puppet-stns

Table of Contents

1. Description
2. Setup - The basics of getting started with stns

• Setup requirements
• Beginning with stns

1. Usage - Configuration options and additional functionality

• Configuring stns::server
• Configuring stns::client
• Configuring modules from Hiera

1. Reference - An under-the-hood peek at what the module is doing and how

• Public Classes
• Private Classes
• Defined Types
• Parameters

1. Limitations - OS compatibility, etc.
2. Development - Guide for contributing to the module

• Running tests
• Testing quickstart
• Smoke tests

Description

The STNS module handles installing, configuring, and running STNS and libnss_stns on stns.jp.

Setup

Setup Requirements

The STNS module requires the following puppet modules:

• puppetlabs-stdlib: version 4.0 or newer.
• puppetlabs-apt: version 2.0 or newer (only Debian-based distributions).

Beginning with STNS

To install the STNS server with default parameters, declare the stns::server class.

include ::stns::server

To install the STNS client (libnss_stns and libpam_stns) with default parameters, declare the stns::client class.

include ::stns::client

Usage

Configuring stns::server

class { '::stns::server':
  port           => 1104,
  user           => 'sample',
  password       => 's@mp1e',
  package_ensure => latest,
}

# Configures users and groups
stns::server::users {
  'foo':
    id         => 1001,
    group_id   => 1001,
    directory  => '/home/foo',
    shell      => '/bin/bash';

  'bar':
    id         => 1002,
    group_id   => 1001,
    directory  => '/home/bar',
    shell      => '/bin/bash';
}

stns::server::groups { 'sample':
  id    => 1001,
  users => [
    'foo',
    'bar',
  ],
}

Configuring stns::client

class { '::stns::client':
  api_end_point      => [
    'http://stns1.example.jp:1104',
    'http://stns2.example.jp:1104',
  ],
  user               => 'sample',
  password           => 's@mp1e',
  wrapper_path       => '/usr/local/bin/stns-query-wrapper',
  chain_ssh_wrapper  => '/usr/libexec/openssh/ssh-ldap-wrapper',
  ssl_verify         => true,
  request_timeout    => 3,
  http_proxy         => 'http://proxy.example.com:1104',
  libnss_stns_ensure => latest,
  libpam_stns_ensure => latest,
  handle_nsswitch    => true,
  handle_sshd_config => true,
}

Configuring modules from Hiera

---
stns::server::port: 1104
stns::server::user: sample
stns::server::password: s@mp1e
stns::server::package_ensure: latest

stns::client::api_end_point:
  - 'http://stns1.example.jp:1104'
  - 'http://stns2.example.jp:1104'
stns::client::user: sample
stns::client::password: s@mp1e
stns::client::wrapper_path: '/usr/local/bin/stns-query-wrapper'
stns::client::chain_ssh_wrapper: null
stns::client::ssl_verify: true
stns::client::request_timeout: 3
stns::client::http_proxy: 'http://proxy.example.com:1104'
stns::client::libnss_stns_ensure: latest
stns::client::libpam_stns_ensure: latest
stns::client::handle_nsswitch: true
stns::client::handle_sshd_config: true

Reference

Public Classes

• stns::server: Installs and configures STNS.
• stns::client: Installs and configures libnss_stns and libpam_stns.

Private Classes

• stns::repo: Setup STNS repository.
• stns::server::install: Installs STNS package.
• stns::server::config: Configures STNS.
• stns::server::server: Manages service.
• stns::client::install: Installs packages for libnss_stns and libpam_stns.
• stns::client::config: Configures

Defined Types

• stns::server::users: Specifies a STNS users configuration file.
• stns::server::groups: Specifies a STNS groups configuration file.

Parameters

Class: stns::server

• port: Specifies a listen port listen. Valid options: a number of a port number. Default: 1104.
• user: Specifies a user for authentication. Valid options: a string containing a valid username. Default: 'undef'.
• password: Specifies a password for authentication. Valid options: a string containing a valid password. Default: 'undef'.
• package_ensure: What state the packages should be in.

Class: stns::client

• api_end_point: Valid options: Default: 'http://localhost:1104'.
• user: Specifies a user for authentication. Valid options: a string containing a valid username. Default: 'undef'.
• password: Specifies a password for authentication. Valid options: a string containing a valid password. Default: 'undef'.
• wrapper_path: Valid options: absolute path. Default: '/usr/local/bin/stns-query-wrapper'.
• chain_ssh_wrapper: Default: 'undef'.
• ssl_verify: Enables SSL verification. Valid options: a boolean. Default: true.
• request_timeout: Wrapper Command Timeout. Valid options: a number. Default: 3.
• http_proxy: Valid options: a string. Default: 'undef'.
• package_ensure: What state the packages should be in. This parameter is deprecated and will be removed. Please use $libnss_stns_ensure and $libpam_stns_ensure instead.
• libnss_stns_ensure: What state the libnss-stns package should be in.
• libpam_stns_ensure: What state the libpam-stns package should be in.
• handle_nsswitch: Configure nsswitch.conf to use STNS. Valid options: a boolean. Default: false.
• handle_sshd_config: Configure sshd_config to use STNS. Valid options: a boolean. Default: false.

Defined Types: stns::server::users

• id: Specifies the user ID. Valid options: a number type. Default: undef.
• group_id: Specifies the user's primary group. Valid options: a number type. Default: undef.
• directory: Specifies the home directory of the user. Valid options: a string containing a valid path. Default: /home/<resource title>.
• shell: Specifies the user's login shell. Valid options: a string containing a valid path. Default: /bin/bash.
• keys: Specify user attributes in an array of key = value pairs. Valid options: a string containing a valid key = value pairs. Default: undef.
• link_users: Valid options: a string containing a valid password. Default: undef.

Defined Types: stns::server::groups

• id: Specifies the group ID. Valid options: a number type. Default: undef.
• users: Specifies the members of the group. Valid options: a string containing a valid password. Default: undef.

Parameters

Limitations

This module has been tested on:

• RedHat Enterprise Linux 5, 6, 7
• CentOS 5, 6, 7
• Scientific Linux 5, 6, 7
• Debian 7, 8
• Ubuntu 12.04, 14.04, 16.04

Development

Running tests

The STNS puppet module contains tests for both rspec-puppet (unit tests) and beaker-rspec (acceptance tests) to verify functionality. For detailed information on using these tools, please see their respective documentation.

Testing quickstart

• Unit tests:

$ bundle install
$ bundle exec rake

• Acceptance tests:

# Set your DOCKER_HOST variable
$ eval "$(docker-machine env default)"

# List available beaker nodesets
$ bundle exec rake beaker_nodes
centos6
centos7
jessie
trusty

# Run beaker acceptance tests
$ BEAKER_set=centos7 bundle exec rake beaker

Smoke tests

You can run smoke tests using Vagrant:

$ vagrant up <vm> --provision

Release 1.6.0 (2016/08/08

• Change: Change file path to stns-*-wrapper #24
• Feature: Support request_eader #25

Release 1.5.0 (2016/07/29)

• Change: $package_ensure is deprecated and use $libnss_stns_ensure and $libpam_stns_ensure instead. #22

Release 1.4.0 (2016/06/27)

• Feature: Add params $request_timeout and $http_proxy to stns::client class #21

Release 1.3.0 (2016/06/09)

• Feature: Add $package_latest option to catch up latest packages in stns::server #19

Release 1.2.0 (2016/06/09)

• Feature: Add $package_latest option to catch up latest packages in stns::client #18

Release 1.1.0 (2016/05/03)

• Feature: Install libpam-stns package #12

Release 1.0.0 (2016/03/18)

• Feature: Configure users and groups of STNS server #7

Release 0.3.0 (2016/03/17)

• Handle sshd_config with augeas #6

Release 0.2.0 (2016/03/17)

• Handle nsswitch.conf with augeas #5

Release 0.1.0

Summary

Initial release.