From 3eef672af2cf716c1fc616ef35c60543ab3c05ae Mon Sep 17 00:00:00 2001 From: t0xicCode Date: Thu, 16 Apr 2015 18:04:30 -0400 Subject: [PATCH] Initial import --- .fixtures.yml | 5 +++ .gitignore | 4 +++ Gemfile | 38 ++++++++++++++++++++ Gemfile.lock | 76 +++++++++++++++++++++++++++++++++++++++ README.md | 58 ++++++++++++++++++++++++++++++ Rakefile | 18 ++++++++++ manifests/config.pp | 15 ++++++++ manifests/init.pp | 46 ++++++++++++++++++++++++ manifests/install.pp | 10 ++++++ manifests/params.pp | 42 ++++++++++++++++++++++ manifests/service.pp | 12 +++++++ metadata.json | 28 +++++++++++++++ spec/classes/init_spec.rb | 29 +++++++++++++++ spec/spec.opts | 6 ++++ spec/spec_helper.rb | 28 +++++++++++++++ templates/nslcd.erb | 40 +++++++++++++++++++++ tests/init.pp | 12 +++++++ 17 files changed, 467 insertions(+) create mode 100644 .fixtures.yml create mode 100644 .gitignore create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 README.md create mode 100644 Rakefile create mode 100644 manifests/config.pp create mode 100644 manifests/init.pp create mode 100644 manifests/install.pp create mode 100644 manifests/params.pp create mode 100644 manifests/service.pp create mode 100644 metadata.json create mode 100644 spec/classes/init_spec.rb create mode 100644 spec/spec.opts create mode 100644 spec/spec_helper.rb create mode 100644 templates/nslcd.erb create mode 100644 tests/init.pp diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..f381620 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,5 @@ +fixtures: + repositories: + "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" + symlinks: + "nslcd": "#{source_dir}" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..595bf57 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/.bundle/ +/vendor/ +/pkg/ + diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..d8cd28e --- /dev/null +++ b/Gemfile @@ -0,0 +1,38 @@ +source 'https://rubygems.org' + +def location_for(place, fake_version = nil) + if place =~ /^(git[:@][^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + +group :development, :unit_tests do + gem 'rake', '~> 10.1.0', :require => false + gem 'rspec', '~> 3.1.0', :require => false + gem 'rspec-puppet', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'puppet-lint', '< 1.1.0', :require => false + gem 'metadata-json-lint', :require => false + gem 'pry', :require => false + gem 'simplecov', :require => false +end + +facterversion = ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] +if facterversion + gem 'facter', *location_for(facterversion) +else + gem 'facter', :require => false +end + +puppetversion = ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] +if puppetversion + gem 'puppet', *location_for(puppetversion) +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..94df663 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,76 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (2.2.8) + coderay (1.1.0) + diff-lcs (1.2.5) + docile (1.1.5) + facter (2.4.3) + CFPropertyList (~> 2.2.6) + hiera (1.3.4) + json_pure + json (1.8.2) + json_pure (1.8.2) + metaclass (0.0.4) + metadata-json-lint (0.0.6) + json + spdx-licenses (~> 1.0) + method_source (0.8.2) + mocha (1.1.0) + metaclass (~> 0.0.1) + multi_json (1.11.0) + pry (0.10.1) + coderay (~> 1.1.0) + method_source (~> 0.8.1) + slop (~> 3.4) + puppet (3.7.5) + facter (> 1.6, < 3) + hiera (~> 1.0) + json_pure + puppet-lint (1.0.1) + puppet-syntax (2.0.0) + rake + puppetlabs_spec_helper (0.10.2) + mocha + puppet-lint + puppet-syntax + rake + rspec-puppet + rake (10.1.1) + rspec (3.1.0) + rspec-core (~> 3.1.0) + rspec-expectations (~> 3.1.0) + rspec-mocks (~> 3.1.0) + rspec-core (3.1.7) + rspec-support (~> 3.1.0) + rspec-expectations (3.1.2) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.1.0) + rspec-mocks (3.1.3) + rspec-support (~> 3.1.0) + rspec-puppet (2.0.1) + rspec + rspec-support (3.1.2) + simplecov (0.9.2) + docile (~> 1.1.0) + multi_json (~> 1.0) + simplecov-html (~> 0.9.0) + simplecov-html (0.9.0) + slop (3.6.0) + spdx-licenses (1.0.0) + json + +PLATFORMS + ruby + +DEPENDENCIES + facter + metadata-json-lint + pry + puppet (< 4.0.0) + puppet-lint (< 1.1.0) + puppetlabs_spec_helper + rake (~> 10.1.0) + rspec (~> 3.1.0) + rspec-puppet + simplecov diff --git a/README.md b/README.md new file mode 100644 index 0000000..a35288c --- /dev/null +++ b/README.md @@ -0,0 +1,58 @@ +# nslcd + +#### Table of Contents + +1. [Overview](#overview) +2. [Module Description - What the module does and why it is useful](#module-description) +3. [Setup - The basics of getting started with nslcd](#setup) + * [What nslcd affects](#what-nslcd-affects) +4. [Usage - Configuration options and additional functionality](#usage) +5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +5. [Limitations - OS compatibility, etc.](#limitations) +6. [Development - Guide for contributing to the module](#development) + +## Overview + +This module installs and configured nslcd to get pam/nss data from ldap. + +## Module Description + +This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for +PAM and NSS. + +## Setup + +### What nslcd affects + +* `nslcd` package and service +* `/etc/nslcd.conf` + +## Usage + +Simply include/contain/required/declare the nslcd class. +It includes a few sane defaults, so it should work out of the box. +However, we recommend that you declare the class and override a few parameters: + +``` +class { 'nslcd': + ldap_uris => ['ldap://ldap.mycompany.com'], + ldap_ssl => 'on', +} +``` + +## Reference + +*todo* + +## Limitations + +The module has been tested with Ubuntu 12.04 and 14.04, Debian 6 and 7, and Puppet 3.7. +It should work Puppet 3.x. +For additional OS support, you should contribute it back upstream! + +The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes, but it can be easily added. + +## Development + +If you want to improve this module, send us a patch of pull request! + diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..d1e11f7 --- /dev/null +++ b/Rakefile @@ -0,0 +1,18 @@ +require 'rubygems' +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 0000000..311043a --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,15 @@ +# == Class: nslcd::config +# +# Manages the nslcd server configuration file +class nslcd::config inherits nslcd { + + file { $nslcd::config: + ensure => file, + owner => $nslcd::config_user, + group => $nslcd::config_group, + mode => $nslcd::config_mode, + content => template('nslcd/nslcd.erb'), + } + +} + diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..6aa8af6 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,46 @@ +# == Class: nslcd +# +# This class manages the nslcd server and service. +class nslcd ( + $package_ensure = $nslcd::params::package_ensure, + $package_name = $nslcd::params::package_name, + $service_ensure = $nslcd::params::service_ensure, + $service_enable = $nslcd::params::service_enable, + $service_name = $nslcd::params::service_name, + $uid = $nslcd::params::uid, + $gid = $nslcd::params::gid, + $config = $nslcd::params::config, + $config_user = $nslcd::params::config_user, + $config_group = $nslcd::params::config_group, + $config_mode = $nslcd::params::config_mode, + $ldap_uris = $nslcd::params::ldap_uris, + $ldap_version = $nslcd::params::ldap_version, + $ldap_binddn = $nslcd::params::ldap_binddn, + $ldap_bindpw = $nslcd::params::ldap_bindpw, + $ldap_search_base = $nslcd::params::ldap_search_base, + $ldap_search_scope = $nslcd::params::ldap_search_scope, + $ldap_filters = $nslcd::params::ldap_filters, + $ldap_ssl = $nslcd::params::ldap_ssl, + $ldap_tls_reqcert = $nslcd::params::ldap_tls_reqcert, + $ldap_tls_cacertfile = $nslcd::params::ldap_tls_cacertfile, +) inherits nslcd::params { + + # Input validation + $valid_ldap_versions = [ '2', '3' ] + $valid_ldap_ssl = [ 'on', 'off', 'start_tls' ] + $valid_ldap_tls_reqcert = [ 'never', 'allow', 'try', 'demand', 'hard' ] + $valid_ldap_search_scope = [ 'sub', 'subtree', 'one', 'onelevel', 'base' ] + + validate_re($ldap_version, $valid_ldap_versions) + validate_re($ldap_ssl, $valid_ldap_ssl) + validate_re($ldap_tls_reqcert, $valid_ldap_tls_reqcert) + validate_re($ldap_search_scope, $valid_ldap_search_scope) + + anchor { 'nslcd::begin': } -> + class { 'nslcd::install': } -> + class { 'nslcd::config': } ~> + class { 'nslcd::service': } -> + anchor { 'nslcd::end': } + +} + diff --git a/manifests/install.pp b/manifests/install.pp new file mode 100644 index 0000000..c32f33d --- /dev/null +++ b/manifests/install.pp @@ -0,0 +1,10 @@ +# == Class: nslcd::install +# +# Installs the nslcd package. +class nslcd::install inherits nslcd { + + package { $nslcd::package_name: + ensure => $nslcd::package_ensure, + } + +} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..e2ecce5 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,42 @@ +# == Class: nslcd::params +# +# Sets the default parameters for the nslcd class. +class nslcd::params { + + $package_ensure = present + $service_ensure = running + $service_enable = true + + $ldap_uris = ['ldap:///'] + $ldap_version = '3' + $ldap_binddn = undef + $ldap_bindpw = undef + $ldap_search_base = '' + $ldap_search_scope = 'subtree' + $ldap_filters = {} + $ldap_ssl = 'off' + $ldap_tls_reqcert = 'allow' + $ldap_tls_cacertfile = undef + + $default_config = '/etc/nslcd.conf' + $default_package_name = 'nslcd' + $default_service_name = 'nslcd' + + case $::osfamily { + Debian: { + $config = $default_config + $package_name = $default_package_name + $service_name = $default_service_name + $uid = 'nslcd' + $gid = 'nslcd' + $config_user = 'root' + $config_group = 'nslcd' + $config_mode = '0640' + } + default: { + fail("The ${module_name} module is not supported on an ${::osfamily} based system.") + } + } + +} + diff --git a/manifests/service.pp b/manifests/service.pp new file mode 100644 index 0000000..299ba95 --- /dev/null +++ b/manifests/service.pp @@ -0,0 +1,12 @@ +# == Class: nslcd::service +# +# Manages the nslcd service. +class nslcd::service inherits nslcd { + + service { 'nslcd': + ensure => $nslcd::service_ensure, + enable => $nslcd::service_enable, + name => $nslcd::service_name, + } + +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..b6e78f4 --- /dev/null +++ b/metadata.json @@ -0,0 +1,28 @@ +{ + "name": "OpenConceptConsulting-nslcd", + "version": "0.1.0", + "author": "OpenConceptConsulting", + "summary": "Installs and configures nslcd.", + "license": "Apache-2.0", + "source": "https://github.com/OpenConceptConsulting/puppet-nslcd", + "project_page": "https://github.com/OpenConceptConsulting/puppet-nslcd", + "issues_url": "https://github.com/OpenConceptConsulting/puppet-nslcd/issues", + "tags": ["nslcd","pam","nss","ldap"], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease":[ "6.0", "7.0"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease":[ "12.04", "14.04"] + } + ], + "dependencies": [ + { + "name": "puppetlabs-stdlib", + "version_range": ">= 4.0.0 < 5.0.0" + } + ] +} + diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 0000000..bf42e92 --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' + +describe 'nslcd' do + + {'Ubuntu' => 'Debian', 'Debian' => 'Debian'}.each do |system, family| + context "when on system #{system}" do + let :facts do + { + :osfamily => family, + :operatingsystem => system, + } + end + + it { should contain_class('nslcd') } + it { should contain_class('nslcd::install') } + it { should contain_class('nslcd::config') } + it { should contain_class('nslcd::service') } + + it { + should contain_package('nslcd') + should contain_service('nslcd') + } + end + end + + context 'when on an unknown system' do + it { expect { should raise_error(Puppet::Error) } } + end +end diff --git a/spec/spec.opts b/spec/spec.opts new file mode 100644 index 0000000..91cd642 --- /dev/null +++ b/spec/spec.opts @@ -0,0 +1,6 @@ +--format +s +--colour +--loadby +mtime +--backtrace diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..270d2ac --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,28 @@ +require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.include PuppetlabsSpec::Files + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if Gem::Version.new(`puppet --version`) >= Gem::Version.new('3.5') + Puppet.settings[:strict_variables]=true + end + if ENV['PARSER'] + Puppet.settings[:parser]=ENV['PARSER'] + end + end + + c.after :each do + PuppetlabsSpec::Files.cleanup + end +end diff --git a/templates/nslcd.erb b/templates/nslcd.erb new file mode 100644 index 0000000..f6fcdf1 --- /dev/null +++ b/templates/nslcd.erb @@ -0,0 +1,40 @@ +# This file is being managed by puppet +# module: 'nslcd' + +# The user and group nslcd should run as. +uid <%= @uid %> +gid <%= @gid %> + +# The location at which the LDAP server(s) should be reachable. +<% @ldap_uris.each do |ldap_uri| -%> +uri <%= ldap_uri %> +<% end -%> + +# The LDAP protocol version to use. +ldap_version <%= @ldap_version %> + +# The search base that will be used for all queries. +base <%= @ldap_search_base %> + +<% if @ldap_binddn and @ldap_bindpw -%> +# The DN to bind with for normal lookups. +binddn <%= @ldap_binddn %> +bindpw <%= @ldap_bindpw %> +<% end -%> + +# SSL options +ssl <%= @ldap_ssl %> +tls_reqcert <%= @ldap_tls_reqcert %> +<% if @ldap_tls_cacertfile -%> +tls_cacertfile <%= @ldap_tls_cacertfile %> +<% end -%> + +# The search scope. +scope <%= @ldap_search_scope %> + +<% if @ldap_filters.length > 0 -%> +# Custom search filters +<% @ldap_filters.each do |map, filter| -%> +filter <%= map %> <%= filter %> +<% end -%> +<% end -%> diff --git a/tests/init.pp b/tests/init.pp new file mode 100644 index 0000000..fc96ede --- /dev/null +++ b/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include nslcd