1

I need to build a module to manage /etc/sssd/sssd.conf on our Red Hat VMs. The sssd modules published on the forge don't seem to do what I want, nor do I feel like forking any of them.

I want to keep all the configuration data in Hiera's common.yaml file. Below is my sssd.conf file.

[sssd]
config_file_version = 2
services = nss, pam
domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75

[pam]

[domain/default]
auth_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
cache_credentials = True
ldap_search_base = dc=ederp,dc=com
id_provider = ldap
ldap_uri = ldaps://lvldap1.lvs01.ederp.com/ ldaps://lvldap2.lvs01.ederp.com/
ldap_tls_cacertdir = /etc/openldap/cacerts

What is the best, most economical way to build the sssd.conf file? Should I have multiple .pp files such as domain.pp, pam.pp etc. or should all the lines of configuration land in init.pp?

mr.zog
  • 923
  • 3
  • 20
  • 39
  • I was staring at http://serverfault.com/questions/557819/overriding-parameters-in-previously-declared-puppet-resource for a while before asking the above question. Seems to me I should not need to use all those explicit hiera lookups poster Scott Merrill suggests. Am I right? – mr.zog Jun 10 '14 at 21:33
  • 1
    Given the syntax of the looks like a standard ini file, I would use the [inifile](https://forge.puppetlabs.com/puppetlabs/inifile) module if you hadn't already planned on that. Then just build a module that can set the classes you want. I am assuming you are running a 3.x+ version of puppet? – Zoredache Jun 10 '14 at 21:38
  • Thanks, Zordache. Yeah, I'm using Puppet Enterprise 3.2.3 so I guess inifile could work. – mr.zog Jun 11 '14 at 12:24
  • Also, what about the concat module? Could I not use that to build the file line by line? Seems feasible. – mr.zog Jun 11 '14 at 12:36
  • You can also use Augeas to set values in ini files (http://docs.puppetlabs.com/guides/augeas.html) – faker Jun 13 '14 at 11:20
  • Both `inifile` and `concat` are feasible, but the former seems a lot more appropriate. – Felix Frank Jun 13 '14 at 21:12

0 Answers0