unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
a9c959d924
puppet-prod/modules/glauth/manifests/config.pp
Ben Vincent c69e8c487e feat: create glauth module 
- manage config directories, config file
- manage systemd service and socket
- manage users, service accounts and groups
- manage defaults for users, services and groups
- manage packages for role
2024-07-01 22:42:12 +10:00

156 lines
6.4 KiB
Puppet
Raw Blame History

# configure glauth
class glauth::config (
Boolean $debug = $glauth::debug,
Boolean $syslog = $glauth::syslog,
Boolean $structuredlog = $glauth::structuredlog,
Boolean $watchconfig = $glauth::watchconfig,
Boolean $ldap_enabled = $glauth::ldap_enabled,
Stdlib::IP::Address $ldap_address = $glauth::ldap_address,
Stdlib::Port $ldap_port = $glauth::ldap_port,
Boolean $ldap_tls = $glauth::ldap_tls,
Stdlib::Absolutepath $ldap_tlscertpath = $glauth::ldap_tlscertpath,
Stdlib::Absolutepath $ldap_tlskeypath = $glauth::ldap_tlskeypath,
Boolean $ldaps_enabled = $glauth::ldaps_enabled,
Stdlib::IP::Address $ldaps_address = $glauth::ldaps_address,
Stdlib::Port $ldaps_port = $glauth::ldaps_port,
Stdlib::Absolutepath $ldaps_cert = $glauth::ldaps_cert,
Stdlib::Absolutepath $ldaps_key = $glauth::ldaps_key,
String $backend_datastore = $glauth::backend_datastore,
String $backend_basedn = $glauth::backend_basedn,
String $backend_nameformat = $glauth::backend_nameformat,
String $backend_groupformat = $glauth::backend_groupformat,
Boolean $backend_anonymousdse = $glauth::backend_anonymousdse,
String $backend_sshkeyattr = $glauth::backend_sshkeyattr,
Boolean $behaviors_ignorecapabilities = $glauth::behaviors_ignorecapabilities,
Boolean $behaviors_limitfailedbinds = $glauth::behaviors_limitfailedbinds,
Integer $behaviors_numberoffailedbinds = $glauth::behaviors_numberoffailedbinds,
Integer $behaviors_periodoffailedbinds = $glauth::behaviors_periodoffailedbinds,
Integer $behaviors_blockfailedbindsfor = $glauth::behaviors_blockfailedbindsfor,
Integer $behaviors_prunesourcetableevery = $glauth::behaviors_prunesourcetableevery,
Integer $behaviors_prunesourcesolderthan = $glauth::behaviors_prunesourcesolderthan,
Boolean $api_enabled = $glauth::api_enabled,
Boolean $api_internals = $glauth::api_internals,
Boolean $api_tls = $glauth::api_tls,
Stdlib::IP::Address $api_address = $glauth::api_address,
Stdlib::Port $api_port = $glauth::api_port,
Stdlib::Absolutepath $api_cert = $glauth::api_cert,
Stdlib::Absolutepath $api_key = $glauth::api_key,
String $user = $glauth::user,
String $group = $glauth::group,
Stdlib::Absolutepath $bin_dir = $glauth::bin_dir,
Stdlib::Absolutepath $bin_path = $glauth::bin_path,
Stdlib::Absolutepath $config_dir = $glauth::config_dir,
Stdlib::Absolutepath $config_path = $glauth::config_path,
Boolean $manage_defaults = $glauth::manage_defaults,
) {
mkdir::p {$config_dir:}
file { [ $config_dir ]:
ensure => directory,
owner => $user,
group => $group,
}
concat { $config_path:
owner => $user,
group => $group,
mode => '0644',
require => File[$config_dir],
}
if $manage_defaults {
Glauth::Obj::User {
config_path => $config_path,
}
Glauth::Obj::Service {
config_path => $config_path,
}
Glauth::Obj::Group {
config_path => $config_path,
}
}
concat::fragment { 'glauth_general':
target => $config_path,
content => epp('glauth/general.epp', {
'debug' => $debug,
'syslog' => $syslog,
'structuredlog' => $structuredlog,
'watchconfig' => $watchconfig,
}),
order => 10,
}
concat::fragment { 'glauth_ldap':
target => $config_path,
content => epp('glauth/ldap.epp', {
'ldap_enabled' => $ldap_enabled,
'ldap_address' => $ldap_address,
'ldap_port' => $ldap_port,
'ldap_tls' => $ldap_tls,
'ldap_tlscertpath' => $ldap_tlscertpath,
'ldap_tlskeypath' => $ldap_tlskeypath,
}),
order => 20,
}
concat::fragment { 'glauth_ldaps':
target => $config_path,
content => epp('glauth/ldaps.epp', {
'ldaps_enabled' => $ldaps_enabled,
'ldaps_address' => $ldaps_address,
'ldaps_port' => $ldaps_port,
'ldaps_cert' => $ldaps_cert,
'ldaps_key' => $ldaps_key,
}),
order => 30,
}
concat::fragment { 'glauth_backend':
target => $config_path,
content => epp('glauth/backend.epp', {
'backend_datastore' => $backend_datastore,
'backend_basedn' => $backend_basedn,
'backend_nameformat' => $backend_nameformat,
'backend_groupformat' => $backend_groupformat,
'backend_anonymousdse' => $backend_anonymousdse,
'backend_sshkeyattr' => $backend_sshkeyattr,
}),
order => 40,
}
concat::fragment { 'glauth_behaviors':
target => $config_path,
content => epp('glauth/behaviors.epp', {
'ignorecapabilities' => $behaviors_ignorecapabilities,
'limitfailedbinds' => $behaviors_limitfailedbinds,
'numberoffailedbinds' => $behaviors_numberoffailedbinds,
'periodoffailedbinds' => $behaviors_periodoffailedbinds,
'blockfailedbindsfor' => $behaviors_blockfailedbindsfor,
'prunesourcetableevery' => $behaviors_prunesourcetableevery,
'prunesourcesolderthan' => $behaviors_prunesourcesolderthan,
}),
order => 50,
}
concat::fragment { 'glauth_api':
target => $config_path,
content => epp('glauth/api.epp', {
'api_enabled' => $api_enabled,
'api_internals' => $api_internals,
'api_tls' => $api_tls,
'api_address' => $api_address,
'api_port' => $api_port,
'api_cert' => $api_cert,
'api_key' => $api_key,
}),
order => 60,
}
}
Reference in New Issue View Git Blame Copy Permalink