Merge pull request #1 from jpuskar/0_1_1

0.1.1

.fixtures.yml

@@ -4,4 +4,4 @@ fixtures:
   repositories:
     stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib"
     firewalld: "git://github.com/crayfishx/puppet-firewalld"
-    #db2: "git://github.com/jpuskar/puppet-db2"
+    concat: "git://github.com/puppetlabs/puppetlabs-concat"

.gitignore

@@ -3,4 +3,6 @@
 .vagrant/
 vagrant/
 custom
-cognos_11_installer.properties
+cognos_11_installer.properties
+spec/fixtures
+pkg/

Changelog.md

@@ -0,0 +1,12 @@
+# puppet-cognos changelog
+
+## v.0.1.1
++ Added support for IPA auth provider.
++ Updates to systemd unit file:
+  + Added java_home.
+  + Added systemd_service_accounting.
+  + Added ld_library_path
+  + Added db2 service options.
+
+## v.0.1.0
++ Initial release.

README.md

@@ -17,13 +17,10 @@ This module installs and configures a basic cognos server using db2.
 ## Setup
 
 ### Setup Requirements
-
-The cognos and db2 v10.1 install binaries must be pre-staged, and the parameter named 'installer_source_dir' configured.
++ The cognos install binary must be pre-staged and the parameters named `installer_source_dir` and `installer_filename` configured.
++ DB2 must already be installed, and the cognos class parameters `db2_install_path`, `db2_service_name`, and `db2_instance_user` must be correct. See init.pp for the defaults.
 
 ## Usage
-The param 'installer_source_dir' expects to find the folder ./exp.
-For example, if "/root" is specified, than this should exist: "/root/exp/db2"
-
 
 ```puppet
 class {'cognos':
@@ -36,19 +33,80 @@ class {'cognos':
 ```
 ## Reference
 
+### Class parameters
+
+#### `auth_provider_config`
+
+Configures authentication providers. For the full set of provider_config parameters, see the class `cognos::config::auth_provider::ipa`.
+
+Example from a manifest:
+```puppet
+$auth_providers => {
+  'ipa_1' => {
+    provider        => 'ipa',
+    provider_config => {
+      base_dn       => 'my_base_dn',
+      bind_username => 'my_bind_user',
+      bind_password => 'my_bind_pwd',
+      host_port     => 'my_dc.ipa.example',
+    }
+  }
+}
+
+class {'cognos':
+  cognos_user_password    => 'mypass',
+  cognos_db_user_password => 'mypass',
+  cog_users_password_salt => 'random phrase',
+  installer_source_dir    => '/root',
+  installer_filename      => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
+  auth_provider_config    => $auth_providers,
+}
+```
+
+Example from hiera:
+```yaml
+cognos::auth_provider_config:
+  'ipa_1':
+    provider: 'ipa'
+    provider_config:
+      base_dn: 'my_base_dn'
+      bind_username: 'my_bind_user'
+      bind_password: 'my_bind_pwd'
+      host_port: 'my_dc.ipa.example'
+```
+
 Please see the individual manifest files for additional parameters.
 
 ## Limitations
 
-This module has only been tested with Cognos 11.0.5 using DB2 Express V10.1 on Centos 7.3.
+This module has only been tested with:
++ Cognos 11.0.5 using DB2 Express V10.1 on Centos 7.3.
++ Cognos 11.0.6 using DB2 Express V10.1 on Centos 7.3.
 
 In addition, it currently does not support:
 + Content Managers other than DB2 running on localhost.
 + Multiple servers / tires.
-+ Authentication providers of any kind.
-## Development
++ Authentication providers other than IPA via LDAP.
 
-This module includes a Vagrantfile for easy testing. Just install vagrant and virtualbox, clone this repo, and 'vagrant up'.
+## Development
 
-To stage the DB2 media, make a folder in the repo root called "vagrant", and ensure that the folder structure looks like: "./puppet-cognos/vagrant/exp/db2".
-The cognos installer file must also reside in "./puppet-cognos/vagrant".
+This module includes a Vagrantfile for easy testing.
+
+Steps to get started:
+1. Install vagrant.
+1. Install virtualbox.
+1. Clone this repo.
+1. Stage the Cognos and DB2 binares.
+1. Run `vagrant up` in a terminal window from the root of the repo.
+
+### Staging the binaries
+The Cognos installer file must reside in `./puppet-cognos/vagrant` and the db2 installer must be extracted.
+
+The folder structure must look like the following:
+```bash
+puppet-cognos/Vagrantfile
+puppet-cognos/vagrant/
+puppet-cognos/vagrant/ca_srv_lnxi38664_11.0.5.16111917.bin
+puppet-cognos/vagrant/exp/
+puppet-cognos/vagrant/exp/db2setup
+```

Vagrantfile

@@ -24,6 +24,7 @@ echo I am provisioning...
 export FACTER_is_vagrant='true'
 [ -d /tmp/modules/cognos ] || mkdir -p /tmp/modules/cognos
 mount | grep /tmp/modules/cognos || mount --bind /vagrant /tmp/modules/cognos
+puppet module install puppetlabs-concat
 puppet module install puppetlabs-stdlib
 puppet module install crayfishx-firewalld
 puppet module install puppet-selinux

manifests/cm_db/db2.pp

@@ -2,19 +2,19 @@
 class cognos::cm_db::db2 {
 
   # Cognos DB2 CM SQL File
-  $cognos_db_file = "/home/${cognos::cognos_db_instance_user}/create_cognos_db.sql"
+  $cognos_db_file = "/home/${cognos::db2_instance_user}/create_cognos_db.sql"
   file{$cognos_db_file:
     content => template('cognos/create_cognos_db.sql.erb'),
     mode    => '0755',
-    owner   => $cognos::cognos_db_instance_user,
-    group   => $cognos::cognos_db_instance_user,
+    owner   => $cognos::db2_instance_user,
+    group   => $cognos::db2_instance_user,
   }
 
   # Configure Cognos ContentDb
   exec{'configure_cognos_db2_cm_db':
     command => "${cognos::db2_install_path}/bin/db2 -tvf ${cognos_db_file}",
-    user    => $cognos::cognos_db_instance_user,
-    cwd     => "/home/${cognos::cognos_db_instance_user}",
+    user    => $cognos::db2_instance_user,
+    cwd     => "/home/${cognos::db2_instance_user}",
     timeout => 600,
     unless  => "${cognos::db2_install_path}/bin/db2 list db directory | grep \"Database name\" | grep \"= CM\"",
     require => File[$cognos_db_file],

manifests/config.pp

@@ -56,30 +56,35 @@
       port     => 9300,
       protocol => 'tcp',
     }
+  }
+
+  # Auth Providers
+  if !empty($cognos::auth_provider_config) {
+    $cognos::auth_provider_config.each | $instance_config | {
+      ensure_resources(
+        'cognos::config::auth_provider',
+        $instance_config
+      )
+    }
+  }
+
+  concat { "${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml":
+    owner  => $cognos::cognos_user,
+    group  => $cognos::cognos_user,
+    mode   => '0644',
+    notify => Exec['apply_new_cognos_config'],
+  }
 
-    # firewall { '1205 [cognos::config] allow cognos gateway https inbound':
-    #   chain  => 'INPUT',
-    #   proto  => 'tcp',
-    #   dport  => 443,
-    #   state  => 'NEW',
-    #   action => 'accept',
-    # }
-    #
-    # firewall { '3505 [cognos::config] allow cognos gateway https outbound':
-    #   chain  => 'OUTPUT',
-    #   proto  => 'tcp',
-    #   dport  => 443,
-    #   state  => 'NEW',
-    #   action => 'accept',
-    # }
+  concat::fragment {'cogconfig_base_pre':
+    content => template('cognos/config/cogconfig_fragment_05.xml.erb'),
+    target  => "${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml",
+    order   => '05',
   }
 
-  # Cognos config file
-  file{"${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml":
-    content => template('cognos/cognos11_config.xml.erb'),
-    mode    => '0755',
-    before  => Exec['apply_new_cognos_config'],
-    notify  => Exec['apply_new_cognos_config'],
+  concat::fragment {'cogconfig_base_post':
+    content => template('cognos/config/cogconfig_fragment_20.xml.erb'),
+    target  => "${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml",
+    order   => '20',
   }
 
   # Configure Cognos
@@ -96,6 +101,7 @@
     provider    => 'shell',
     refreshonly => true,
     notify      => Service['cognos'],
+    require     => Concat["${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml"],
   }
 
   # Add symlinks for intuitive log and config locations
@@ -121,4 +127,5 @@
     }
   }
 
+  Cognos::Config::Auth_provider<| |> -> Exec<| title == 'apply_new_cognos_config' |>
 }

manifests/config/auth_provider.pp

@@ -0,0 +1,26 @@
+#
+# example hiera:
+# cognos::auth_provider_config:
+#  'cognos1':
+#     provider: 'cognos'
+#     provider_config:
+#       allow_anon: true
+#   'ipa1':
+#     provider: 'ipa'
+#
+define cognos::config::auth_provider (
+  $provider,
+  $provider_config,
+  $instance_name = $title,
+) {
+
+  if $provider == 'ipa' {
+    cognos::config::auth_provider::ipa {
+      $instance_name:
+        * => $provider_config,
+    }
+  } else {
+    fail("The following auth_provider is not supported: ${provider}.")
+  }
+
+}

manifests/config/auth_provider/cognos.pp

@@ -0,0 +1,14 @@
+#
+define cognos::config::auth_provider::cognos(
+  $allow_anon = false,
+  $disable_cm = false,
+  $instance_name = $title,
+) {
+
+  concat::fragment {"auth_provider_${instance_name}":
+    content => template('cognos/config/auth_provider/cogconfig_fragment_auth_provider_cognos.xml.erb'),
+    target  => "${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml",
+    order   => '10',
+  }
+
+}

manifests/config/auth_provider/ipa.pp

@@ -0,0 +1,73 @@
+#
+define cognos::config::auth_provider::ipa(
+  $base_dn,
+  $bind_username,
+  $bind_password,
+  $host_port,
+  $account_business_phone          = 'telephonenumber',
+  $account_content_locale          = 'preferredlanguage',
+  $account_description             = 'description',
+  $account_email                   = 'mail',
+  $account_fax_phone               = 'facsimiletelephonenumber',
+  $account_given_name              = 'givenName',
+  $account_home_phone              = 'homephone',
+  $account_mobile_phone            = 'mobile',
+  $account_name                    = 'displayName',
+  $account_object_class            = 'inetorgperson',
+  $account_pager_phone             = 'pager',
+  $account_password                = 'userPassword',
+  $account_postal_address          = 'postaladdress',
+  $account_product_locale          = 'preferredlanguage',
+  $account_surname                 = 'sn',
+  $account_user_name               = 'uid',
+  $allow_empty_password            = false,
+  $cam_id_attribute                = 'dn',
+  $data_encoding                   = 'UTF-8',
+  $external_identity_mapping       = '${environment("REMOTE_USER")}',
+  $folder_description              = 'description',
+  $folder_name                     = 'ou',
+  $folder_object_class             = 'organizationalunit,nsContainer,ou',
+  $group_description               = 'description',
+  $group_members                   = 'uniquemember',
+  $group_name                      = 'cn',
+  $group_object_class              = 'groupofuniquenames',
+  $instance_id                     = undef,
+  $instance_name                   = $name,
+  $size_limit                      = -1,
+  $time_out                        = -1,
+  $tenancy_info                    = '',
+  $tenant_bounding_set_mapping     = '',
+  $ssl_certificate_database        = undef,
+  $use_external_identity           = false,
+  $use_bind_credentials_for_search = true,
+  $user_lookup                     = '(uid=${userID})',
+) {
+
+  # TODO: Array param for 'advancedProperties'
+  # TODO: Array param for 'customProperties'
+
+  # if $use_external_identity {
+  #   $str_use_external_identity = 'true'
+  # } else {
+  #   $str_use_external_identity = 'false'
+  # }
+
+  if $ssl_certificate_database {
+    $final_ssl_certificate_database = $ssl_certificate_database
+  } else {
+    $final_ssl_certificate_database = "${cognos::installer_target_dir}/configuration"
+  }
+
+  if $instance_id {
+    $final_instance_id = $instance_id
+  } else {
+    $final_instance_id = "${instance_name}_1"
+  }
+
+  concat::fragment {"auth_provider_${instance_name}":
+    content => template('cognos/config/auth_provider/cogconfig_fragment_auth_provider_ipa.xml.erb'),
+    target  => "${cognos::installer_target_dir}/configuration/cogstartup.puppet.xml",
+    order   => '10',
+  }
+
+}