module-user/manifests/managed.pp

185 lines
5.8 KiB
ObjectPascal
Raw Normal View History

2008-10-20 22:51:27 +02:00
# manifests/defines.pp
# sshkey: have to be handed over as the classname
# containing the ssh_keys
# password: the password in cleartext or as crypted string
# which should be set. Default: absent -> no password is set.
2008-10-25 23:11:31 +02:00
# To create an encrypted password, you can use:
2008-12-01 23:30:22 +01:00
# /usr/bin/mkpasswd -H md5 --salt=$salt $password , where $salt is 8 bytes long
# Note: On OpenBSD systems we can only manage crypted passwords.
# Therefor the password_crypted option doesn't have any effect.
# You'll find a python script in ${module}/password/openbsd/genpwd.py
# Which will help you to create such a password
2009-05-25 21:33:36 +02:00
# password_crypted: if the supplied password is crypted or not.
# Default: true
# Note: If you'd like to use unencrypted passwords, you have to set a variable
2009-05-25 21:33:36 +02:00
# $password_salt to an 8 character long salt, being used for the password.
# gid: define the gid of the group
2008-12-05 15:44:27 +01:00
# absent: let the system take a gid
# uid: take the same as the uid has if it isn't absent (*default*)
# <value>: take this gid
# manage_group: Wether we should add a group with the same name as well, this works only
# if you supply a uid.
2008-12-02 01:30:12 +01:00
# Default: true
define user::managed(
$ensure = present,
$name_comment = 'absent',
$uid = 'absent',
$gid = 'uid',
2008-10-20 22:51:27 +02:00
$groups = [],
2008-12-05 18:29:47 +01:00
$manage_group = true,
2008-10-20 22:51:27 +02:00
$membership = 'minimum',
$homedir = 'absent',
2008-12-05 18:29:47 +01:00
$managehome = true,
2008-10-20 22:51:27 +02:00
$homedir_mode = '0750',
$sshkey = 'absent',
$password = 'absent',
2008-12-05 18:29:47 +01:00
$password_crypted = true,
$shell = 'absent'
2008-10-20 22:51:27 +02:00
){
$real_homedir = $homedir ? {
'absent' => "/home/$name",
default => $homedir
}
$real_name_comment = $name_comment ? {
'absent' => $name,
default => $name_comment,
}
$real_shell = $shell ? {
'absent' => $operatingsystem ? {
openbsd => "/usr/local/bin/bash",
default => "/bin/bash",
},
default => $shell,
}
2009-10-20 23:18:22 +02:00
if strlength($name) > 31 {
fail("Usernames can't be longer than 31 characters. ${name} is too long!")
}
2009-04-30 15:43:14 +02:00
2008-10-20 22:51:27 +02:00
user { $name:
ensure => $ensure,
2008-10-20 22:51:27 +02:00
allowdupe => false,
comment => "$real_name_comment",
home => $real_homedir,
managehome => $managehome,
shell => $real_shell,
groups => $groups,
membership => $membership,
}
2009-05-25 21:33:36 +02:00
2008-12-05 18:29:47 +01:00
if $managehome {
if $ensure == 'absent' {
file{"$real_homedir":
ensure => absent,
purge => true,
force => true,
recurese => true,
2008-10-20 22:51:36 +02:00
}
} else {
file{"$real_homedir":
ensure => directory,
require => User[$name],
owner => $name, mode => $homedir_mode;
2008-10-20 22:51:27 +02:00
}
case $gid {
'absent','uid': {
File[$real_homedir]{
group => $name,
}
}
default: {
File[$real_homedir]{
group => $gid,
}
}
}
}
}
if $uid != 'absent' {
User[$name]{
uid => $uid,
}
2009-05-26 00:26:43 +02:00
}
if $gid != 'absent' {
2009-03-13 00:33:08 +01:00
if $gid == 'uid' {
if $uid != 'absent' {
$real_gid = $uid
}
} else {
$real_gid = $gid
}
if $real_gid {
User[$name]{
gid => $real_gid,
2008-10-20 22:51:27 +02:00
}
}
}
if $name != 'root' {
if $uid == 'absent' {
2009-03-13 00:33:08 +01:00
if $manage_group and ($ensure == 'absent') {
2009-10-02 18:43:18 +02:00
group{$name:
ensure => absent,
}
}
} else {
if $manage_group {
group { $name:
allowdupe => false,
ensure => $ensure,
}
if $real_gid {
Group[$name]{
gid => $real_gid,
}
}
2009-05-25 21:33:36 +02:00
}
2009-01-07 01:53:41 +01:00
}
2008-10-20 22:51:27 +02:00
}
case $ensure {
present: {
if $sshkey != 'absent' {
User[$name]{
before => Class[$sshkey],
}
include $sshkey
2008-10-20 22:51:27 +02:00
}
2008-10-25 22:31:44 +02:00
if $password != 'absent' {
case $operatingsystem {
openbsd: {
exec { "setpass ${name}":
unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
command => "usermod -p '${password}' ${name}",
require => User["${name}"],
}
}
default: {
include ruby-libshadow
if $password_crypted {
$real_password = $password
} else {
if $password_salt {
$real_password = mkpasswd($password,$password_salt)
} else {
fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
}
}
User[$name]{
password => $real_password,
require => Package['ruby-libshadow'],
}
2008-10-25 22:31:44 +02:00
}
}
}
}
}
2008-10-20 22:51:27 +02:00
}