we can no set a user absent and cleaning everything up
This commit is contained in:
mh
parent
56a602adf7
commit
7aa32b98a3
1 changed files with 75 additions and 57 deletions
|
|
@ -22,19 +22,20 @@
|
||||||
# if you supply a uid.
|
# if you supply a uid.
|
||||||
# Default: true
|
# Default: true
|
||||||
define user::managed(
|
define user::managed(
|
||||||
$name_comment = 'absent',
|
$ensure = present,
|
||||||
$uid = 'absent',
|
$name_comment = 'absent',
|
||||||
$gid = 'uid',
|
$uid = 'absent',
|
||||||
|
$gid = 'uid',
|
||||||
$groups = [],
|
$groups = [],
|
||||||
$manage_group = true,
|
$manage_group = true,
|
||||||
$membership = 'minimum',
|
$membership = 'minimum',
|
||||||
$homedir = 'absent',
|
$homedir = 'absent',
|
||||||
$managehome = true,
|
$managehome = true,
|
||||||
$homedir_mode = '0750',
|
$homedir_mode = '0750',
|
||||||
$sshkey = 'absent',
|
$sshkey = 'absent',
|
||||||
$password = 'absent',
|
$password = 'absent',
|
||||||
$password_crypted = true,
|
$password_crypted = true,
|
||||||
$shell = 'absent'
|
$shell = 'absent'
|
||||||
){
|
){
|
||||||
|
|
||||||
$real_homedir = $homedir ? {
|
$real_homedir = $homedir ? {
|
||||||
|
|
@ -56,6 +57,7 @@ define user::managed(
|
||||||
}
|
}
|
||||||
|
|
||||||
user { $name:
|
user { $name:
|
||||||
|
ensure => $ensure,
|
||||||
allowdupe => false,
|
allowdupe => false,
|
||||||
comment => "$real_name_comment",
|
comment => "$real_name_comment",
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|
@ -68,23 +70,34 @@ define user::managed(
|
||||||
|
|
||||||
|
|
||||||
if $managehome {
|
if $managehome {
|
||||||
file{"$real_homedir":
|
case $ensure {
|
||||||
ensure => directory,
|
absent: {
|
||||||
require => User[$name],
|
file{"$real_homedir":
|
||||||
owner => $name, mode => $homedir_mode;
|
ensure => absent,
|
||||||
}
|
purge => true,
|
||||||
case $gid {
|
force => true,
|
||||||
'absent','uid': {
|
recurese => true,
|
||||||
File[$real_homedir]{
|
|
||||||
group => $name,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
File[$real_homedir]{
|
|
||||||
group => $gid,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
default: {
|
||||||
|
file{"$real_homedir":
|
||||||
|
ensure => directory,
|
||||||
|
require => User[$name],
|
||||||
|
owner => $name, mode => $homedir_mode;
|
||||||
|
}
|
||||||
|
case $gid {
|
||||||
|
'absent','uid': {
|
||||||
|
File[$real_homedir]{
|
||||||
|
group => $name,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
File[$real_homedir]{
|
||||||
|
group => $gid,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
case $uid {
|
case $uid {
|
||||||
|
|
@ -129,7 +142,7 @@ define user::managed(
|
||||||
if $manage_group {
|
if $manage_group {
|
||||||
group { $name:
|
group { $name:
|
||||||
allowdupe => false,
|
allowdupe => false,
|
||||||
ensure => present,
|
ensure => $ensure,
|
||||||
}
|
}
|
||||||
if $real_gid {
|
if $real_gid {
|
||||||
Group[$name]{
|
Group[$name]{
|
||||||
|
|
@ -142,42 +155,46 @@ define user::managed(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
case $sshkey {
|
case $ensure {
|
||||||
'absent': { info("no sshkey to manage for user $name") }
|
present: {
|
||||||
default: {
|
case $sshkey {
|
||||||
User[$name]{
|
'absent': { info("no sshkey to manage for user $name") }
|
||||||
before => Class[$sshkey],
|
|
||||||
}
|
|
||||||
include $sshkey
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
case $password {
|
|
||||||
'absent': { info("not managing the password for user $name") }
|
|
||||||
default: {
|
|
||||||
case $operatingsystem {
|
|
||||||
openbsd: {
|
|
||||||
exec { "setpass ${name}":
|
|
||||||
unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
|
|
||||||
command => "usermod -p '${password}' ${name}",
|
|
||||||
require => User["${name}"],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
default: {
|
default: {
|
||||||
include ruby-libshadow
|
User[$name]{
|
||||||
if $password_crypted {
|
before => Class[$sshkey],
|
||||||
$real_password = $password
|
}
|
||||||
} else {
|
include $sshkey
|
||||||
case $password_salt {
|
}
|
||||||
'': { fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!") }
|
}
|
||||||
default: {
|
|
||||||
$real_password = mkpasswd($password,$password_salt)
|
case $password {
|
||||||
|
'absent': { info("not managing the password for user $name") }
|
||||||
|
default: {
|
||||||
|
case $operatingsystem {
|
||||||
|
openbsd: {
|
||||||
|
exec { "setpass ${name}":
|
||||||
|
unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
|
||||||
|
command => "usermod -p '${password}' ${name}",
|
||||||
|
require => User["${name}"],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
include ruby-libshadow
|
||||||
|
if $password_crypted {
|
||||||
|
$real_password = $password
|
||||||
|
} else {
|
||||||
|
case $password_salt {
|
||||||
|
'': { fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!") }
|
||||||
|
default: {
|
||||||
|
$real_password = mkpasswd($password,$password_salt)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
User[$name]{
|
||||||
|
password => $real_password,
|
||||||
|
require => Package['ruby-libshadow'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
User[$name]{
|
|
||||||
password => $real_password,
|
|
||||||
require => Package['ruby-libshadow'],
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -185,9 +202,9 @@ define user::managed(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# gid: by default it will take the same as the uid
|
# gid: by default it will take the same as the uid
|
||||||
define user::sftp_only(
|
define user::sftp_only(
|
||||||
|
$ensure = present,
|
||||||
$managehome = false,
|
$managehome = false,
|
||||||
$uid = 'absent',
|
$uid = 'absent',
|
||||||
$gid = 'uid',
|
$gid = 'uid',
|
||||||
|
|
@ -197,6 +214,7 @@ define user::sftp_only(
|
||||||
) {
|
) {
|
||||||
include user::groups::sftponly
|
include user::groups::sftponly
|
||||||
user::managed{"${name}":
|
user::managed{"${name}":
|
||||||
|
ensure => present,
|
||||||
uid => $uid,
|
uid => $uid,
|
||||||
gid => $gid,
|
gid => $gid,
|
||||||
name_comment => "SFTP-only_user_${name}",
|
name_comment => "SFTP-only_user_${name}",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue