- Description
- Setup - The basics of getting started with stns
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
The STNS module handles installing, configuring, and running STNS and libnss_stns on stns.jp.
The STNS module requires the following puppet modules:
- puppetlabs-stdlib: version 4.0 or newer.
- puppetlabs-apt: version 2.0 or newer (only Debian-based distributions).
Both puppetlabs-apt is soft dependencies. If you are installing on Debian or RedHat-based systems, you will need to configure appropriate versions of those modules.
To install the STNS server with default parameters, declare the stns::server class.
include ::stns::serverTo install the STNS client (libnss_stns) with default parameters, declare the stns::client class.
include ::stns::clientclass { '::stns::server':
port => 1104,
user => 'sample',
password => 's@mp1e',
package_ensure => latest,
}
# Configures users and groups
stns::server::users {
'foo':
id => 1001,
group_id => 1001,
directory => '/home/foo',
shell => '/bin/bash';
'bar':
id => 1002,
group_id => 1001,
directory => '/home/bar',
shell => '/bin/bash';
}
stns::server::groups { 'sample':
id => 1001,
users => [
'foo',
'bar',
],
}class { '::stns::client':
api_end_point => 'http://stns.example.jp:1104',
user => 'sample',
password => 's@mp1e',
wrapper_path => '/usr/local/bin/stns-query-wrapper',
chain_ssh_wrapper => '/usr/libexec/openssh/ssh-ldap-wrapper',
ssl_verify => true,
request_timeout => 3,
http_proxy => 'http://proxy.example.com:1104',
libnss_stns_ensure => latest,
handle_nsswitch => true,
handle_sshd_config => true,
cached_enable => true,
cached_prefetch => true,
}---
stns::server::port: 1104
stns::server::user: sample
stns::server::password: s@mp1e
stns::server::package_ensure: latest
stns::client::api_end_point: 'http://stns1.example.jp:1104'
stns::client::user: sample
stns::client::password: s@mp1e
stns::client::wrapper_path: '/usr/local/bin/stns-query-wrapper'
stns::client::chain_ssh_wrapper: null
stns::client::ssl_verify: true
stns::client::request_timeout: 3
stns::client::http_proxy: 'http://proxy.example.com:1104'
stns::client::libnss_stns_ensure: latest
stns::client::handle_nsswitch: true
stns::client::handle_sshd_config: true
stns::client::cached_enable: true
stns::client::cached_prefetch: truestns::server: Installs and configures STNS.stns::client: Installs and configures libnss_stns.
stns::repo: Setup STNS repository.stns::server::install: Installs STNS package.stns::server::config: Configures STNS.stns::server::server: Manages service.stns::client::install: Installs packages for libnss_stns.stns::client::config: Configures
stns::server::users: Specifies a STNS users configuration file.stns::server::groups: Specifies a STNS groups configuration file.
port: Specifies a listen port listen. Valid options: a number of a port number. Default: 1104.user: Specifies a user for authentication. Valid options: a string containing a valid username. Default: undef.password: Specifies a password for authentication. Valid options: a string containing a valid password. Default: undef.package_ensure: What state the packages should be in.
api_end_point: Valid options: a string containing a valid url. Default: undef.user: Specifies a user for authentication. Valid options: a string containing a valid username. Default: undef.password: Specifies a password for authentication. Valid options: a string containing a valid password. Default: undef.wrapper_path: Valid options: absolute path. Default: '/usr/local/bin/stns-query-wrapper'.chain_ssh_wrapper: Default: undef.ssl_verify: Enables SSL verification. Valid options: a boolean. Default: true.request_timeout: Wrapper Command Timeout. Valid options: a number. Default: 3.http_proxy: Valid options: a string. Default: undef.uid_shift: Shift uid. Valid options: a number. Default: 0.gid_shift: Shift gid. Valid options: a number. Default: 0.libnss_stns_ensure: What state the libnss-stns package should be in.handle_nsswitch: Configure nsswitch.conf to use STNS. Valid options: a boolean. Default: false.handle_sshd_config: Configure sshd_config to use STNS. Valid options: a boolean. Default: false.cached_enable: Enables use cached(cache-stnsd). Valid options: a boolean. Default: undef.cached_prefetch: Enables prefetch of cached(cache-stnsd). Valid options: a boolean. Default: undef.
id: Specifies the user ID. Valid options: a number type. Default: undef.group_id: Specifies the user's primary group. Valid options: a number type. Default: undef.directory: Specifies the home directory of the user. Valid options: a string containing a valid path. Default:/home/<resource title>.shell: Specifies the user's login shell. Valid options: a string containing a valid path. Default:/bin/bash.keys: Specify user attributes in an array of key = value pairs. Valid options: a string containing a valid key = value pairs. Default: undef.link_users: Valid options: a string containing a valid password. Default: undef.
id: Specifies the group ID. Valid options: a number type. Default: undef.users: Specifies the members of the group. Valid options: a string containing a valid password. Default: undef.
This module has been tested on:
- RedHat Enterprise Linux 7
- CentOS 7
- Scientific Linux 7
- Debian 8
- Ubuntu 16.04
The STNS puppet module contains tests for both rspec-puppet (unit tests) and beaker-rspec (acceptance tests) to verify functionality. For detailed information on using these tools, please see their respective documentation.
- Unit tests:
$ bundle install
$ bundle exec rake- Acceptance tests:
# Set your DOCKER_HOST variable
$ eval "$(docker-machine env default)"
# List available beaker nodesets
$ bundle exec rake beaker_nodes
centos7
jessie
xenial
# Run beaker acceptance tests
$ BEAKER_set=centos7 bundle exec rake beaker