Initial import
This commit is contained in:
commit
3eef672af2
5
.fixtures.yml
Normal file
5
.fixtures.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
fixtures:
|
||||||
|
repositories:
|
||||||
|
"stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git"
|
||||||
|
symlinks:
|
||||||
|
"nslcd": "#{source_dir}"
|
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
/.bundle/
|
||||||
|
/vendor/
|
||||||
|
/pkg/
|
||||||
|
|
38
Gemfile
Normal file
38
Gemfile
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
source 'https://rubygems.org'
|
||||||
|
|
||||||
|
def location_for(place, fake_version = nil)
|
||||||
|
if place =~ /^(git[:@][^#]*)#(.*)/
|
||||||
|
[fake_version, { :git => $1, :branch => $2, :require => false }].compact
|
||||||
|
elsif place =~ /^file:\/\/(.*)/
|
||||||
|
['>= 0', { :path => File.expand_path($1), :require => false }]
|
||||||
|
else
|
||||||
|
[place, { :require => false }]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
group :development, :unit_tests do
|
||||||
|
gem 'rake', '~> 10.1.0', :require => false
|
||||||
|
gem 'rspec', '~> 3.1.0', :require => false
|
||||||
|
gem 'rspec-puppet', :require => false
|
||||||
|
gem 'puppetlabs_spec_helper', :require => false
|
||||||
|
gem 'puppet-lint', '< 1.1.0', :require => false
|
||||||
|
gem 'metadata-json-lint', :require => false
|
||||||
|
gem 'pry', :require => false
|
||||||
|
gem 'simplecov', :require => false
|
||||||
|
end
|
||||||
|
|
||||||
|
facterversion = ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION']
|
||||||
|
if facterversion
|
||||||
|
gem 'facter', *location_for(facterversion)
|
||||||
|
else
|
||||||
|
gem 'facter', :require => false
|
||||||
|
end
|
||||||
|
|
||||||
|
puppetversion = ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION']
|
||||||
|
if puppetversion
|
||||||
|
gem 'puppet', *location_for(puppetversion)
|
||||||
|
else
|
||||||
|
gem 'puppet', :require => false
|
||||||
|
end
|
||||||
|
|
||||||
|
# vim:ft=ruby
|
76
Gemfile.lock
Normal file
76
Gemfile.lock
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
GEM
|
||||||
|
remote: https://rubygems.org/
|
||||||
|
specs:
|
||||||
|
CFPropertyList (2.2.8)
|
||||||
|
coderay (1.1.0)
|
||||||
|
diff-lcs (1.2.5)
|
||||||
|
docile (1.1.5)
|
||||||
|
facter (2.4.3)
|
||||||
|
CFPropertyList (~> 2.2.6)
|
||||||
|
hiera (1.3.4)
|
||||||
|
json_pure
|
||||||
|
json (1.8.2)
|
||||||
|
json_pure (1.8.2)
|
||||||
|
metaclass (0.0.4)
|
||||||
|
metadata-json-lint (0.0.6)
|
||||||
|
json
|
||||||
|
spdx-licenses (~> 1.0)
|
||||||
|
method_source (0.8.2)
|
||||||
|
mocha (1.1.0)
|
||||||
|
metaclass (~> 0.0.1)
|
||||||
|
multi_json (1.11.0)
|
||||||
|
pry (0.10.1)
|
||||||
|
coderay (~> 1.1.0)
|
||||||
|
method_source (~> 0.8.1)
|
||||||
|
slop (~> 3.4)
|
||||||
|
puppet (3.7.5)
|
||||||
|
facter (> 1.6, < 3)
|
||||||
|
hiera (~> 1.0)
|
||||||
|
json_pure
|
||||||
|
puppet-lint (1.0.1)
|
||||||
|
puppet-syntax (2.0.0)
|
||||||
|
rake
|
||||||
|
puppetlabs_spec_helper (0.10.2)
|
||||||
|
mocha
|
||||||
|
puppet-lint
|
||||||
|
puppet-syntax
|
||||||
|
rake
|
||||||
|
rspec-puppet
|
||||||
|
rake (10.1.1)
|
||||||
|
rspec (3.1.0)
|
||||||
|
rspec-core (~> 3.1.0)
|
||||||
|
rspec-expectations (~> 3.1.0)
|
||||||
|
rspec-mocks (~> 3.1.0)
|
||||||
|
rspec-core (3.1.7)
|
||||||
|
rspec-support (~> 3.1.0)
|
||||||
|
rspec-expectations (3.1.2)
|
||||||
|
diff-lcs (>= 1.2.0, < 2.0)
|
||||||
|
rspec-support (~> 3.1.0)
|
||||||
|
rspec-mocks (3.1.3)
|
||||||
|
rspec-support (~> 3.1.0)
|
||||||
|
rspec-puppet (2.0.1)
|
||||||
|
rspec
|
||||||
|
rspec-support (3.1.2)
|
||||||
|
simplecov (0.9.2)
|
||||||
|
docile (~> 1.1.0)
|
||||||
|
multi_json (~> 1.0)
|
||||||
|
simplecov-html (~> 0.9.0)
|
||||||
|
simplecov-html (0.9.0)
|
||||||
|
slop (3.6.0)
|
||||||
|
spdx-licenses (1.0.0)
|
||||||
|
json
|
||||||
|
|
||||||
|
PLATFORMS
|
||||||
|
ruby
|
||||||
|
|
||||||
|
DEPENDENCIES
|
||||||
|
facter
|
||||||
|
metadata-json-lint
|
||||||
|
pry
|
||||||
|
puppet (< 4.0.0)
|
||||||
|
puppet-lint (< 1.1.0)
|
||||||
|
puppetlabs_spec_helper
|
||||||
|
rake (~> 10.1.0)
|
||||||
|
rspec (~> 3.1.0)
|
||||||
|
rspec-puppet
|
||||||
|
simplecov
|
58
README.md
Normal file
58
README.md
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
# nslcd
|
||||||
|
|
||||||
|
#### Table of Contents
|
||||||
|
|
||||||
|
1. [Overview](#overview)
|
||||||
|
2. [Module Description - What the module does and why it is useful](#module-description)
|
||||||
|
3. [Setup - The basics of getting started with nslcd](#setup)
|
||||||
|
* [What nslcd affects](#what-nslcd-affects)
|
||||||
|
4. [Usage - Configuration options and additional functionality](#usage)
|
||||||
|
5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
|
||||||
|
5. [Limitations - OS compatibility, etc.](#limitations)
|
||||||
|
6. [Development - Guide for contributing to the module](#development)
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This module installs and configured nslcd to get pam/nss data from ldap.
|
||||||
|
|
||||||
|
## Module Description
|
||||||
|
|
||||||
|
This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for
|
||||||
|
PAM and NSS.
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
### What nslcd affects
|
||||||
|
|
||||||
|
* `nslcd` package and service
|
||||||
|
* `/etc/nslcd.conf`
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Simply include/contain/required/declare the nslcd class.
|
||||||
|
It includes a few sane defaults, so it should work out of the box.
|
||||||
|
However, we recommend that you declare the class and override a few parameters:
|
||||||
|
|
||||||
|
```
|
||||||
|
class { 'nslcd':
|
||||||
|
ldap_uris => ['ldap://ldap.mycompany.com'],
|
||||||
|
ldap_ssl => 'on',
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Reference
|
||||||
|
|
||||||
|
*todo*
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
The module has been tested with Ubuntu 12.04 and 14.04, Debian 6 and 7, and Puppet 3.7.
|
||||||
|
It should work Puppet 3.x.
|
||||||
|
For additional OS support, you should contribute it back upstream!
|
||||||
|
|
||||||
|
The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes, but it can be easily added.
|
||||||
|
|
||||||
|
## Development
|
||||||
|
|
||||||
|
If you want to improve this module, send us a patch of pull request!
|
||||||
|
|
18
Rakefile
Normal file
18
Rakefile
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
require 'rubygems'
|
||||||
|
require 'puppetlabs_spec_helper/rake_tasks'
|
||||||
|
require 'puppet-lint/tasks/puppet-lint'
|
||||||
|
PuppetLint.configuration.send('disable_80chars')
|
||||||
|
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
|
||||||
|
|
||||||
|
desc "Validate manifests, templates, and ruby files"
|
||||||
|
task :validate do
|
||||||
|
Dir['manifests/**/*.pp'].each do |manifest|
|
||||||
|
sh "puppet parser validate --noop #{manifest}"
|
||||||
|
end
|
||||||
|
Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
|
||||||
|
sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
|
||||||
|
end
|
||||||
|
Dir['templates/**/*.erb'].each do |template|
|
||||||
|
sh "erb -P -x -T '-' #{template} | ruby -c"
|
||||||
|
end
|
||||||
|
end
|
15
manifests/config.pp
Normal file
15
manifests/config.pp
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# == Class: nslcd::config
|
||||||
|
#
|
||||||
|
# Manages the nslcd server configuration file
|
||||||
|
class nslcd::config inherits nslcd {
|
||||||
|
|
||||||
|
file { $nslcd::config:
|
||||||
|
ensure => file,
|
||||||
|
owner => $nslcd::config_user,
|
||||||
|
group => $nslcd::config_group,
|
||||||
|
mode => $nslcd::config_mode,
|
||||||
|
content => template('nslcd/nslcd.erb'),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
46
manifests/init.pp
Normal file
46
manifests/init.pp
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# == Class: nslcd
|
||||||
|
#
|
||||||
|
# This class manages the nslcd server and service.
|
||||||
|
class nslcd (
|
||||||
|
$package_ensure = $nslcd::params::package_ensure,
|
||||||
|
$package_name = $nslcd::params::package_name,
|
||||||
|
$service_ensure = $nslcd::params::service_ensure,
|
||||||
|
$service_enable = $nslcd::params::service_enable,
|
||||||
|
$service_name = $nslcd::params::service_name,
|
||||||
|
$uid = $nslcd::params::uid,
|
||||||
|
$gid = $nslcd::params::gid,
|
||||||
|
$config = $nslcd::params::config,
|
||||||
|
$config_user = $nslcd::params::config_user,
|
||||||
|
$config_group = $nslcd::params::config_group,
|
||||||
|
$config_mode = $nslcd::params::config_mode,
|
||||||
|
$ldap_uris = $nslcd::params::ldap_uris,
|
||||||
|
$ldap_version = $nslcd::params::ldap_version,
|
||||||
|
$ldap_binddn = $nslcd::params::ldap_binddn,
|
||||||
|
$ldap_bindpw = $nslcd::params::ldap_bindpw,
|
||||||
|
$ldap_search_base = $nslcd::params::ldap_search_base,
|
||||||
|
$ldap_search_scope = $nslcd::params::ldap_search_scope,
|
||||||
|
$ldap_filters = $nslcd::params::ldap_filters,
|
||||||
|
$ldap_ssl = $nslcd::params::ldap_ssl,
|
||||||
|
$ldap_tls_reqcert = $nslcd::params::ldap_tls_reqcert,
|
||||||
|
$ldap_tls_cacertfile = $nslcd::params::ldap_tls_cacertfile,
|
||||||
|
) inherits nslcd::params {
|
||||||
|
|
||||||
|
# Input validation
|
||||||
|
$valid_ldap_versions = [ '2', '3' ]
|
||||||
|
$valid_ldap_ssl = [ 'on', 'off', 'start_tls' ]
|
||||||
|
$valid_ldap_tls_reqcert = [ 'never', 'allow', 'try', 'demand', 'hard' ]
|
||||||
|
$valid_ldap_search_scope = [ 'sub', 'subtree', 'one', 'onelevel', 'base' ]
|
||||||
|
|
||||||
|
validate_re($ldap_version, $valid_ldap_versions)
|
||||||
|
validate_re($ldap_ssl, $valid_ldap_ssl)
|
||||||
|
validate_re($ldap_tls_reqcert, $valid_ldap_tls_reqcert)
|
||||||
|
validate_re($ldap_search_scope, $valid_ldap_search_scope)
|
||||||
|
|
||||||
|
anchor { 'nslcd::begin': } ->
|
||||||
|
class { 'nslcd::install': } ->
|
||||||
|
class { 'nslcd::config': } ~>
|
||||||
|
class { 'nslcd::service': } ->
|
||||||
|
anchor { 'nslcd::end': }
|
||||||
|
|
||||||
|
}
|
||||||
|
|
10
manifests/install.pp
Normal file
10
manifests/install.pp
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# == Class: nslcd::install
|
||||||
|
#
|
||||||
|
# Installs the nslcd package.
|
||||||
|
class nslcd::install inherits nslcd {
|
||||||
|
|
||||||
|
package { $nslcd::package_name:
|
||||||
|
ensure => $nslcd::package_ensure,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
42
manifests/params.pp
Normal file
42
manifests/params.pp
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
# == Class: nslcd::params
|
||||||
|
#
|
||||||
|
# Sets the default parameters for the nslcd class.
|
||||||
|
class nslcd::params {
|
||||||
|
|
||||||
|
$package_ensure = present
|
||||||
|
$service_ensure = running
|
||||||
|
$service_enable = true
|
||||||
|
|
||||||
|
$ldap_uris = ['ldap:///']
|
||||||
|
$ldap_version = '3'
|
||||||
|
$ldap_binddn = undef
|
||||||
|
$ldap_bindpw = undef
|
||||||
|
$ldap_search_base = ''
|
||||||
|
$ldap_search_scope = 'subtree'
|
||||||
|
$ldap_filters = {}
|
||||||
|
$ldap_ssl = 'off'
|
||||||
|
$ldap_tls_reqcert = 'allow'
|
||||||
|
$ldap_tls_cacertfile = undef
|
||||||
|
|
||||||
|
$default_config = '/etc/nslcd.conf'
|
||||||
|
$default_package_name = 'nslcd'
|
||||||
|
$default_service_name = 'nslcd'
|
||||||
|
|
||||||
|
case $::osfamily {
|
||||||
|
Debian: {
|
||||||
|
$config = $default_config
|
||||||
|
$package_name = $default_package_name
|
||||||
|
$service_name = $default_service_name
|
||||||
|
$uid = 'nslcd'
|
||||||
|
$gid = 'nslcd'
|
||||||
|
$config_user = 'root'
|
||||||
|
$config_group = 'nslcd'
|
||||||
|
$config_mode = '0640'
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail("The ${module_name} module is not supported on an ${::osfamily} based system.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
12
manifests/service.pp
Normal file
12
manifests/service.pp
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# == Class: nslcd::service
|
||||||
|
#
|
||||||
|
# Manages the nslcd service.
|
||||||
|
class nslcd::service inherits nslcd {
|
||||||
|
|
||||||
|
service { 'nslcd':
|
||||||
|
ensure => $nslcd::service_ensure,
|
||||||
|
enable => $nslcd::service_enable,
|
||||||
|
name => $nslcd::service_name,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
28
metadata.json
Normal file
28
metadata.json
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
"name": "OpenConceptConsulting-nslcd",
|
||||||
|
"version": "0.1.0",
|
||||||
|
"author": "OpenConceptConsulting",
|
||||||
|
"summary": "Installs and configures nslcd.",
|
||||||
|
"license": "Apache-2.0",
|
||||||
|
"source": "https://github.com/OpenConceptConsulting/puppet-nslcd",
|
||||||
|
"project_page": "https://github.com/OpenConceptConsulting/puppet-nslcd",
|
||||||
|
"issues_url": "https://github.com/OpenConceptConsulting/puppet-nslcd/issues",
|
||||||
|
"tags": ["nslcd","pam","nss","ldap"],
|
||||||
|
"operatingsystem_support": [
|
||||||
|
{
|
||||||
|
"operatingsystem": "Debian",
|
||||||
|
"operatingsystemrelease":[ "6.0", "7.0"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operatingsystem": "Ubuntu",
|
||||||
|
"operatingsystemrelease":[ "12.04", "14.04"]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"dependencies": [
|
||||||
|
{
|
||||||
|
"name": "puppetlabs-stdlib",
|
||||||
|
"version_range": ">= 4.0.0 < 5.0.0"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
29
spec/classes/init_spec.rb
Normal file
29
spec/classes/init_spec.rb
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'nslcd' do
|
||||||
|
|
||||||
|
{'Ubuntu' => 'Debian', 'Debian' => 'Debian'}.each do |system, family|
|
||||||
|
context "when on system #{system}" do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:osfamily => family,
|
||||||
|
:operatingsystem => system,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_class('nslcd') }
|
||||||
|
it { should contain_class('nslcd::install') }
|
||||||
|
it { should contain_class('nslcd::config') }
|
||||||
|
it { should contain_class('nslcd::service') }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_package('nslcd')
|
||||||
|
should contain_service('nslcd')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when on an unknown system' do
|
||||||
|
it { expect { should raise_error(Puppet::Error) } }
|
||||||
|
end
|
||||||
|
end
|
6
spec/spec.opts
Normal file
6
spec/spec.opts
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--format
|
||||||
|
s
|
||||||
|
--colour
|
||||||
|
--loadby
|
||||||
|
mtime
|
||||||
|
--backtrace
|
28
spec/spec_helper.rb
Normal file
28
spec/spec_helper.rb
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
require 'puppetlabs_spec_helper/module_spec_helper'
|
||||||
|
|
||||||
|
RSpec.configure do |c|
|
||||||
|
c.include PuppetlabsSpec::Files
|
||||||
|
|
||||||
|
c.before :each do
|
||||||
|
# Ensure that we don't accidentally cache facts and environment
|
||||||
|
# between test cases.
|
||||||
|
Facter::Util::Loader.any_instance.stubs(:load_all)
|
||||||
|
Facter.clear
|
||||||
|
Facter.clear_messages
|
||||||
|
|
||||||
|
# Store any environment variables away to be restored later
|
||||||
|
@old_env = {}
|
||||||
|
ENV.each_key {|k| @old_env[k] = ENV[k]}
|
||||||
|
|
||||||
|
if Gem::Version.new(`puppet --version`) >= Gem::Version.new('3.5')
|
||||||
|
Puppet.settings[:strict_variables]=true
|
||||||
|
end
|
||||||
|
if ENV['PARSER']
|
||||||
|
Puppet.settings[:parser]=ENV['PARSER']
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
c.after :each do
|
||||||
|
PuppetlabsSpec::Files.cleanup
|
||||||
|
end
|
||||||
|
end
|
40
templates/nslcd.erb
Normal file
40
templates/nslcd.erb
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# This file is being managed by puppet
|
||||||
|
# module: 'nslcd'
|
||||||
|
|
||||||
|
# The user and group nslcd should run as.
|
||||||
|
uid <%= @uid %>
|
||||||
|
gid <%= @gid %>
|
||||||
|
|
||||||
|
# The location at which the LDAP server(s) should be reachable.
|
||||||
|
<% @ldap_uris.each do |ldap_uri| -%>
|
||||||
|
uri <%= ldap_uri %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
# The LDAP protocol version to use.
|
||||||
|
ldap_version <%= @ldap_version %>
|
||||||
|
|
||||||
|
# The search base that will be used for all queries.
|
||||||
|
base <%= @ldap_search_base %>
|
||||||
|
|
||||||
|
<% if @ldap_binddn and @ldap_bindpw -%>
|
||||||
|
# The DN to bind with for normal lookups.
|
||||||
|
binddn <%= @ldap_binddn %>
|
||||||
|
bindpw <%= @ldap_bindpw %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
# SSL options
|
||||||
|
ssl <%= @ldap_ssl %>
|
||||||
|
tls_reqcert <%= @ldap_tls_reqcert %>
|
||||||
|
<% if @ldap_tls_cacertfile -%>
|
||||||
|
tls_cacertfile <%= @ldap_tls_cacertfile %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
# The search scope.
|
||||||
|
scope <%= @ldap_search_scope %>
|
||||||
|
|
||||||
|
<% if @ldap_filters.length > 0 -%>
|
||||||
|
# Custom search filters
|
||||||
|
<% @ldap_filters.each do |map, filter| -%>
|
||||||
|
filter <%= map %> <%= filter %>
|
||||||
|
<% end -%>
|
||||||
|
<% end -%>
|
12
tests/init.pp
Normal file
12
tests/init.pp
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# The baseline for module testing used by Puppet Labs is that each manifest
|
||||||
|
# should have a corresponding test manifest that declares that class or defined
|
||||||
|
# type.
|
||||||
|
#
|
||||||
|
# Tests are then run by using puppet apply --noop (to check for compilation
|
||||||
|
# errors and view a log of events) or by fully applying the test in a virtual
|
||||||
|
# environment (to compare the resulting system state to the desired state).
|
||||||
|
#
|
||||||
|
# Learn more about module testing here:
|
||||||
|
# http://docs.puppetlabs.com/guides/tests_smoke.html
|
||||||
|
#
|
||||||
|
include nslcd
|
Loading…
Reference in New Issue
Block a user