Add domain and no-ntp options to ipaclient

Two options have proven useful for deployers. --domain: To specify the IdM DNS domain in cases where the client is not in the same DNS domain as the IdM server --no-ntp: To ensure that the idm-client-install does not change the NTP settings when they have already been set by puppet. The patch adds both these options. Change-Id: I88075174dfffe4117c8ccc31f28ed9f43bf8b4e7 (cherry picked from commit edfbeae918)
2019-05-23 15:35:50 -04:00 · 2019-05-23 15:35:50 -04:00 · 67b2ec8416
parent a3e4996271
commit 67b2ec8416
2 changed files with 29 additions and 0 deletions
--- a/extraconfig/services/ipaclient.yaml
+++ b/extraconfig/services/ipaclient.yaml
@ -36,6 +36,16 @@ parameters:
    type: boolean
    description: Configure PAM to create a users home directory if it does not exist.
    default: False
+  IdMDomain:
+    default: ''
+    description: IDM domain to register IDM client. Typically, this is discovered
+                 through DNS and does not have to be set explicitly.
+    type: string
+  IdMNoNtpSetup:
+    default: False
+    description: Set to true to add --no-ntp to the IDM client install call.
+                 This will cause IDM client install not to set up NTP.
+    type: boolean

 outputs:
  role_data:
@ -49,6 +59,8 @@ outputs:
          become: yes
          vars:
            makehomedir: {get_param: MakeHomeDir}
+            idm_domain: {get_param: IdMDomain}
+            idm_no_ntp: {get_param: IdMNoNtpSetup}
          block:
          - name: install needed packages
            package:
@ -144,12 +156,22 @@ outputs:
                if [ -n "$realm" ]; then
                    OPTS="$OPTS --realm=$realm"
                fi
+                if [ -n "$idm_domain" ]; then
+                    OPTS="$OPTS --domain=$idm_domain"
+                fi
                if [ "${makehomedir,,}" = "true" ]; then
                    OPTS="$OPTS --mkhomedir"
                fi
+                if [ "${idm_no_ntp,,}" = "true" ]; then
+                    OPTS="$OPTS --no-ntp"
+                fi
+

                # Ensure we have the proper domain in /etc/resolv.conf
                domain=$(hostname -d)
+                if [ -n "$idm_domain" ]; then
+                    domain = "$domain $idm_domain"
+                fi
                if ! grep -q ${domain} /etc/resolv.conf ; then
                    sed -i "0,/nameserver/s/\(nameserver.*\)/search ${domain}\n\1/" /etc/resolv.conf
                fi
--- a/releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml
+++ b/releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml
@ -0,0 +1,7 @@
+---
+features:
+  -  Allows a deployer to specify the IdM domain with --domain on the
+     ipa-client-install invocation by providing the IdMDomain parameter.
+  -  Allows a deployer to direct the ipa-client-install to skip NTP setup
+     by specifying the IdMNoNtpSetup parameter.  This is useful if the
+     ipa-client-install setup clobbers the NTP setup by puppet.