Account/Sudo management
- imported account and sudo puppet modules - created account management wrapper - defined sysadmin account, set to be created on all nodes - removed sudo from base packages as its managed by sudo module now
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
# create the sysadmin user
|
||||
class profiles::accounts::sysadmin(
|
||||
Array[String] $sshkeys = [],
|
||||
){
|
||||
profiles::base::account {'sysadmin':
|
||||
username => 'sysadmin',
|
||||
uid => 1000,
|
||||
gid => 1000,
|
||||
groups => ['wheel'],
|
||||
sshkeys => $sshkeys,
|
||||
sudo_rules => ['sysadmin ALL=(ALL) NOPASSWD:ALL'],
|
||||
password => '',
|
||||
ignore_pass => true,
|
||||
}
|
||||
}
|
||||
@@ -21,4 +21,11 @@ class profiles::base (
|
||||
packages => hiera('profiles::base::packages::common'),
|
||||
ensure => 'installed',
|
||||
}
|
||||
|
||||
# all hosts will have sudo applied
|
||||
include sudo
|
||||
|
||||
# default users
|
||||
include profiles::accounts::sysadmin
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
# a wrapper for puppetlabs-account and saz-sudo
|
||||
define profiles::base::account (
|
||||
String $username,
|
||||
Integer $uid,
|
||||
Integer $gid = undef,
|
||||
Boolean $manage_home = true,
|
||||
Boolean $create_group = true,
|
||||
Boolean $purge_sshkeys = true,
|
||||
Boolean $system = false,
|
||||
Boolean $locked = false,
|
||||
String $password = '!!',
|
||||
Boolean $ignore_pass = false,
|
||||
Array[String] $groups = [],
|
||||
Array[String] $sshkeys = [],
|
||||
Array[String] $sudo_rules = [],
|
||||
String $shell = '/usr/bin/bash',
|
||||
) {
|
||||
|
||||
# Set gid to uid if gid is undef
|
||||
$final_gid = $gid ? {
|
||||
undef => $uid,
|
||||
default => $gid,
|
||||
}
|
||||
|
||||
# Manage user
|
||||
accounts::user { $username:
|
||||
uid => $uid,
|
||||
gid => $final_gid,
|
||||
shell => $shell,
|
||||
groups => $groups,
|
||||
sshkeys => $sshkeys,
|
||||
system => $system,
|
||||
locked => $locked,
|
||||
password => $password,
|
||||
create_group => $create_group,
|
||||
managehome => $manage_home,
|
||||
purge_sshkeys => $purge_sshkeys,
|
||||
ignore_password_if_empty => $ignore_pass,
|
||||
}
|
||||
|
||||
# Manage sudo rules
|
||||
sudo::conf { "${username}_sudo":
|
||||
content => $sudo_rules,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user