diff --git a/.gitignore b/.gitignore deleted file mode 100644 index dade81e..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -Gemfile.lock -.bundled_gems/ diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 9854cc9..0000000 --- a/Gemfile +++ /dev/null @@ -1,15 +0,0 @@ -source 'https://rubygems.org' - -if ENV['ZUUL_REF'] && File.exists?("#{ENV['WORKSPACE']}/openstack-infra/puppet-openstack_infra_spec_helper") - gem_checkout_method = {:path => "#{ENV['WORKSPACE']}/openstack-infra/puppet-openstack_infra_spec_helper"} -else - gem_checkout_method = {:git => 'https://git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'} -end -gem_checkout_method[:require] = false - -group :development, :test, :system_tests do - gem 'puppet-openstack_infra_spec_helper', - gem_checkout_method -end - -# vim:ft=ruby diff --git a/LICENSE b/LICENSE deleted file mode 100644 index d645695..0000000 --- a/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.md b/README.md index 6a31823..ec889a9 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ -# OpenStack Kerberos Module +This project is no longer maintained. -## Overview +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". -Kerberos configuration. +For any further questions, please email +service-discuss@lists.opendev.org or join #opendev on OFTC. diff --git a/Rakefile b/Rakefile deleted file mode 100644 index ff1f0d7..0000000 --- a/Rakefile +++ /dev/null @@ -1,8 +0,0 @@ -require 'rubygems' -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_autoloader_layout') -PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') diff --git a/files/kadm5.acl b/files/kadm5.acl deleted file mode 100644 index 5ad0e1e..0000000 --- a/files/kadm5.acl +++ /dev/null @@ -1,6 +0,0 @@ -# This file Is the access control list for krb5 administration. -# When this file is edited run /etc/init.d/krb5-admin-server restart to activate -# One common way to set up Kerberos administration is to allow any principal -# ending in /admin is given full administrative rights. -# To enable this, uncomment the following line: -*/admin * diff --git a/files/krb5-kpropd b/files/krb5-kpropd deleted file mode 100755 index 7d39a67..0000000 --- a/files/krb5-kpropd +++ /dev/null @@ -1,123 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: krb5-kpropd -# Required-Start: $local_fs $remote_fs $network $syslog -# Required-Stop: $local_fs $remote_fs $network $syslog -# X-Start-Before: $x-display-manager -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: MIT Kerberos propagation daemon -# Description: Starts, stops, or restarts the MIT kpropd. -### END INIT INFO - -# Author: Sam Hartman -# Author: Russ Allbery -# -# Based on the /etc/init.d/skeleton template as found in initscripts version -# 2.86.ds1-15. - -PATH=/usr/sbin:/usr/bin:/sbin:/bin -DESC="Kerberos kpropd" -NAME=kpropd -DAEMON=/usr/sbin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/krb5-kpropd - -# Exit if the package is not installed. -[ -x "$DAEMON" ] || exit 0 - -# Read configuration if it is present. -[ -r /etc/default/krb5-kpropd ] && . /etc/default/krb5-kpropd - -# Get the setting of VERBOSE and other rcS variables. -[ -f /etc/default/rcS ] && . /etc/default/rcS - -# Define LSB log functions (requires lsb-base >= 3.0-6). -. /lib/lsb/init-functions - - -# Return -# 0 if daemon has been started -# 1 if daemon was already running -# 2 if daemon could not be started -do_start_kpropd() -{ - start-stop-daemon --start --quiet --startas $DAEMON --name $NAME --test \ - > /dev/null || return 1 - start-stop-daemon --start --quiet --startas $DAEMON --name $NAME \ - -- $DAEMON_ARGS || return 2 -} - - -# Return -# 0 if daemon has been stopped -# 1 if daemon was already stopped -# 2 if daemon could not be stopped -# other if a failure occurred -do_stop_kpropd() -{ - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - return "$RETVAL" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start_kpropd - case "$?" in - 0|1) - [ "$VERBOSE" != no ] && log_end_msg 0 - ;; - 2) - [ "$VERBOSE" != no ] && log_end_msg 1 - ;; - esac - ;; - - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop_kpropd - case "$?" in - 0|1) - [ "$VERBOSE" != no ] && log_progress_msg "krb524d" - ;; - 2) - [ "$VERBOSE" != no ] && log_end_msg 1 - ;; - esac - ;; - - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop_kpropd - case "$?" in - 0|1) - do_start_kpropd - case "$?" in - 0) - log_end_msg 0 - ;; - 1|2) - log_end_msg 1 - ;; - esac - ;; - *) - log_end_msg 1 - ;; - esac - ;; - - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -: diff --git a/files/krb5-kpropd.service b/files/krb5-kpropd.service deleted file mode 100644 index 88eea12..0000000 --- a/files/krb5-kpropd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Kerberos 5 slave KDC update server - -[Service] -ExecReload=/bin/kill -HUP $MAINPID -EnvironmentFile=-/etc/default/krb5-kpropd -ExecStart=/usr/sbin/kpropd -D $DAEMON_ARGS -InaccessibleDirectories=/etc/ssh /etc/ssl/private /root -ReadOnlyDirectories=/ -ReadWriteDirectories=/var/tmp /tmp /var/lib/krb5kdc /var/run /run -CapabilityBoundingSet=CAP_NET_BIND_SERVICE - -[Install] -WantedBy=multi-user.target diff --git a/manifests/client.pp b/manifests/client.pp deleted file mode 100644 index b997495..0000000 --- a/manifests/client.pp +++ /dev/null @@ -1,27 +0,0 @@ -# Class kerberos::client - -class kerberos::client ( - $admin_server, - $kdcs, - $realm, -) { - - include ::ntp - - if ($::osfamily == 'RedHat') { - $kerberos_client = 'krb5-workstation' - } else { - $kerberos_client = 'krb5-user' - } - - package { $kerberos_client: - ensure => present, - require => File['/etc/krb5.conf'], - } - - file { '/etc/krb5.conf': - ensure => present, - replace => true, - content => template('kerberos/krb5.conf.erb'), - } -} diff --git a/manifests/server.pp b/manifests/server.pp deleted file mode 100644 index 2e8806c..0000000 --- a/manifests/server.pp +++ /dev/null @@ -1,138 +0,0 @@ -# Class kerberos::server - -class kerberos::server ( - $realm, - $admin_server = [$::fqdn], - $kdcs = [$::fqdn], - $slave = false, - $slaves = [], -) { - - include ::haveged - - $packages = [ - 'krb5-admin-server', - 'krb5-kdc', - ] - package { $packages: - ensure => present, - } - - file { '/etc/krb5kdc/kdc.conf': - ensure => present, - replace => true, - content => template('kerberos/kdc.conf.erb'), - require => Package['krb5-kdc'], - } - - file { '/etc/krb5kdc/kpropd.acl': - ensure => present, - replace => true, - content => template('kerberos/kpropd.acl.erb'), - require => Package['krb5-kdc'], - } - - file { '/etc/krb5kdc/kadm5.acl': - ensure => present, - replace => true, - source => 'puppet:///modules/kerberos/kadm5.acl', - require => Package['krb5-admin-server'], - } - - file { '/var/krb5kdc': - ensure => directory, - } - - file { '/usr/local/bin/run-kprop.sh': - ensure => present, - replace => true, - mode => '0755', - content => template('kerberos/run-kprop.sh.erb'), - require => Package['krb5-admin-server'], - } - - if ($slave) { - $run_kadmind = false # Synonym for stopped - $run_kpropd = true - $kprop_cron = absent - } else { - $run_kadmind = true # Synonym for running - $run_kpropd = false - $kprop_cron = present - } - - cron { 'kprop': - ensure => $kprop_cron, - user => 'root', - minute => '*/15', - command => '/usr/local/bin/run-kprop.sh >/dev/null 2>&1', - environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', - } - - if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') { - # krb5-admin-server generates this, so make sure this runs after we do - # things with krb5-admin-server - file { '/etc/default/krb5-admin-server': - ensure => present, - replace => true, - content => template('kerberos/krb5-admin-server.defaults.new.erb'), - require => Package['krb5-admin-server'], - } - - file { '/etc/systemd/system/krb5-kpropd.service': - ensure => present, - replace => true, - source => 'puppet:///modules/kerberos/krb5-kpropd.service', - require => Package['krb5-admin-server'], - } - service { 'krb5-kpropd': - ensure => $run_kpropd, - enable => $run_kpropd, - require => [ - File['/etc/systemd/system/krb5-kpropd.service'], - ], - } - # This is a hack to make sure that systemd is aware of the new service - # before we attempt to start it. - exec { 'krb5-kpropd-systemd-daemon-reload': - command => '/bin/systemctl daemon-reload', - before => Service['krb5-kpropd'], - subscribe => File['/etc/systemd/system/krb5-kpropd.service'], - refreshonly => true, - } - } else { - # krb5-admin-server generates this, so make sure this runs after we do - # things with krb5-admin-server - file { '/etc/default/krb5-admin-server': - ensure => present, - replace => true, - content => template('kerberos/krb5-admin-server.defaults.erb'), - require => Package['krb5-admin-server'], - } - - file { '/etc/init.d/krb5-kpropd': - ensure => present, - replace => true, - source => 'puppet:///modules/kerberos/krb5-kpropd', - require => Package['krb5-admin-server'], - } - - service { 'krb5-kpropd': - ensure => $run_kpropd, - enable => $run_kpropd, - require => [ - File['/etc/init.d/krb5-kpropd'], - ], - } - } - - service { 'krb5-admin-server': - ensure => $run_kadmind, - enable => $run_kadmind, - subscribe => File['/etc/krb5kdc/kadm5.acl'], - require => [ - File['/etc/krb5kdc/kadm5.acl'], - Package['krb5-admin-server'], - ], - } -} diff --git a/metadata.json b/metadata.json deleted file mode 100644 index 4ff52c6..0000000 --- a/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "openstackinfra-kerberos", - "version": "0.0.1", - "author": "OpenStack CI", - "summary": "Puppet module for Kerberos", - "license": "Apache 2.0", - "source": "https://git.openstack.org/openstack-infra/puppet-kerberos.git", - "project_page": "http://docs.openstack.org/infra/system-config/", - "issues_url": "https://storyboard.openstack.org/#!/project/787", - "dependencies": [ - ] -} diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb deleted file mode 100755 index 1eeacca..0000000 --- a/spec/acceptance/basic_spec.rb +++ /dev/null @@ -1,35 +0,0 @@ -require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance' - -describe 'kerberos', if: os[:family] == 'ubuntu' do - - def pp_path - base_path = File.dirname(__FILE__) - File.join(base_path, 'fixtures') - end - - def puppet_manifest - manifest_path = File.join(pp_path, 'default.pp') - File.read(manifest_path) - end - - it 'should work with no errors' do - apply_manifest(puppet_manifest, catch_failures: true) - end - - # Realm needs to be manually set up before admin service will start - it 'set up the kerberos realm' do - shell('yes krbpass | krb5_newrealm') - shell('echo "addprinc -randkey host/krbtest.openstack.ci" | kadmin.local') - shell('echo "ktadd host/krbtest.openstack.ci" | kadmin.local') - shell('echo "addprinc -pw rootpw root@OPENSTACK.CI" | kadmin.local') - end - - it 'should be idempotent' do - apply_manifest(puppet_manifest, catch_changes: true) - end - - describe command('echo rootpw | kinit') do - its(:exit_status) { should eq 0 } - end - -end diff --git a/spec/acceptance/fixtures/default.pp b/spec/acceptance/fixtures/default.pp deleted file mode 100644 index e62503f..0000000 --- a/spec/acceptance/fixtures/default.pp +++ /dev/null @@ -1,26 +0,0 @@ -host { 'krbtest.openstack.ci': - ensure => present, - host_aliases => 'krbtest', - ip => '127.0.1.1', -} - -exec { 'set hostname': - command => '/bin/hostname krbtest', - unless => '/usr/bin/test "$(/bin/hostname)" == "krbtest"', -} - -class { 'kerberos::server': - realm => 'OPENSTACK.CI', - kdcs => [ - 'krbtest.openstack.ci', - ], - admin_server => 'krbtest.openstack.ci', - slaves => [ ], - slave => false, -} - -class { 'kerberos::client': - admin_server => 'krbtest.openstack.ci', - kdcs => ['krbtest.openstack.ci'], - realm => 'OPENSTACK.CI', -} diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 100644 index 3bb3e62..0000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - ubuntu-server-1404-x64: - roles: - - master - platform: ubuntu-14.04-amd64 - box: puppetlabs/ubuntu-14.04-64-nocm - box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm - hypervisor: vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/nodepool-centos7.yml b/spec/acceptance/nodesets/nodepool-centos7.yml deleted file mode 100644 index c552874..0000000 --- a/spec/acceptance/nodesets/nodepool-centos7.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-70-x64: - roles: - - master - platform: el-7-x86_64 - hypervisor: none - ip: 127.0.0.1 -CONFIG: - type: foss - set_env: false diff --git a/spec/acceptance/nodesets/nodepool-trusty.yml b/spec/acceptance/nodesets/nodepool-trusty.yml deleted file mode 100644 index 9fc624e..0000000 --- a/spec/acceptance/nodesets/nodepool-trusty.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-14.04-amd64: - roles: - - master - platform: ubuntu-14.04-amd64 - hypervisor: none - ip: 127.0.0.1 -CONFIG: - type: foss - set_env: false diff --git a/spec/acceptance/nodesets/nodepool-xenial.yml b/spec/acceptance/nodesets/nodepool-xenial.yml deleted file mode 100644 index 99dd318..0000000 --- a/spec/acceptance/nodesets/nodepool-xenial.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-16.04-amd64: - roles: - - master - platform: ubuntu-16.04-amd64 - hypervisor: none - ip: 127.0.0.1 -CONFIG: - type: foss - set_env: false diff --git a/templates/kdc.conf.erb b/templates/kdc.conf.erb deleted file mode 100644 index 4825c5f..0000000 --- a/templates/kdc.conf.erb +++ /dev/null @@ -1,16 +0,0 @@ -[kdcdefaults] - kdc_ports = 750,88 - -[realms] - <%= @realm %> = { - database_name = /var/lib/krb5kdc/principal - admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab - acl_file = /etc/krb5kdc/kadm5.acl - key_stash_file = /etc/krb5kdc/stash - kdc_ports = 750,88 - max_life = 10h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts - supported_enctypes = aes256-cts:normal - default_principal_flags = +preauth - } diff --git a/templates/kpropd.acl.erb b/templates/kpropd.acl.erb deleted file mode 100644 index 114dc8c..0000000 --- a/templates/kpropd.acl.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% @kdcs.each do |kdc| -%> -host/<%= kdc %>@<%= @realm %> -<% end -%> diff --git a/templates/krb5-admin-server.defaults.erb b/templates/krb5-admin-server.defaults.erb deleted file mode 100644 index 1528def..0000000 --- a/templates/krb5-admin-server.defaults.erb +++ /dev/null @@ -1,2 +0,0 @@ -# Managed by puppet -RUN_KADMIND=<%= @run_kadmind %> diff --git a/templates/krb5-admin-server.defaults.new.erb b/templates/krb5-admin-server.defaults.new.erb deleted file mode 100644 index db7ba3b..0000000 --- a/templates/krb5-admin-server.defaults.new.erb +++ /dev/null @@ -1,10 +0,0 @@ -# Managed by puppet -# Don't set anything here. -# We don't set RUN_KADMIND because newer debuntu packaging -# postinst scripts are broken if RUN_KADMIND is set to false. -# Long story short they try to set a debconf value based on -# that value and there is no associated template with that -# key/question so things break. -# -# Instead we manage whether or not slave nodes run kadmind -# via the init system (via the puppet service resource). diff --git a/templates/krb5.conf.erb b/templates/krb5.conf.erb deleted file mode 100644 index 4833d2d..0000000 --- a/templates/krb5.conf.erb +++ /dev/null @@ -1,146 +0,0 @@ -[libdefaults] - default_realm = <%= @realm %> - -# The following krb5.conf variables are only for MIT Kerberos. - krb4_config = /etc/krb.conf - krb4_realms = /etc/krb.realms - kdc_timesync = 1 - ccache_type = 4 - forwardable = true - proxiable = true - -# The following encryption type specification will be used by MIT Kerberos -# if uncommented. In general, the defaults in the MIT Kerberos code are -# correct and overriding these specifications only serves to disable new -# encryption types as they are added, creating interoperability problems. -# -# Thie only time when you might need to uncomment these lines and change -# the enctypes is if you have local software that will break on ticket -# caches containing ticket encryption types it doesn't know about (such as -# old versions of Sun Java). - -# default_tgs_enctypes = des3-hmac-sha1 -# default_tkt_enctypes = des3-hmac-sha1 -# permitted_enctypes = des3-hmac-sha1 - -# The following libdefaults parameters are only for Heimdal Kerberos. - v4_instance_resolve = false - v4_name_convert = { - host = { - rcmd = host - ftp = ftp - } - plain = { - something = something-else - } - } - fcc-mit-ticketflags = true - -[realms] - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu:88 - kdc = kerberos-1.mit.edu:88 - kdc = kerberos-2.mit.edu:88 - admin_server = kerberos.mit.edu - default_domain = mit.edu - } - MEDIA-LAB.MIT.EDU = { - kdc = kerberos.media.mit.edu - admin_server = kerberos.media.mit.edu - } - ZONE.MIT.EDU = { - kdc = casio.mit.edu - kdc = seiko.mit.edu - admin_server = casio.mit.edu - } - MOOF.MIT.EDU = { - kdc = three-headed-dogcow.mit.edu:88 - kdc = three-headed-dogcow-1.mit.edu:88 - admin_server = three-headed-dogcow.mit.edu - } - CSAIL.MIT.EDU = { - kdc = kerberos-1.csail.mit.edu - kdc = kerberos-2.csail.mit.edu - admin_server = kerberos.csail.mit.edu - default_domain = csail.mit.edu - krb524_server = krb524.csail.mit.edu - } - IHTFP.ORG = { - kdc = kerberos.ihtfp.org - admin_server = kerberos.ihtfp.org - } - GNU.ORG = { - kdc = kerberos.gnu.org - kdc = kerberos-2.gnu.org - kdc = kerberos-3.gnu.org - admin_server = kerberos.gnu.org - } - 1TS.ORG = { - kdc = kerberos.1ts.org - admin_server = kerberos.1ts.org - } - GRATUITOUS.ORG = { - kdc = kerberos.gratuitous.org - admin_server = kerberos.gratuitous.org - } - DOOMCOM.ORG = { - kdc = kerberos.doomcom.org - admin_server = kerberos.doomcom.org - } - ANDREW.CMU.EDU = { - kdc = kerberos.andrew.cmu.edu - kdc = kerberos2.andrew.cmu.edu - kdc = kerberos3.andrew.cmu.edu - admin_server = kerberos.andrew.cmu.edu - default_domain = andrew.cmu.edu - } - CS.CMU.EDU = { - kdc = kerberos.cs.cmu.edu - kdc = kerberos-2.srv.cs.cmu.edu - admin_server = kerberos.cs.cmu.edu - } - DEMENTIA.ORG = { - kdc = kerberos.dementix.org - kdc = kerberos2.dementix.org - admin_server = kerberos.dementix.org - } - stanford.edu = { - kdc = krb5auth1.stanford.edu - kdc = krb5auth2.stanford.edu - kdc = krb5auth3.stanford.edu - master_kdc = krb5auth1.stanford.edu - admin_server = krb5-admin.stanford.edu - default_domain = stanford.edu - } - UTORONTO.CA = { - kdc = kerberos1.utoronto.ca - kdc = kerberos2.utoronto.ca - kdc = kerberos3.utoronto.ca - admin_server = kerberos1.utoronto.ca - default_domain = utoronto.ca - } - <%= @realm %> = { -<% @kdcs.each do |kdc| -%> - kdc = <%= kdc %> -<% end -%> - admin_server = <%= @admin_server %> - default_domain = <%= @realm.downcase %> - } - -[domain_realm] - .mit.edu = ATHENA.MIT.EDU - mit.edu = ATHENA.MIT.EDU - .media.mit.edu = MEDIA-LAB.MIT.EDU - media.mit.edu = MEDIA-LAB.MIT.EDU - .csail.mit.edu = CSAIL.MIT.EDU - csail.mit.edu = CSAIL.MIT.EDU - .whoi.edu = ATHENA.MIT.EDU - whoi.edu = ATHENA.MIT.EDU - .stanford.edu = stanford.edu - .slac.stanford.edu = SLAC.STANFORD.EDU - .toronto.edu = UTORONTO.CA - .utoronto.ca = UTORONTO.CA - -[login] - krb4_convert = true - krb4_get_tickets = false diff --git a/templates/run-kprop.sh.erb b/templates/run-kprop.sh.erb deleted file mode 100644 index 380b9a0..0000000 --- a/templates/run-kprop.sh.erb +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -kdclist="<% @slaves.each do |slave| -%><%= slave %> <% end -%>" -kdb5_util dump /var/krb5kdc/slave_datatrans -for kdc in $kdclist -do - kprop -f /var/krb5kdc/slave_datatrans $kdc -done