From 11c79eec076f04062c71c6fc6187e27380837912 Mon Sep 17 00:00:00 2001 From: Kibahop Date: Fri, 20 Jan 2023 18:29:46 +0200 Subject: [PATCH] Add support for RHEL9 Signed-off-by: Kibahop --- .rubocop.yml | 5 +++++ lib/facter/gid_max.rb | 8 ++++++++ lib/facter/ipa_server_version.rb | 2 ++ lib/facter/uid_max.rb | 8 ++++++++ manifests/config/webui.pp | 4 ++-- manifests/init.pp | 7 ++----- manifests/install/server.pp | 26 ++++++++++++++++++++++++++ plans/update_host_keys.pp | 4 +++- 8 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 lib/facter/gid_max.rb create mode 100644 lib/facter/uid_max.rb diff --git a/.rubocop.yml b/.rubocop.yml index 53ac1898..32736b59 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,3 +4,8 @@ inherit_gem: voxpupuli-test: rubocop.yml + +AllCops: + Exclude: + - bin/* + - spec/fixtures/modules/**/* diff --git a/lib/facter/gid_max.rb b/lib/facter/gid_max.rb new file mode 100644 index 00000000..0eddc9f6 --- /dev/null +++ b/lib/facter/gid_max.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +Facter.add(:gid_max) do + setcode do + lines = File.readlines('/etc/login.defs') + lines.find { |line| line.start_with?('GID_MAX') }.split[1].strip.to_i + end +end diff --git a/lib/facter/ipa_server_version.rb b/lib/facter/ipa_server_version.rb index 62cb44fc..87860871 100644 --- a/lib/facter/ipa_server_version.rb +++ b/lib/facter/ipa_server_version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + Facter.add(:ipa_server_version) do setcode do family = Facter.value('osfamily') diff --git a/lib/facter/uid_max.rb b/lib/facter/uid_max.rb new file mode 100644 index 00000000..9b668b30 --- /dev/null +++ b/lib/facter/uid_max.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +Facter.add(:uid_max) do + setcode do + lines = File.readlines('/etc/login.defs') + lines.find { |line| line.start_with?('UID_MAX') }.split[1].strip.to_i + end +end diff --git a/manifests/config/webui.pp b/manifests/config/webui.pp index 4697957b..43aedb73 100644 --- a/manifests/config/webui.pp +++ b/manifests/config/webui.pp @@ -20,8 +20,8 @@ # IPA switched to mod_ssl as the crypto engine for Apache as of version 4.7.0 # see https://www.freeipa.org/page/Releases/4.7.0#Highlights_in_4.7.0 - if versioncmp($::ipa_server_version, '4.7.0') < 0 { - + # These are not needed for versions newer than 4.7.10 + if versioncmp($facts['ipa_server_version'], '4.7.0') < 0 { exec { 'semanage-port-http_port_t': command => "semanage port -a -t http_port_t -p tcp ${proxy_https_port}", unless => "semanage port -l|grep -E \"^http_port_t.*tcp.*${proxy_https_port}\"", diff --git a/manifests/init.pp b/manifests/init.pp index a5f98577..d42cd6f7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -153,7 +153,7 @@ # (integer) The HTTPS port to use for the reverse proxy. Cannot be 443. # # @param adjust_login_defs -# (boolean) Adjust UID_MAX and GID_MAX in login.defs. Without this newer installers fail. Default false. +# (boolean) Adjust UID_MAX and GID_MAX in login.defs. Without this newer server installers fail. Default false. # # TODO: Allow creation of root zone for isolated networks -- https://www.freeipa.org/page/Howto/DNS_in_isolated_networks # TODO: Class comments. @@ -217,7 +217,7 @@ } $master_principals = suffix( - prefix( [$ipa_server_fqdn], + prefix([$ipa_server_fqdn], 'host/' ), "@${final_realm}" @@ -245,7 +245,6 @@ } if $adjust_login_defs { - file_line { default: path => '/etc/login.defs', @@ -261,9 +260,7 @@ ; } } - } require easy_ipa::validate_params contain easy_ipa::install } - diff --git a/manifests/install/server.pp b/manifests/install/server.pp index 228893d9..3de35dbd 100644 --- a/manifests/install/server.pp +++ b/manifests/install/server.pp @@ -16,6 +16,32 @@ $server_install_cmd_opts_idstart = "--idstart=${easy_ipa::idstart}" + # Newer installers clash with both default UID_MAX and GID_MAX + # Note: SUB_* only affect user/group mapping in containers, so not of + # concern here + if $easy_ipa::adjust_login_defs { + if $easy_ipa::idstart < $facts['uid_max'] { + $uid_max_value = $easy_ipa::idstart -1 + } + if $easy_ipa::idstart < $facts['gid_max'] { + $gid_max_value = $easy_ipa::idstart -1 + } + file_line { + default: + path => '/etc/login.defs', + replace => true, + ; + 'adjust uid max': + line => "UID_MAX\t${uid_max_value}", + match => '^UID_MAX.*$', + ; + 'adjust gid max': + line => "GID_MAX\t${gid_max_value}", + match => '^GID_MAX.*$', + ; + } + } + $server_install_cmd_opts_idmax = $easy_ipa::idmax ? { undef => '', default => "--idmax=${easy_ipa::idmax}" diff --git a/plans/update_host_keys.pp b/plans/update_host_keys.pp index ad81e436..6462a1aa 100644 --- a/plans/update_host_keys.pp +++ b/plans/update_host_keys.pp @@ -50,12 +50,14 @@ $rsa = $ipa_client.facts['ssh']['rsa']['key'] $dsa = $ipa_client.facts['ssh']['dsa']['key'] - $ipa_host_mod_cmd = "ipa host-mod ${ipa_client.facts['fqdn']} --sshpubkey=\"${ed25519}\" --sshpubkey=\"${ecdsa}\" --sshpubkey=\"${rsa}\" --sshpubkey=\"${dsa}\" --updatedns" + $ipa_host_mod_cmd = "ipa host-mod ${ipa_client.facts['fqdn']} --sshpubkey=\"${ed25519}\" --sshpubkey=\"${ecdsa}\" --sshpubkey=\"${rsa}\" --sshpubkey=\"${dsa}\" --updatedns" # lint:ignore:140chars if $noop { out::message("No-op: would run \"${ipa_host_mod_cmd}\" on IPA server") } else { + # lint:ignore:manifest_whitespace_opening_bracket_before # lint:ignore:140chars $ipa_host_mod_resultset = run_command($ipa_host_mod_cmd, $ipa_server, '_catch_errors' => true) ['stdout','stderr'].each |$output| { + # lint:endignore out::message($ipa_host_mod_resultset.first.value[$output]) } }