walkamongus · walkamongus · Jun 25, 2017 · Jun 25, 2017 · Jun 25, 2017 · Jun 25, 2017
diff --git a/.travis.yml b/.travis.yml
@@ -10,7 +10,7 @@ rvm:
   - 2.3.0
 script: bundle exec rake test
 env:
-  - PUPPET_GEM_VERSION="~> 4.0.0" STRICT_VARIABLES=yes
+  - PUPPET_GEM_VERSION="~> 4.5.0" STRICT_VARIABLES=yes
   - PUPPET_GEM_VERSION="~> 4.6.0" STRICT_VARIABLES=yes
   - PUPPET_GEM_VERSION="~> 4.7.0" STRICT_VARIABLES=yes
   - PUPPET_GEM_VERSION="~> 4.8.0" STRICT_VARIABLES=yes

diff --git a/CHANGELOG b/CHANGELOG
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,25 @@
+## Note: Releases 1.x and 2.x
+* v1.0.0 release is the last release to be Puppet 3 compatible
+* v2.0+ releases support Puppet 4.x and above
+
+## Release 2.0.0
+* Convert parameter to use data in module
+* Enforce parameter datatypes
+* Always run keytab adoption and realm join command if a domain join test fails
+
+## Release 1.0.0
+* Remove the mkhomedir packages parameter in favor of a more generic required
+packages parameter
+* Add Debian support to metadata
+
+## Release 0.1.3
+* Add more robust check of domain membership and attempt to join domain if check fails
+
+## Release 0.1.2
+* Force rebuilding of SSSD config cache on each configuration change
+
+## Release 0.1.1
+* null release
+
+## Release 0.1.0
+* initial release
diff --git a/Gemfile b/Gemfile
@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 group :test do
   gem "rake"
-  gem "puppet", ENV['PUPPET_GEM_VERSION'] || '~> 4.0'
+  gem "puppet", ENV['PUPPET_GEM_VERSION'] || '~> 4.5'
   gem "rspec", '~> 3.4.0'
   gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git'
   gem "puppetlabs_spec_helper", '~> 2.1'

diff --git a/data/Debian.yaml b/data/Debian.yaml
@@ -0,0 +1,17 @@
+---
+realmd::krb_client_package_name: krb5-user
+realmd::required_packages:
+  sssd-tools:
+    ensure: present
+  sssd:
+    ensure: present
+  libpam-modules:
+    ensure: present
+  libnss-sss:
+    ensure: present
+  libpam-sss:
+    ensure: present
+  adcli:
+    ensure: present
+  samba-common-bin:
+    ensure: present
diff --git a/data/RedHat.yaml b/data/RedHat.yaml
@@ -0,0 +1,13 @@
+---
+realmd::krb_client_package_name: krb5-workstation
+realmd::required_packages:
+  sssd:
+    ensure: present
+  oddjob:
+    ensure: present
+  oddjob-mkhomedir:
+    ensure: present
+  adcli:
+    ensure: present
+  samba-common-tools:
+    ensure: present
diff --git a/data/common.yaml b/data/common.yaml
@@ -0,0 +1,30 @@
+---
+realmd::realmd_package_name: realmd
+realmd::realmd_package_ensure: present
+realmd::realmd_config_file: /etc/realmd.conf
+realmd::realmd_config: {}
+realmd::adcli_package_name: adcli
+realmd::adcli_package_ensure: present
+realmd::sssd_package_name: sssd
+realmd::sssd_package_ensure: present
+realmd::sssd_service_name: sssd
+realmd::sssd_service_ensure: running
+realmd::sssd_config_file: /etc/sssd/sssd.conf
+realmd::sssd_config: {}
+realmd::sssd_config_cache_file: /var/lib/sss/db/config.ldb
+realmd::manage_sssd_config: false
+realmd::domain: "%{::domain}"
+realmd::domain_join_user: ~
+realmd::domain_join_password: ~
+realmd::krb_ticket_join: false
+realmd::krb_keytab: ~
+realmd::krb_config_file: /etc/krb5.conf
+realmd::manage_krb_config: true
+realmd::krb_client_package_ensure: present
+realmd::krb_config:
+  logging:
+    default: FILE:/var/log/krb5libs.log
+  libdefaults:
+    dns_lookup_realm: true
+    dns_lookup_kdc: true
+    kdc_timesync: 0
diff --git a/hiera.yaml b/hiera.yaml
@@ -0,0 +1,10 @@
+---
+version: 4
+datadir: data
+hierarchy:
+  - name: "Operating System Family"
+    backend: yaml
+    path: "%{facts.os.family}"
+
+  - name: "common"
+    backend: yaml
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -11,27 +11,32 @@
 #   e.g. "Specify one or more upstream ntp servers as an array."
 #
 class realmd (
-  $realmd_package_name     = $::realmd::params::realmd_package_name,
-  $realmd_config_file      = $::realmd::params::realmd_config_file,
-  $realmd_config           = $::realmd::params::realmd_config,
-  $adcli_package_name      = $::realmd::params::adcli_package_name,
-  $krb_client_package_name = $::realmd::params::krb_client_package_name,
-  $sssd_package_name       = $::realmd::params::sssd_package_name,
-  $sssd_service_name       = $::realmd::params::sssd_service_name,
-  $sssd_config_file        = $::realmd::params::sssd_config_file,
-  $sssd_config_cache_file  = $::realmd::params::sssd_config_cache_file,
-  $sssd_config             = $::realmd::params::sssd_config,
-  $manage_sssd_config      = $::realmd::params::manage_sssd_config,
-  $domain                  = $::realmd::params::domain,
-  $domain_join_user        = $::realmd::params::domain_join_user,
-  $domain_join_password    = $::realmd::params::domain_join_password,
-  $krb_ticket_join         = $::realmd::params::krb_ticket_join,
-  $krb_keytab              = $::realmd::params::krb_keytab,
-  $krb_config_file         = $::realmd::params::krb_config_file,
-  $krb_config              = $::realmd::params::krb_config,
-  $manage_krb_config       = $::realmd::params::manage_krb_config,
-  $required_packages       = $::realmd::params::required_packages,
-) inherits ::realmd::params {
+  String $realmd_package_name,
+  String $realmd_package_ensure,
+  Stdlib::Absolutepath $realmd_config_file,
+  Hash $realmd_config,
+  String $adcli_package_name,
+  String $adcli_package_ensure,
+  String $krb_client_package_name,
+  String $krb_client_package_ensure,
+  String $sssd_package_name,
+  String $sssd_package_ensure,
+  String $sssd_service_name,
+  String $sssd_service_ensure,
+  Stdlib::Absolutepath $sssd_config_file,
+  Stdlib::Absolutepath $sssd_config_cache_file,
+  Hash $sssd_config,
+  Boolean $manage_sssd_config,
+  String $domain,
+  Variant[String, Undef] $domain_join_user,
+  Variant[String, Undef] $domain_join_password,
+  Boolean $krb_ticket_join,
+  Variant[Stdlib::Absolutepath, Undef] $krb_keytab,
+  Stdlib::Absolutepath $krb_config_file,
+  Hash $krb_config,
+  Boolean $manage_krb_config,
+  Hash $required_packages,
+) {
 
   if $krb_ticket_join == false {
     if ($domain_join_user and !$domain_join_password) {
@@ -50,38 +55,6 @@
     fail('The krb_config parameter cannot be an empty hash when managing the Kerberos client configuration')
   }
 
-  validate_string(
-    $realmd_package_name,
-    $adcli_package_name,
-    $krb_client_package_name,
-    $sssd_package_name,
-    $sssd_service_name,
-    $domain,
-    $domain_join_user,
-    $domain_join_password,
-  )
-
-  validate_absolute_path(
-    $realmd_config_file,
-    $sssd_config_file,
-    $krb_config_file,
-  )
-
-  validate_hash(
-    $realmd_config,
-    $sssd_config,
-    $krb_config,
-    $required_packages,
-  )
-
-  validate_bool(
-    $manage_sssd_config,
-    $krb_ticket_join,
-    $manage_krb_config,
-  )
-
-  if $krb_keytab { validate_absolute_path($krb_keytab) }
-
   class { '::realmd::install': }
   -> class { '::realmd::config': }
   ~> class { '::realmd::join': }

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -4,17 +4,20 @@
 #
 class realmd::install {
 
-  $_package_list = [
-    $::realmd::realmd_package_name,
-    $::realmd::adcli_package_name,
-    $::realmd::krb_client_package_name,
-    $::realmd::sssd_package_name,
-  ]
+  package { $::realmd::realmd_package_name:
+    ensure => $::realmd::realmd_package_ensure,
+  }
+
+  package { $::realmd::adcli_package_name:
+    ensure => $::realmd::adcli_package_ensure,
+  }
 
-  $_packages = flatten($_package_list)
+  package { $::realmd::krb_client_package_name:
+    ensure => $::realmd::krb_client_package_ensure,
+  }
 
-  package { $_packages:
-    ensure => present,
+  package { $::realmd::sssd_package_name:
+    ensure => $::realmd::sssd_package_ensure,
   }
 
   ensure_packages($::realmd::required_packages)

diff --git a/manifests/join/keytab.pp b/manifests/join/keytab.pp
@@ -12,12 +12,14 @@
   $_krb_config        = $::realmd::krb_config
   $_manage_krb_config = $::realmd::manage_krb_config
 
+  $_krb_config_final = deep_merge({'libdefaults' => {'default_realm' => upcase($::domain)}}, $_krb_config)
+
   file { 'krb_keytab':
     path   => $_krb_keytab,
     owner  => 'root',
     group  => 'root',
     mode   => '0400',
-    notify => Exec['run_kinit_with_keytab'],
+    before => Exec['run_kinit_with_keytab'],
   }
 
   if $_manage_krb_config {
@@ -28,21 +30,21 @@
       group   => 'root',
       mode    => '0644',
       content => template('realmd/krb5.conf.erb'),
-      notify  => Exec['run_kinit_with_keytab'],
+      before  => Exec['run_kinit_with_keytab'],
     }
   }
 
   exec { 'run_kinit_with_keytab':
-    path        => '/usr/bin:/usr/sbin:/bin',
-    command     => "kinit -kt ${_krb_keytab} ${_domain_join_user}",
-    refreshonly => true,
-    before      => Exec['realm_join_with_keytab'],
+    path    => '/usr/bin:/usr/sbin:/bin',
+    command => "kinit -kt ${_krb_keytab} ${_domain_join_user}",
+    unless  => 'kinit -k host/$(hostname -f)',
+    before  => Exec['realm_join_with_keytab'],
   }
 
   exec { 'realm_join_with_keytab':
     path    => '/usr/bin:/usr/sbin:/bin',
     command => "realm join ${_domain}",
-    unless  => "klist -k /etc/krb5.keytab | grep -i '${::hostname[0,15]}@${_domain}'",
+    unless  => 'kinit -k host/$(hostname -f)',
     require => Exec['run_kinit_with_keytab'],
   }
 

diff --git a/metadata.json b/metadata.json
@@ -1,8 +1,9 @@
 {
   "name": "walkamongus-realmd",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "author": "Chadwick Banning",
   "summary": "Puppet module to install and configure Realmd",
+  "data_provider": "hiera",
   "license": "Apache-2.0",
   "source": "https://github.com/walkamongus/realmd",
   "project_page": "https://github.com/walkamongus/realmd",
@@ -31,7 +32,7 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 3.4.0 < 5.0.0"
+      "version_requirement": ">= 4.0.0 < 5.0.0"
     }
   ]
 }
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -14,7 +14,6 @@
           it { is_expected.to compile.with_all_deps }
 
           it { is_expected.to contain_class('realmd') }
-          it { is_expected.to contain_class('realmd::params') }
           it { is_expected.to contain_class('realmd::install').that_comes_before('Class[realmd::config]') }
           it { is_expected.to contain_class('realmd::config') }
           it { is_expected.to contain_class('realmd::join').that_subscribes_to('Class[realmd::config]') }
@@ -26,15 +25,9 @@
   end
 
   context 'unsupported operating system' do
-    describe 'realmd class without any parameters on Solaris/Nexenta' do
-      let(:facts) do
-        {
-          :osfamily        => 'Solaris',
-          :operatingsystem => 'Nexenta',
-        }
-      end
-
-      it { expect { is_expected.to contain_package('realmd') }.to raise_error(Puppet::Error, /Nexenta not supported/) }
+    describe 'sssd class without any parameters on Solaris/Nexenta' do
+      let(:facts) {{:osfamily => 'Solaris', :operatingsystem => 'Nexenta',}}
+      it { expect { should contain_package('sssd') }.to raise_error(Puppet::Error) }
     end
   end
 end
diff --git a/spec/classes/join__keytab_spec.rb b/spec/classes/join__keytab_spec.rb
@@ -28,7 +28,7 @@
               'owner' => 'root',
               'group' => 'root',
               'mode'  => '0400',
-            }).that_notifies('Exec[run_kinit_with_keytab]')
+            }).that_comes_before('Exec[run_kinit_with_keytab]')
           end
 
           it do
@@ -37,7 +37,7 @@
               'owner' => 'root',
               'group' => 'root',
               'mode'  => '0644',
-            }).that_notifies('Exec[run_kinit_with_keytab]')
+            }).that_comes_before('Exec[run_kinit_with_keytab]')
           end
 
           it do
@@ -66,17 +66,17 @@
 
           it do
             is_expected.to contain_exec('run_kinit_with_keytab').with({
-              'path'        => '/usr/bin:/usr/sbin:/bin',
-              'command'     => 'kinit -kt /tmp/join.keytab user',
-              'refreshonly' => 'true',
+              'path'    => '/usr/bin:/usr/sbin:/bin',
+              'command' => 'kinit -kt /tmp/join.keytab user',
+              'unless'  => 'kinit -k host/$(hostname -f)',
             }).that_comes_before('Exec[realm_join_with_keytab]')
           end
 
           it do
             is_expected.to contain_exec('realm_join_with_keytab').with({
               'path'    => '/usr/bin:/usr/sbin:/bin',
               'command' => 'realm join example.com',
-              'unless'  => "klist -k /etc/krb5.keytab | grep -i 'foo@example.com'",
+              'unless'  => 'kinit -k host/$(hostname -f)',
             })
           end
         end