From 67b2ec8416a9cfa99b2f0b4ff73352c09b198584 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 23 May 2019 15:35:50 -0400 Subject: [PATCH] Add domain and no-ntp options to ipaclient Two options have proven useful for deployers. --domain: To specify the IdM DNS domain in cases where the client is not in the same DNS domain as the IdM server --no-ntp: To ensure that the idm-client-install does not change the NTP settings when they have already been set by puppet. The patch adds both these options. Change-Id: I88075174dfffe4117c8ccc31f28ed9f43bf8b4e7 (cherry picked from commit edfbeae9182108be15ad020ec26167934525eb57) --- extraconfig/services/ipaclient.yaml | 22 +++++++++++++++++++ ..._no_ntp_to_ipaclient-048fdfccf0cb7835.yaml | 7 ++++++ 2 files changed, 29 insertions(+) create mode 100644 releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml diff --git a/extraconfig/services/ipaclient.yaml b/extraconfig/services/ipaclient.yaml index bb7201a5b8..119508503e 100644 --- a/extraconfig/services/ipaclient.yaml +++ b/extraconfig/services/ipaclient.yaml @@ -36,6 +36,16 @@ parameters: type: boolean description: Configure PAM to create a users home directory if it does not exist. default: False + IdMDomain: + default: '' + description: IDM domain to register IDM client. Typically, this is discovered + through DNS and does not have to be set explicitly. + type: string + IdMNoNtpSetup: + default: False + description: Set to true to add --no-ntp to the IDM client install call. + This will cause IDM client install not to set up NTP. + type: boolean outputs: role_data: @@ -49,6 +59,8 @@ outputs: become: yes vars: makehomedir: {get_param: MakeHomeDir} + idm_domain: {get_param: IdMDomain} + idm_no_ntp: {get_param: IdMNoNtpSetup} block: - name: install needed packages package: @@ -144,12 +156,22 @@ outputs: if [ -n "$realm" ]; then OPTS="$OPTS --realm=$realm" fi + if [ -n "$idm_domain" ]; then + OPTS="$OPTS --domain=$idm_domain" + fi if [ "${makehomedir,,}" = "true" ]; then OPTS="$OPTS --mkhomedir" fi + if [ "${idm_no_ntp,,}" = "true" ]; then + OPTS="$OPTS --no-ntp" + fi + # Ensure we have the proper domain in /etc/resolv.conf domain=$(hostname -d) + if [ -n "$idm_domain" ]; then + domain = "$domain $idm_domain" + fi if ! grep -q ${domain} /etc/resolv.conf ; then sed -i "0,/nameserver/s/\(nameserver.*\)/search ${domain}\n\1/" /etc/resolv.conf fi diff --git a/releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml b/releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml new file mode 100644 index 0000000000..9003aa9ca2 --- /dev/null +++ b/releasenotes/notes/add_domain_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml @@ -0,0 +1,7 @@ +--- +features: + - Allows a deployer to specify the IdM domain with --domain on the + ipa-client-install invocation by providing the IdMDomain parameter. + - Allows a deployer to direct the ipa-client-install to skip NTP setup + by specifying the IdMNoNtpSetup parameter. This is useful if the + ipa-client-install setup clobbers the NTP setup by puppet.