Table of Contents

• Description
  • This is a SIMP module
• Setup
  • What simp_ad affects
• Usage
• Development
  • Acceptance tests

Description

This is a module for managing simp_ad server and client installations.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they may be submitted to our bug tracker.

Setup

What simp_ad affects

The simp_ad module is quite minimal at the moment, it can only join and remove hosts from an AD domain.

Usage

There are no puppet classes in this module yet. It only contains tasks.

Tasks

Join a domain using realm:

bolt task run simp_ad::join --nodes <nodes> server=ad.example.com stdin_password=admin_password options='--verbose'

Other options can be added to the options parameter, like options='--automatic-id-mapping=no --verbose'. stdin_password allows the password prompt to be skipped, if desired.

Leave a domain:

bolt task run simp_ad::leave --nodes <nodes> domain=<domain> options='--automatic-id-mapping=no --verbose'

Tasks are also available from the Puppet Enterprise console.

Facts

This module includes an active_directory fact which can be used to get the domain connection status of nodes. It contains all output from adcli info <domain> and realm list, if present, parsed into a structured fact. It should look like this, for a domain called test.case on an EL7 machine with realmd and adcli installed:

---
domain: test.case
status: connected
realm:
  test.case:
    client-software: sssd
    configured: kerberos-member
    domain-name: test.case
    login-formats: "%U@test.case"
    login-policy: allow-realm-logins
    realm-name: TEST.CASE
    required-package:
    - oddjob
    - oddjob-mkhomedir
    - sssd
    - adcli
    - samba-common-tools
    server-software: active-directory
    type: kerberos
adcli:
  test.case:
    computer-site: Default-First-Site-Name
    domain-controller: ad.test.case
    domain-controller-flags: pdc gc ldap ds kdc timeserv closest writable good-timeserv
      full-secret ads-web
    domain-controller-site: Default-First-Site-Name
    domain-controller-usable: 'yes'
    domain-controllers: ad.test.case
    domain-forest: test.case
    domain-short: TEST

Tips

It is possible to use facts, such as the domain fact, with tasks if you use the Puppet Enterprise console or a Puppet plan. This would allow for less runtime configuration of the tasks.

Development

Please read our Contribution Guide.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

NOTE: When testing this module, you will probably want to run with BEAKER_destroy=no, install the simp_ad client locally and connect to the running VM to ensure proper functionality.

Please refer to the SIMP Beaker Helpers documentation for more information.