opuppet/module-user
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

new style for 2.7

Browse source
This commit is contained in:
mh 2012-06-05 22:45:46 +02:00
parent 8a4f8f5d0f
commit 8cc313a49d
5 changed files with 223 additions and 223 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
manifests/groups/manage_user.pp
View file

@ -1,27 +1,27 @@
define user::groups::manage_user(
$ensure = 'present',
$group,
$user = 'absent'
$ensure = 'present',
$group,
$user = 'absent'
){
if ($user != 'absent'){
$real_user = $user
} else {
$real_user = $name
}
if ($user != 'absent'){
$real_user = $user
} else {
$real_user = $name
}
augeas{"manage_${real_user}_in_group_${group}":
context => '/files/etc/group',
augeas{"manage_${real_user}_in_group_${group}":
context => '/files/etc/group',
}
if ($ensure == 'present'){
Augeas["manage_${real_user}_in_group_${group}"]{
changes => [ "set ${group}/user[last()+1] ${real_user}" ],
onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
}
if ($ensure == 'present'){
Augeas["manage_${real_user}_in_group_${group}"]{
changes => [ "set ${group}/user[last()+1] ${real_user}" ],
onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
}
} else {
Augeas["manage_${real_user}_in_group_${group}"]{
changes => "rm ${group}/user[.='${real_user}']",
}
} else {
Augeas["manage_${real_user}_in_group_${group}"]{
changes => "rm ${group}/user[.='${real_user}']",
}
}
}

8
manifests/groups/sftponly.pp
View file

@ -1,8 +1,8 @@
# manifests/groups/sftponly.pp
class user::groups::sftponly {
group{'sftponly':
ensure => present,
gid => 10000,
}
group{'sftponly':
ensure => present,
gid => 10000,
}
}

330
manifests/managed.pp
View file

@ -22,194 +22,194 @@
# if you supply a uid.
# Default: true
define user::managed(
$ensure = present,
$name_comment = 'absent',
$uid = 'absent',
$gid = 'uid',
$groups = [],
$manage_group = true,
$membership = 'minimum',
$homedir = 'absent',
$managehome = true,
$homedir_mode = '0750',
$sshkey = 'absent',
$password = 'absent',
$password_crypted = true,
$allowdupe = false,
$shell = 'absent'
$ensure = present,
$name_comment = 'absent',
$uid = 'absent',
$gid = 'uid',
$groups = [],
$manage_group = true,
$membership = 'minimum',
$homedir = 'absent',
$managehome = true,
$homedir_mode = '0750',
$sshkey = 'absent',
$password = 'absent',
$password_crypted = true,
$allowdupe = false,
$shell = 'absent'
){
$real_homedir = $homedir ? {
'absent' => "/home/$name",
default => $homedir
}
$real_homedir = $homedir ? {
'absent' => "/home/$name",
default => $homedir
}
$real_name_comment = $name_comment ? {
'absent' => $name,
default => $name_comment,
}
$real_name_comment = $name_comment ? {
'absent' => $name,
default => $name_comment,
}
$real_shell = $shell ? {
'absent' => $operatingsystem ? {
openbsd => "/usr/local/bin/bash",
default => "/bin/bash",
},
default => $shell,
}
$real_shell = $shell ? {
'absent' => $::operatingsystem ? {
openbsd => "/usr/local/bin/bash",
default => "/bin/bash",
},
default => $shell,
}
if size($name) > 31 {
fail("Usernames can't be longer than 31 characters. ${name} is too long!")
}
if size($name) > 31 {
fail("Usernames can't be longer than 31 characters. ${name} is too long!")
}
user { $name:
ensure => $ensure,
allowdupe => $allowdupe,
comment => "$real_name_comment",
home => $real_homedir,
managehome => $managehome,
shell => $real_shell,
groups => $groups,
membership => $membership,
}
user { $name:
ensure => $ensure,
allowdupe => $allowdupe,
comment => "$real_name_comment",
home => $real_homedir,
managehome => $managehome,
shell => $real_shell,
groups => $groups,
membership => $membership,
}
if $managehome {
file{$real_homedir: }
if $ensure == 'absent' {
File[$real_homedir]{
ensure => absent,
purge => true,
force => true,
recurse => true,
}
} else {
File[$real_homedir]{
ensure => directory,
require => User[$name],
owner => $name, mode => $homedir_mode,
}
case $gid {
'absent','uid': {
File[$real_homedir]{
group => $name,
}
}
default: {
File[$real_homedir]{
group => $gid,
}
}
}
if $managehome {
file{$real_homedir: }
if $ensure == 'absent' {
File[$real_homedir]{
ensure => absent,
purge => true,
force => true,
recurse => true,
}
} else {
File[$real_homedir]{
ensure => directory,
require => User[$name],
owner => $name, mode => $homedir_mode,
}
case $gid {
'absent','uid': {
File[$real_homedir]{
group => $name,
}
}
}
if $uid != 'absent' {
User[$name]{
uid => $uid,
default: {
File[$real_homedir]{
group => $gid,
}
}
}
}
}
if $gid != 'absent' {
if $gid == 'uid' {
if $uid != 'absent' {
$real_gid = $uid
if $uid != 'absent' {
User[$name]{
uid => $uid,
}
}
if $gid != 'absent' {
if $gid == 'uid' {
if $uid != 'absent' {
$real_gid = $uid
}
} else {
$real_gid = $gid
}
if $real_gid {
User[$name]{
gid => $real_gid,
}
}
}
if $name != 'root' {
if $uid == 'absent' {
if $manage_group and ($ensure == 'absent') {
group{$name:
ensure => absent,
}
case $::operatingsystem {
OpenBSD: {
Group[$name]{
before => User[$name],
}
} else {
$real_gid = $gid
}
default: {
Group[$name]{
require => User[$name],
}
}
}
}
} else {
if $manage_group {
group { $name:
allowdupe => false,
ensure => $ensure,
}
if $real_gid {
User[$name]{
gid => $real_gid,
}
Group[$name]{
gid => $real_gid,
}
}
}
if $name != 'root' {
if $uid == 'absent' {
if $manage_group and ($ensure == 'absent') {
group{$name:
ensure => absent,
}
case $operatingsystem {
OpenBSD: {
Group[$name]{
before => User[$name],
}
}
default: {
Group[$name]{
require => User[$name],
}
}
if $ensure == 'absent' {
case $::operatingsystem {
OpenBSD: {
Group[$name]{
before => User[$name],
}
}
default: {
Group[$name]{
require => User[$name],
}
}
}
} else {
if $manage_group {
group { $name:
allowdupe => false,
ensure => $ensure,
}
if $real_gid {
Group[$name]{
gid => $real_gid,
}
}
if $ensure == 'absent' {
case $operatingsystem {
OpenBSD: {
Group[$name]{
before => User[$name],
}
}
default: {
Group[$name]{
require => User[$name],
}
}
}
} else {
Group[$name]{
before => User[$name],
}
}
}
Group[$name]{
before => User[$name],
}
}
}
}
case $ensure {
present: {
if $sshkey != 'absent' {
User[$name]{
before => Class[$sshkey],
}
include $sshkey
}
}
case $ensure {
present: {
if $sshkey != 'absent' {
User[$name]{
before => Class[$sshkey],
}
include $sshkey
}
if $password != 'absent' {
case $operatingsystem {
openbsd: {
exec { "setpass ${name}":
unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
command => "usermod -p '${password}' ${name}",
require => User["${name}"],
}
}
default: {
require ruby::shadow
if $password_crypted {
$real_password = $password
} else {
if $password_salt {
$real_password = mkpasswd($password,$password_salt)
} else {
fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
}
}
User[$name]{
password => $real_password,
}
}
}
if $password != 'absent' {
case $::operatingsystem {
openbsd: {
exec { "setpass ${name}":
unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
command => "usermod -p '${password}' ${name}",
require => User["${name}"],
}
}
default: {
require ruby::shadow
if $password_crypted {
$real_password = $password
} else {
if $password_salt {
$real_password = mkpasswd($password,$password_salt)
} else {
fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
}
}
User[$name]{
password => $real_password,
}
}
}
}
}
}
}

18
manifests/openbsd/defaults.pp
View file

@ -1,14 +1,14 @@
# manifests/openbsd/defaults.pp
class user::openbsd::defaults {
# we need this somehow to mange it
user::managed{root:
name => 'root',
name_comment => 'Charlie &',
uid => '0',
gid => '0',
homedir => '/root',
homedir_mode => '0700',
}
# we need this somehow to mange it
user::managed{root:
name => 'root',
name_comment => 'Charlie &',
uid => '0',
gid => '0',
homedir => '/root',
homedir_mode => '0700',
}
}

52
manifests/sftp_only.pp
View file

@ -1,30 +1,30 @@
# gid: by default it will take the same as the uid
define user::sftp_only(
$ensure = present,
$managehome = false,
$uid = 'absent',
$gid = 'uid',
$homedir = 'absent',
$homedir_mode = '0750',
$password = 'absent',
$password_crypted = true
$ensure = present,
$managehome = false,
$uid = 'absent',
$gid = 'uid',
$homedir = 'absent',
$homedir_mode = '0750',
$password = 'absent',
$password_crypted = true
) {
require user::groups::sftponly
user::managed{"${name}":
ensure => $ensure,
uid => $uid,
gid => $gid,
name_comment => "SFTP-only_user_${name}",
groups => [ 'sftponly' ],
managehome => $managehome,
homedir => $homedir,
homedir_mode => $homedir_mode,
shell => $operatingsystem ? {
debian => '/usr/sbin/nologin',
ubuntu => '/usr/sbin/nologin',
default => '/sbin/nologin'
},
password => $password,
password_crypted => $password_crypted;
}
require user::groups::sftponly
user::managed{$name:
ensure => $ensure,
uid => $uid,
gid => $gid,
name_comment => "SFTP-only_user_${name}",
groups => [ 'sftponly' ],
managehome => $managehome,
homedir => $homedir,
homedir_mode => $homedir_mode,
shell => $::operatingsystem ? {
debian => '/usr/sbin/nologin',
ubuntu => '/usr/sbin/nologin',
default => '/sbin/nologin'
},
password => $password,
password_crypted => $password_crypted;
}
}