salt/states/systems/core/freeipa/init.sls

{##only run if freeipa is enabled##}
{%- if grains['freeipa_enabled'] is defined -%}
  {%- if grains['freeipa_enabled'] == true %}
{% set hostname=grains['host'] %}
{% set ip=grains['fqdn_ip4'][0] %}
install_sssd:
  pkg.installed:
    - name: sssd

/etc/sssd/sssd.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/sssd.conf
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - context:
      hostname: {{hostname}}

/etc/nsswitch.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/nsswitch.conf
    - user: root
    - group: root
    - mode: 644

/etc/nscd.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/nscd.conf
    - user: root
    - group: root
    - mode: 644

/etc/krb5.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/krb5.conf
    - user: root
    - group: root
    - mode: 644

/etc/pam.d:
  file.recurse:
    - source: salt://systems/core/freeipa/manual/pam.d/
    - user: root
    - group: root
    - dir_mode: 755
    - file_mode: 644

/etc/sudoers.d/freeipa:
  file.managed:
    - source: salt://systems/core/freeipa/manual/sudoers
    - user: root
    - group: root
    - mode: 644

freeipa_sssd_service:
  service.running:
    - name: sssd
    - enable: true
    - watch:
      - file: /etc/sssd/sssd.conf
      - file: /etc/nsswitch.conf
      - file: /etc/nscd.conf
      - file: /etc/krb5.conf
      - file: /etc/pam.d

freeipa_nscd_service:
  service.running:
    - name: nscd
    - enable: true
    - watch:
      - file: /etc/sssd/sssd.conf
      - file: /etc/nsswitch.conf
      - file: /etc/nscd.conf
      - file: /etc/krb5.conf
      - file: /etc/pam.d
  {% endif %}
{% endif %}
Added authelia and set up 2fa for nginx authentication, added ldap module in icinga 2017-10-30 13:30:05 -05:00			`{##only run if freeipa is enabled##}`
			`{%- if grains['freeipa_enabled'] is defined -%}`
			`{%- if grains['freeipa_enabled'] == true %}`
			`{% set hostname=grains['host'] %}`
			`{% set ip=grains['fqdn_ip4'][0] %}`
			`install_sssd:`
			`pkg.installed:`
			`- name: sssd`

			`/etc/sssd/sssd.conf:`
			`file.managed:`
			`- source: salt://systems/core/freeipa/manual/sssd.conf`
			`- user: root`
			`- group: root`
			`- mode: 600`
			`- template: jinja`
			`- context:`
			`hostname: {{hostname}}`

			`/etc/nsswitch.conf:`
			`file.managed:`
			`- source: salt://systems/core/freeipa/manual/nsswitch.conf`
			`- user: root`
			`- group: root`
			`- mode: 644`

			`/etc/nscd.conf:`
			`file.managed:`
			`- source: salt://systems/core/freeipa/manual/nscd.conf`
			`- user: root`
			`- group: root`
			`- mode: 644`

			`/etc/krb5.conf:`
			`file.managed:`
			`- source: salt://systems/core/freeipa/manual/krb5.conf`
			`- user: root`
			`- group: root`
			`- mode: 644`

			`/etc/pam.d:`
			`file.recurse:`
			`- source: salt://systems/core/freeipa/manual/pam.d/`
			`- user: root`
			`- group: root`
			`- dir_mode: 755`
			`- file_mode: 644`

			`/etc/sudoers.d/freeipa:`
			`file.managed:`
			`- source: salt://systems/core/freeipa/manual/sudoers`
			`- user: root`
			`- group: root`
			`- mode: 644`

			`freeipa_sssd_service:`
			`service.running:`
			`- name: sssd`
			`- enable: true`
			`- watch:`
			`- file: /etc/sssd/sssd.conf`
			`- file: /etc/nsswitch.conf`
			`- file: /etc/nscd.conf`
			`- file: /etc/krb5.conf`
			`- file: /etc/pam.d`

			`freeipa_nscd_service:`
			`service.running:`
			`- name: nscd`
			`- enable: true`
			`- watch:`
			`- file: /etc/sssd/sssd.conf`
			`- file: /etc/nsswitch.conf`
			`- file: /etc/nscd.conf`
			`- file: /etc/krb5.conf`
			`- file: /etc/pam.d`
			`{% endif %}`
			`{% endif %}`