add support for qa kerberos environment

c5b4d0d1 · Adam Lewenberg · 7e41ce0e · c5b4d0d1 · c5b4d0d1 · c5b4d0d1
Commit c5b4d0d1 authored 8 years ago by Adam Lewenberg
--- a/NEWS
+++ b/NEWS
+release/005.006 (2017-02-16)
+
+    [kerberos] Add support for the new kerberos environment 'qa'. [adamhl]
+
 release/005.005 (2017-02-02)

    [kerberos] Add the option rdns_enabled so that Kerberos can be

--- a/manifests/kerberos.pp
+++ b/manifests/kerberos.pp
@@ -17,20 +17,23 @@
 # **********************************************************************
 #
 #
-# $krb_env: Which kerberos environment to use. Must be one of:
-#   'prod', 'uat', or 'test'.
+# $krb_env:
+#   Which kerberos environment to use. Must be one of:
+#   'prod', 'uat', 'qa', or 'test'.
 #   Default: 'prod'
 #
-# $prefer_tcp: Normal kerberos traffic uses UDP, but some applications
+# $prefer_tcp:
+#   Normal kerberos traffic uses UDP, but some applications
 #   (lookin' at you Java!) work better with TCP. Set this parameter to
 #   "true" to force the client to prefer TCP to UDP.
 #   Default: false
 #
-# $rdns_enabled: if 'true' have the Kerberos client do a reverse DNS
-# lookup on the hostname when connecting to a server. This should be set
-# to 'false' if you want the client to be able to connect to services where
-# the service name's IP address PTR record may not match the hostname
-# (e.g., for services running in Amazon Web Services).
+# $rdns_enabled:
+#   If 'true' have the Kerberos client do a reverse DNS lookup on the
+#   hostname when connecting to a server. This should be set to 'false' if
+#   you want the client to be able to connect to services where the service
+#   name's IP address PTR record may not match the hostname (e.g., for
+#   services running in Amazon Web Services).
 #   Default: true
 class base::kerberos(
  $prefer_tcp   = false,
@@ -40,7 +43,7 @@ class base::kerberos(

  # We only allow the 'prod', 'uat', and 'test' environments.
  case $krb_env {
-    'prod', 'uat', 'test': {}
+    'prod', 'uat', 'test', 'qa': {}
    default: { fail("unrecognized kerberos environment '${krb_env}'") }
  }


--- a/templates/kerberos/krb5.conf.erb
+++ b/templates/kerberos/krb5.conf.erb
@@ -76,6 +76,14 @@ elsif (@krb_env == 'test') then
        admin_server   = kerberos-test.stanford.edu
        kpasswd_server = kerberos-test.stanford.edu
 <%
+elsif (@krb_env == 'qa') then
+-%>
+        kdc            = kerberos-qa2.stanford.edu:88
+        kdc            = kerberos-qa1.stanford.edu:88
+        master_kdc     = master-kdc-qa.stanford.edu:88
+        admin_server   = master-kdc-qa.stanford.edu
+        kpasswd_server = master-kdc-qa.stanford.edu
+<%
 else
  if (@drSite) then
 -%>