class HttpdConfigmapGenerator::Ipa
Constants
- AUTH
- IPA_GETKEYTAB
- IPA_INSTALL_COMMAND
Public Instance Methods
configure(opts)
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 55 def configure(opts) opts[:host] = get_canonical_hostname(opts[:host]) update_hostname(opts[:host]) command_run!(IPA_INSTALL_COMMAND, :params => [ "-N", :force_join, :fixed_primary, :unattended, { :realm= => realm, :domain= => domain, :server= => opts[:ipa_server], :principal= => opts[:ipa_principal], :password= => opts[:ipa_password] } ]) configure_ipa_http_service configure_pam configure_sssd enable_kerberos_dns_lookups config_map = ConfigMap.new(opts) config_map.generate(AUTH[:type], realm, persistent_files) config_map.save(opts[:output]) rescue => err log_command_error(err) raise err end
configured?()
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 80 def configured? File.exist?(SSSD_CONFIG) end
domain()
click to toggle source
Calls superclass method
HttpdConfigmapGenerator::Base::Network#domain
# File lib/httpd_configmap_generator/ipa.rb, line 96 def domain @domain ||= opts[:ipa_domain] if opts[:ipa_domain].present? @domain ||= domain_from_host(opts[:ipa_server]) if opts[:ipa_server].present? @domain ||= super @domain end
optional_options()
click to toggle source
Calls superclass method
HttpdConfigmapGenerator::Base#optional_options
# File lib/httpd_configmap_generator/ipa.rb, line 21 def optional_options super.merge( :ipa_principal => { :description => "IPA Server Principal", :default => "admin" }, :ipa_domain => { :description => "Domain of IPA Server" }, :ipa_realm => { :description => "Realm of IPA Server" } ) end
persistent_files()
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 29 def persistent_files %w( /etc/http.keytab /etc/ipa/ca.crt /etc/ipa/default.conf /etc/ipa/nssdb/cert8.db /etc/ipa/nssdb/key3.db /etc/ipa/nssdb/pwdfile.txt /etc/ipa/nssdb/secmod.db /etc/krb5.conf /etc/krb5.keytab /etc/nsswitch.conf /etc/openldap/ldap.conf /etc/pam.d/fingerprint-auth-ac /etc/pam.d/httpd-auth /etc/pam.d/password-auth-ac /etc/pam.d/postlogin-ac /etc/pam.d/smartcard-auth-ac /etc/pam.d/system-auth-ac /etc/pki/ca-trust/source/ipa.p11-kit /etc/sssd/sssd.conf /etc/sysconfig/authconfig /etc/sysconfig/network ) end
realm()
click to toggle source
Calls superclass method
HttpdConfigmapGenerator::Base::Network#realm
# File lib/httpd_configmap_generator/ipa.rb, line 89 def realm @realm ||= opts[:ipa_realm] if opts[:ipa_realm].present? @realm ||= domain @realm ||= super @realm = @realm.upcase end
required_options()
click to toggle source
Calls superclass method
HttpdConfigmapGenerator::Base#required_options
# File lib/httpd_configmap_generator/ipa.rb, line 12 def required_options super.merge( :host => { :description => "Application Domain", :short => "-h" }, :ipa_server => { :description => "IPA Server FQDN" }, :ipa_password => { :description => "IPA Server Password" } ) end
unconfigure()
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 84 def unconfigure return unless configured? command_run(IPA_INSTALL_COMMAND, :params => [:uninstall, :unattended]) end
Private Instance Methods
configure_ipa_http_service()
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 116 def configure_ipa_http_service info_msg("Configuring IPA HTTP Service") command_run!("/usr/bin/kinit", :params => [opts[:ipa_principal]], :stdin_data => opts[:ipa_password]) service = Principal.new(:hostname => opts[:host], :realm => realm, :service => "HTTP") service.register debug_msg("- Fetching #{HTTP_KEYTAB}") command_run!(IPA_GETKEYTAB, :params => {"-s" => opts[:ipa_server], "-k" => HTTP_KEYTAB, "-p" => service.name}) FileUtils.chown(APACHE_USER, nil, HTTP_KEYTAB) FileUtils.chmod(0o600, HTTP_KEYTAB) end
configure_sssd()
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 105 def configure_sssd info_msg("Configuring SSSD Service") sssd = Sssd.new(opts) sssd.load(SSSD_CONFIG) sssd.configure_domain(domain) sssd.add_service("pam") sssd.configure_ifp debug_msg("- Creating #{SSSD_CONFIG}") sssd.save(SSSD_CONFIG) end
get_canonical_hostname(hostname)
click to toggle source
# File lib/httpd_configmap_generator/ipa.rb, line 127 def get_canonical_hostname(hostname) Socket.gethostbyname(hostname)[0] rescue SocketError hostname end