sssd: A short summary of the purpose of this class
sssd::base_config: ensure packages match our expected statesssd::install: ensure packages match our expected statesssd::service: take care of the sssd service(s)
sssd::config: Write out an SSSD compatible config file
A description of what this class does
class { 'sssd':
main_config => {
'sssd' => {
'domains' => 'a, b',
'services => ['pam', 'nss']
}},
configs => {
'enable debug' => {
'sssd' => { 'debug' => 0 }},
'setup different domains' => {
'sssd' => { 'domains' => ['c', 'd'] },
'domain/c' => { 'id_provider' => 'ldap' },
'domain/d' => { 'id_provider' => 'ipa'}
setup_empty_nss_section => { 'nss' => {} }
}The following parameters are available in the sssd class:
packages_managepackages_ensurepackage_namesconfig_managemain_pki_dirmain_config_dirmain_config_fileconfig_d_locationpurge_unmanaged_conf_dpki_ownerpki_grouppki_modeconfig_ownerconfig_groupconfig_modemain_configconfigsservices_manageservices_ensureservices_enableservice_names
Data type: Boolean
Should we manage the package?
Data type: String[1]
package ensure parameter
Data type: Array[String]
Array of packages to manage
Data type: Boolean
Should we manage the config?
Data type: Stdlib::Absolutepath
This is probably /etc/sssd/pki on your system
Data type: Stdlib::Absolutepath
This is probably /etc/sssd on your system
Data type: Stdlib::Absolutepath
This is probably /etc/sssd/sssd.conf on your system
Data type: Stdlib::Absolutepath
This is probably /etc/sssd/conf.d on your system
Data type: Boolean
Should we remove any files unknown to puppet in the conf_d location?
Data type: String
Owner for the pki directory - should probably be 'root' or 'sssd'
Data type: String
Group for the pki directory - should probably be 'root' or 'sssd'
Data type: String
Group for the pki directory - should probably be '0711'
Data type: String
Owner for the config files - should probably be 'root' or 'sssd'
Data type: String
Group for the config files - should probably be 'root' or 'sssd'
Data type: String
chmod for the config files - should be '0600'
Data type: Hash
Hash containing the content of $main_config_file broken out by section Entries in $config_d_location can replace these elements in a last file wins methodology.
Data type: Hash
A Hash similar to $main_config, but with one more level of nesting 'any text you want': section: key: value
Data type: Boolean
Should this class manage the service states
Data type: Enum['stopped','running']
Service ensure parameter
Data type: Boolean
Service enable parameter
Data type: Array[String]
Array of services that are part of sssd
Transform a Hash of settings into a deterministic sssd compatible config file.
The strings will be used "as is", and arrays will be joined with ', ' which should let you set things in a number of useful ways.
sssd::config { 'main conf':
stanzas => {
'sssd' => {
'domains' => ['example.com', 'otherdomain.tld'],
'services' => ['pam', 'nss', 'sudo'],
'debug' => 0,
},
'example.com' => {
'id_provider' => 'ldap',
},
},
force_this_filename => '/etc/sssd/sssd.conf',
}
sssd::config { 'LDAP':
stanzas => {
'domain/LDAP' => {
'id_provider' => 'ldap',
},
},
}The following parameters are available in the sssd::config defined type:
Data type: Hash
A hash of stanzas with key/value pairs of their entries
Data type: String
Who should own
Default value: 'root'
Data type: String
Who should own
Default value: 'root'
Data type: String
permissions
Default value: '0600'
Data type: Integer[0, 99]
prefix used to get these files in the order you want
Default value: 50
Data type: Stdlib::Absolutepath
This is probably /etc/sssd/conf.d on your system
Default value: '/etc/sssd/conf.d'
Data type: Optional[Pattern[/\.conf$/]]
Name of the config file to write out into $config_d_location.
The filename must end in .conf or sssd will not see it.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Ignore the helper logic, write out this file
Default value: undef