puppet/firewalld', git: 'https://github.com/voxpupuli/puppet-firewalld', ref: '1eb95e1' # stdlib 9.x mod 'puppet/hosts', '0.1.0' mod 'puppet/ipset', '4.0.0' diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 3f55e4d111..2b28dccf00 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -142,22 +142,16 @@ ssh::server::match_block: <<: *authorized_keys csilva_b: <<: *authorized_keys -# easy_ipa server options +# ipa server options # defines the uid/gid of the admin user # needs to be coordinated between master + replicas -easy_ipa::idstart: 70000 -easy_ipa::idmax: 79999 -easy_ipa::domain: "lsst.cloud" -easy_ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" -# easy_ipa client options -easy_ipa::ipa_role: "client" -easy_ipa::configure_ntp: false -easy_ipa::configure_sshd: false -easy_ipa::install_autofs: false -easy_ipa::install_epel: false -easy_ipa::install_kstart: false -easy_ipa::install_sssd: false -easy_ipa::install_sssdtools: false +ipa::idstart: 70000 +ipa::idmax: 79999 +ipa::domain: "lsst.cloud" +ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" +# ipa client options +ipa::ipa_role: "client" +ipa::configure_ntp: false epel::epel_managed: true epel::epel_source_managed: false epel::epel_debuginfo_managed: true @@ -347,10 +341,10 @@ sssd::main_config: - "sudo" nss: homedir_substring: "/home" - "domain/%{lookup('easy_ipa::domain')}": + "domain/%{lookup('ipa::domain')}": cache_credentials: true krb5_store_password_if_offline: true - ipa_domain: "%{lookup('easy_ipa::domain')}" + ipa_domain: "%{lookup('ipa::domain')}" id_provider: "ipa" auth_provider: "ipa" access_provider: "ipa" @@ -359,8 +353,8 @@ sssd::main_config: chpass_provider: "ipa" ipa_server: - "_srv_" - - "%{lookup('easy_ipa::ipa_master_fqdn')}" - dns_discovery_domain: "%{::site}._locations.%{lookup('easy_ipa::domain')}" + - "%{lookup('ipa::ipa_master_fqdn')}" + dns_discovery_domain: "%{::site}._locations.%{lookup('ipa::domain')}" sssd::package_name: - "sssd" - "sssd-tools" # not installed by default @@ -385,25 +379,25 @@ mit_krb5::ticket_lifetime: "24h" mit_krb5::udp_preference_limit: "0" mit_krb5::realms: "%{lookup('mit_krb5::default_realm')}": - kdc: "%{lookup('easy_ipa::ipa_master_fqdn')}:88" - master_kdc: "%{lookup('easy_ipa::ipa_master_fqdn')}:88" - admin_server: "%{lookup('easy_ipa::ipa_master_fqdn')}:749" - kpasswd_server: "%{lookup('easy_ipa::ipa_master_fqdn')}:464" - default_domain: "%{lookup('easy_ipa::domain')}" + kdc: "%{lookup('ipa::ipa_master_fqdn')}:88" + master_kdc: "%{lookup('ipa::ipa_master_fqdn')}:88" + admin_server: "%{lookup('ipa::ipa_master_fqdn')}:749" + kpasswd_server: "%{lookup('ipa::ipa_master_fqdn')}:464" + default_domain: "%{lookup('ipa::domain')}" pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem" pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem" mit_krb5::domain_realms: "%{lookup('mit_krb5::default_realm')}": domains: - - ".%{lookup('easy_ipa::domain')}" - - "%{lookup('easy_ipa::domain')}" + - ".%{lookup('ipa::domain')}" + - "%{lookup('ipa::domain')}" - "%{facts.fqdn}" - ".%{facts.domain}" - "%{facts.domain}" openldap::client::tls_cacertdir: "/etc/openldap/certs" openldap::client::sasl_nocanon: true -openldap::client::uri: "ldaps://%{lookup('easy_ipa::ipa_master_fqdn')}" +openldap::client::uri: "ldaps://%{lookup('ipa::ipa_master_fqdn')}" openldap::client::base: "dc=lsst,dc=cloud" openldap::client::tls_cacert: "/etc/ipa/ca.crt" openldap::client::sasl_mech: "GSSAPI" @@ -412,10 +406,10 @@ profile::core::ipa::default: global: basedn: "%{lookup('openldap::client::base')}" realm: "%{lookup('mit_krb5::default_realm')}" - domain: "%{lookup('easy_ipa::domain')}" - server: "%{lookup('easy_ipa::ipa_master_fqdn')}" + domain: "%{lookup('ipa::domain')}" + server: "%{lookup('ipa::ipa_master_fqdn')}" host: "%{facts.fqdn}" - xmlrpc_uri: "https://%{lookup('easy_ipa::ipa_master_fqdn')}/ipa/xml" + xmlrpc_uri: "https://%{lookup('ipa::ipa_master_fqdn')}/ipa/xml" enable_ra: "True" profile::core::monitoring::database: "telegraf" diff --git a/hieradata/node/ipa1.dev.lsst.org.yaml b/hieradata/node/ipa1.dev.lsst.org.yaml index 2097024930..07bb3a5858 100644 --- a/hieradata/node/ipa1.dev.lsst.org.yaml +++ b/hieradata/node/ipa1.dev.lsst.org.yaml @@ -1,3 +1,3 @@ --- # need to use an off site ipa replica to bootstrap the first local ipa instance -easy_ipa::ipa_master_fqdn: "ipa2.ls.lsst.org" +ipa::ipa_master_fqdn: "ipa2.ls.lsst.org" diff --git a/hieradata/node/ipa1.ls.lsst.org.yaml b/hieradata/node/ipa1.ls.lsst.org.yaml index fee061e098..0be33ecaf3 100644 --- a/hieradata/node/ipa1.ls.lsst.org.yaml +++ b/hieradata/node/ipa1.ls.lsst.org.yaml @@ -1,3 +1,3 @@ --- # need to use an off site ipa replica to bootstrap the first local ipa instance -easy_ipa::ipa_master_fqdn: "ipa1.tu.lsst.org" +ipa::ipa_master_fqdn: "ipa1.tu.lsst.org" diff --git a/hieradata/node/ipa1.tu.lsst.org.yaml b/hieradata/node/ipa1.tu.lsst.org.yaml index c5f8f3eaf2..4c7543dc3b 100644 --- a/hieradata/node/ipa1.tu.lsst.org.yaml +++ b/hieradata/node/ipa1.tu.lsst.org.yaml @@ -1,6 +1,6 @@ --- # need to use an off site ipa replica to bootstrap the first local ipa instance -easy_ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" +ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" network::interfaces_hash: eth0: # fqdn ipaddress: "140.252.146.74" diff --git a/hieradata/role/cmms.yaml b/hieradata/role/cmms.yaml index a11705d6f3..1899da56fa 100644 --- a/hieradata/role/cmms.yaml +++ b/hieradata/role/cmms.yaml @@ -1,12 +1,10 @@ --- classes: - "accounts" - - "easy_ipa" + - "ipa" - "network" - "profile::core::cmms" - "puppet_agent" - "resolv_conf" - "ssh" - "sudo" - -easy_ipa::install_sssd: true diff --git a/hieradata/role/ipareplica.yaml b/hieradata/role/ipareplica.yaml index 7f53985f2a..3645ec065f 100644 --- a/hieradata/role/ipareplica.yaml +++ b/hieradata/role/ipareplica.yaml @@ -1,30 +1,21 @@ --- classes: - "clustershell" - - "easy_ipa" + - "ipa" - "profile::core::common" - "profile::core::ipa_pwd_reset" - "tailscale" profile::core::common::disable_ipv6: true -profile::core::common::manage_ipa: false profile::core::common::manage_krb5: false profile::core::common::manage_sssd: false profile::core::sysctl::disable_ipv6::disable: false # ipa-server-install wants ipv6 -easy_ipa::ipa_role: "replica" -easy_ipa::configure_replica_ca: true -easy_ipa::install_ipa_server: true -easy_ipa::enable_ip_address: true -easy_ipa::webui_disable_kerberos: true -easy_ipa::webui_enable_proxy: true -easy_ipa::webui_force_https: true -easy_ipa::configure_dns_server: false -easy_ipa::ipa_server_fqdn: "%{facts.fqdn}" -easy_ipa::ip_address: "%{facts.networking.ip}" - -# enable easy_ipa management of sssd packages on servers -easy_ipa::install_sssd: true -easy_ipa::install_sssdtools: true +ipa::ipa_role: "replica" +ipa::configure_replica_ca: true +ipa::enable_ip_address: true +ipa::configure_dns_server: false +ipa::ipa_server_fqdn: "%{facts.fqdn}" +ipa::ip_address: "%{facts.networking.ip}" clustershell::groupmembers: ipa: diff --git a/hieradata/role/ubuntu.yaml b/hieradata/role/ubuntu.yaml index b661a7b26f..8ef8bd801d 100644 --- a/hieradata/role/ubuntu.yaml +++ b/hieradata/role/ubuntu.yaml @@ -1,9 +1,7 @@ --- classes: - "accounts" - - "easy_ipa" + - "ipa" - "puppet_agent" - "ssh" - "sudo" - -easy_ipa::install_sssd: true diff --git a/hieradata/site/cp.yaml b/hieradata/site/cp.yaml index c22c45ffcf..ee00f7c5cf 100644 --- a/hieradata/site/cp.yaml +++ b/hieradata/site/cp.yaml @@ -1,7 +1,7 @@ --- docker::log_driver: ~ docker::log_opt: ~ -easy_ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" +ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" rsyslog::config::actions: # Send copy to logs to GKE Graylog instance graylogCloud: diff --git a/hieradata/site/dev.yaml b/hieradata/site/dev.yaml index 924d45589e..e4246ec93e 100644 --- a/hieradata/site/dev.yaml +++ b/hieradata/site/dev.yaml @@ -1,5 +1,5 @@ --- -easy_ipa::ipa_master_fqdn: "ipa1.ls.lsst.org" +ipa::ipa_master_fqdn: "ipa1.ls.lsst.org" rsyslog::config::actions: # Send copy to logs to Ruka Cluster graylogCloud: diff --git a/hieradata/site/dmz.yaml b/hieradata/site/dmz.yaml index 7d405a2a6c..c0a0937560 100644 --- a/hieradata/site/dmz.yaml +++ b/hieradata/site/dmz.yaml @@ -1,5 +1,5 @@ --- -easy_ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" +ipa::ipa_master_fqdn: "ipa1.cp.lsst.org" rsyslog::config::actions: # Send copy to logs to GKE Graylog instance graylogCloud: diff --git a/hieradata/site/ls.yaml b/hieradata/site/ls.yaml index 185db829cb..3a894cb5ad 100644 --- a/hieradata/site/ls.yaml +++ b/hieradata/site/ls.yaml @@ -1,5 +1,5 @@ --- -easy_ipa::ipa_master_fqdn: "ipa1.ls.lsst.org" +ipa::ipa_master_fqdn: "ipa1.ls.lsst.org" rsyslog::config::actions: # Send copy to logs to GKE Graylog instance graylogCloud: diff --git a/hieradata/site/tu.yaml b/hieradata/site/tu.yaml index c69cf8b3f3..d118df28e6 100644 --- a/hieradata/site/tu.yaml +++ b/hieradata/site/tu.yaml @@ -1,5 +1,5 @@ --- -easy_ipa::ipa_master_fqdn: "ipa1.tu.lsst.org" +ipa::ipa_master_fqdn: "ipa1.tu.lsst.org" profile::core::common::disable_ipv6: true rsyslog::config::actions: # Send copy to logs to GKE Graylog instance diff --git a/site/profile/manifests/core/common.pp b/site/profile/manifests/core/common.pp index c59babd1c3..23af92bcf0 100644 --- a/site/profile/manifests/core/common.pp +++ b/site/profile/manifests/core/common.pp @@ -15,11 +15,8 @@ # @param manage_krb5 # Enable or disable management of `/etc/krb5.conf` # -# @param manage_ldap -# Enable or disable management of openldap ipa client config -# # @param manage_ipa -# Enable or disable management of `/etc/ipa/default.conf` +# Enable or disable management of free ipa. # # @param disable_ipv6 # If `true`, disable ipv6 networking support. This parameter is intended to eventually @@ -48,7 +45,6 @@ Boolean $manage_chrony = true, Boolean $manage_sssd = true, Boolean $manage_krb5 = true, - Boolean $manage_ldap = true, Boolean $manage_ipa = true, Boolean $disable_ipv6 = false, Boolean $manage_firewall = true, @@ -61,7 +57,6 @@ include auditd include accounts include augeas - include easy_ipa include hosts include lldpd include profile::core::bash_completion @@ -85,8 +80,6 @@ include timezone include tuned - Class['easy_ipa'] -> Class['ssh'] - if fact('os.family') == 'RedHat' { include epel include profile::core::yum @@ -126,7 +119,6 @@ if $manage_firewall { include firewall - Class[easy_ipa] -> Class[firewall] } if $manage_puppet_agent { @@ -145,14 +137,17 @@ include profile::core::krb5 } - if $manage_ldap { - include openldap::client - # run ipa-install-* script before trying to managing openldap - Class[easy_ipa] -> Class[openldap::client] - } - if $manage_ipa { + include ipa + include openldap::client include profile::core::ipa + + # prevent ipa packages from being installed before versionlocks are set + Yum::Versionlock<| |> -> Class[ipa] + + # run ipa-install-* script before X + Class[ipa] -> Class[ssh] + Class[ipa] -> Class[openldap::client] } if $disable_ipv6 { @@ -178,7 +173,4 @@ file { '/etc/sysconfig/network-scripts/ifcfg-': ensure => absent, } - - # prevent ipa packages from being installed before versionlocks are set - Yum::Versionlock<| |> -> Class[easy_ipa] } diff --git a/site/profile/manifests/core/ipa.pp b/site/profile/manifests/core/ipa.pp index 6e5bc0d770..af40bebe46 100644 --- a/site/profile/manifests/core/ipa.pp +++ b/site/profile/manifests/core/ipa.pp @@ -1,6 +1,6 @@ # @summary -# Manages ipa client configuration -- functionality not provided by easy_ipa. -# XXX should be added to easy_ipa and upstream? +# Manages ipa client configuration -- functionality not provided by ipa mod. +# XXX should be added to ipa mod? # # @param default # Set values in `/etc/ipa/default.conf`. @@ -8,11 +8,11 @@ class profile::core::ipa ( Optional[Hash] $default = undef, ) { - require easy_ipa + require ipa $param_defaults = { 'path' => '/etc/ipa/default.conf', - require => Class[easy_ipa], + require => Class[ipa], } if $default { diff --git a/site/profile/manifests/core/ipa_pwd_reset.pp b/site/profile/manifests/core/ipa_pwd_reset.pp index aff23f0e90..fe8441ccca 100644 --- a/site/profile/manifests/core/ipa_pwd_reset.pp +++ b/site/profile/manifests/core/ipa_pwd_reset.pp @@ -148,6 +148,5 @@ ensure => file, mode => '0644', content => $ipa_reset_http, - notify => Service['httpd'], } } diff --git a/site/profile/manifests/core/krb5.pp b/site/profile/manifests/core/krb5.pp index 88393f1c81..df9a002b39 100644 --- a/site/profile/manifests/core/krb5.pp +++ b/site/profile/manifests/core/krb5.pp @@ -2,10 +2,11 @@ # Manage host kerberos configuration # class profile::core::krb5 { + require ipa include mit_krb5 # run ipa-install-* script before trying to managing krb5.conf - Class[easy_ipa] -> Class[mit_krb5] + Class[ipa] -> Class[mit_krb5] # create /etc/krb5.conf.d files only on EL8+ unless fact('os.family') == 'RedHat' and fact('os.release.major') == '7' { diff --git a/site/profile/manifests/core/rke.pp b/site/profile/manifests/core/rke.pp index 2265343e4c..f75e8d7229 100644 --- a/site/profile/manifests/core/rke.pp +++ b/site/profile/manifests/core/rke.pp @@ -16,6 +16,7 @@ String $version = '1.3.12', ) { include kmod + require ipa $user = 'rke' $uid = 75500 @@ -29,7 +30,7 @@ profile::util::keytab { $user: uid => $uid, keytab_base64 => $keytab_base64, - require => Class[easy_ipa], # ipa must be setup to use the rke user + require => Class[ipa], # ipa must be setup to use the rke user } } @@ -41,7 +42,7 @@ user => $user, owner => $user, group => $user, - require => Class[easy_ipa], # ipa must be setup to use the rke user + require => Class[ipa], # ipa must be setup to use the rke user } $rke_checksum = $version ? { diff --git a/site/profile/manifests/core/sssd.pp b/site/profile/manifests/core/sssd.pp index 551f4658cd..144443ae2a 100644 --- a/site/profile/manifests/core/sssd.pp +++ b/site/profile/manifests/core/sssd.pp @@ -2,9 +2,11 @@ # Common functionality needed by standard nodes. # class profile::core::sssd { - require easy_ipa + require ipa contain sssd + Class[ipa] -> Class[sssd] + if fact('os.family') == 'RedHat' { # disable sssd socket activation and services which should be started by # sssd @@ -28,7 +30,7 @@ service { $unit: ensure => stopped, enable => false, - require => Class['sssd'], + require => Class[sssd], } } } diff --git a/spec/classes/archive/commmon_spec.rb b/spec/classes/archive/commmon_spec.rb index 509c8980b6..58a45b5483 100644 --- a/spec/classes/archive/commmon_spec.rb +++ b/spec/classes/archive/commmon_spec.rb @@ -8,7 +8,7 @@ let(:facts) { facts } let(:pre_condition) do <<~PP - # easy_ipa has a hardwired dep on the sssd service + # change service unit name from sssd.service to sssd class { 'sssd': service_names => ['sssd'] } PP end diff --git a/spec/classes/core/common_spec.rb b/spec/classes/core/common_spec.rb index e8f673b582..ff13b1b67e 100644 --- a/spec/classes/core/common_spec.rb +++ b/spec/classes/core/common_spec.rb @@ -8,7 +8,7 @@ let(:facts) { facts } let(:pre_condition) do <<~PP - # easy_ipa has a hardwired dep on the sssd service + # change service unit name from sssd.service to sssd class { 'sssd': service_names => ['sssd'] } PP end diff --git a/spec/classes/core/ipa_pwd_reset_spec.rb b/spec/classes/core/ipa_pwd_reset_spec.rb index 358821a3ca..5467579a13 100644 --- a/spec/classes/core/ipa_pwd_reset_spec.rb +++ b/spec/classes/core/ipa_pwd_reset_spec.rb @@ -8,9 +8,6 @@ let(:facts) { facts } let(:pre_condition) do <<~PP - include easy_ipa - class { 'sssd': service_names => ['sssd'] } - service { 'httpd': } PP end diff --git a/spec/classes/core/ipa_spec.rb b/spec/classes/core/ipa_spec.rb index e71123e248..b9fc9e0a84 100644 --- a/spec/classes/core/ipa_spec.rb +++ b/spec/classes/core/ipa_spec.rb @@ -6,12 +6,6 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) { facts } - let(:pre_condition) do - <<~PP - include easy_ipa - class { 'sssd': service_names => ['sssd'] } - PP - end context 'with no params' do it { is_expected.to compile.with_all_deps } @@ -33,7 +27,7 @@ class { 'sssd': service_names => ['sssd'] } section: 'foo', setting: 'bar', value: 'baz', - ).that_requires('Class[easy_ipa]') + ).that_requires('Class[ipa]') end end end diff --git a/spec/classes/core/krb5_spec.rb b/spec/classes/core/krb5_spec.rb index 3100694eb1..256e7f7cae 100644 --- a/spec/classes/core/krb5_spec.rb +++ b/spec/classes/core/krb5_spec.rb @@ -6,12 +6,6 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) { facts } - let(:pre_condition) do - <<~PP - include easy_ipa - class { 'sssd': service_names => ['sssd'] } - PP - end context 'with no params' do it { is_expected.to compile.with_all_deps } diff --git a/spec/classes/core/rke_spec.rb b/spec/classes/core/rke_spec.rb index 69437659db..4ee96a663e 100644 --- a/spec/classes/core/rke_spec.rb +++ b/spec/classes/core/rke_spec.rb @@ -9,8 +9,6 @@ let(:pre_condition) do <<~PP include docker - include easy_ipa - class { 'sssd': service_names => ['sssd'] } PP end @@ -24,7 +22,7 @@ class { 'sssd': service_names => ['sssd'] } it do is_expected.not_to contain_profile__util__keytab('rke') - .that_requires('Class[easy_ipa]') + .that_requires('Class[ipa]') end it do diff --git a/spec/classes/core/sssd_spec.rb b/spec/classes/core/sssd_spec.rb index 8f77b29605..557747ff6b 100644 --- a/spec/classes/core/sssd_spec.rb +++ b/spec/classes/core/sssd_spec.rb @@ -8,7 +8,7 @@ let(:facts) { facts } let(:pre_condition) do <<~PP - # easy_ipa has a hardwired dep on the sssd service + # change service unit name from sssd.service to sssd class { 'sssd': service_names => ['sssd'] } PP end diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml index c97274c060..d706a68123 100644 --- a/spec/fixtures/hieradata/common.yaml +++ b/spec/fixtures/hieradata/common.yaml @@ -6,9 +6,9 @@ lookup_options: convert_to: "Sensitive" ccs_database::database: "comcamdbprod" ccs_database::password: "foo" -easy_ipa::admin_password: "foofoofoofoo" # ipa master only -easy_ipa::directory_services_password: "foofoofoofoo" # ipa master only -easy_ipa::domain_join_password: "foofoofoofoo" # 8 char min +ipa::admin_password: "foofoofoofoo" # ipa master only +ipa::directory_services_password: "foofoofoofoo" # ipa master only +ipa::domain_join_password: "foofoofoofoo" # 8 char min foreman_proxy::plugin::dns::route53::aws_access_key: "foo" foreman_proxy::plugin::dns::route53::aws_secret_key: "foo" profile::ccs::postfix::auth: "foo" diff --git a/spec/fixtures/hieradata/profile-only.yaml b/spec/fixtures/hieradata/profile-only.yaml index 869aaca399..1add905c63 100644 --- a/spec/fixtures/hieradata/profile-only.yaml +++ b/spec/fixtures/hieradata/profile-only.yaml @@ -4,10 +4,9 @@ # hiera hierarchy. However, due to recursive class inclusion by profile classes, # a number of modules are pulled in which have mandatory parameters which # would otherwise have to be declared in most spec files. -easy_ipa::domain: "example.org" -easy_ipa::ipa_role: "client" -easy_ipa::ipa_master_fqdn: "foo.example.org" -easy_ipa::install_sssd: false +ipa::domain: "example.org" +ipa::ipa_role: "client" +ipa::ipa_master_fqdn: "foo.example.org" letsencrypt::email: "foo@example.com" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 33c1c6f771..35bd5ab679 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -159,7 +159,7 @@ def node_files include_examples 'krb5.conf.d files', facts: facts include_examples 'sssd services' - it { is_expected.to contain_class('ssh').that_requires('Class[easy_ipa]') } + it { is_expected.to contain_class('ssh').that_requires('Class[ipa]') } it do # XXX dev is using ls ipa servers @@ -201,7 +201,7 @@ def node_files ], }, }, - ).that_requires('Class[easy_ipa]') + ).that_requires('Class[ipa]') end if facts[:os]['release']['major'] == '7' @@ -681,7 +681,7 @@ def node_files end it do - is_expected.to contain_vcsrepo('/home/rke/k8s-cookbook').that_requires('Class[easy_ipa]') + is_expected.to contain_vcsrepo('/home/rke/k8s-cookbook').that_requires('Class[ipa]') end end diff --git a/spec/support/spec/sssd.rb b/spec/support/spec/sssd.rb index 743af2296f..8443785b67 100644 --- a/spec/support/spec/sssd.rb +++ b/spec/support/spec/sssd.rb @@ -3,7 +3,7 @@ shared_examples 'sssd services' do it do is_expected.to contain_class('sssd').with_service_names(['sssd']) - .that_requires('Class[easy_ipa]') + .that_requires('Class[ipa]') end it do @@ -36,7 +36,7 @@ enable: false, ) .that_requires('Class[sssd]') - .that_requires('Class[easy_ipa]') + .that_requires('Class[ipa]') end end end