Account/Sudo management

- imported account and sudo puppet modules
  - created account management wrapper
  - defined sysadmin account, set to be created on all nodes
  - removed sudo from base packages as its managed by sudo module now
This commit is contained in:
2023-08-29 23:10:40 +10:00
parent f4b688b10e
commit 2b11a9417c
5 changed files with 72 additions and 1 deletions
@@ -0,0 +1,15 @@
# create the sysadmin user
class profiles::accounts::sysadmin(
Array[String] $sshkeys = [],
){
profiles::base::account {'sysadmin':
username => 'sysadmin',
uid => 1000,
gid => 1000,
groups => ['wheel'],
sshkeys => $sshkeys,
sudo_rules => ['sysadmin ALL=(ALL) NOPASSWD:ALL'],
password => '',
ignore_pass => true,
}
}
+7
View File
@@ -21,4 +21,11 @@ class profiles::base (
packages => hiera('profiles::base::packages::common'),
ensure => 'installed',
}
# all hosts will have sudo applied
include sudo
# default users
include profiles::accounts::sysadmin
}
+45
View File
@@ -0,0 +1,45 @@
# a wrapper for puppetlabs-account and saz-sudo
define profiles::base::account (
String $username,
Integer $uid,
Integer $gid = undef,
Boolean $manage_home = true,
Boolean $create_group = true,
Boolean $purge_sshkeys = true,
Boolean $system = false,
Boolean $locked = false,
String $password = '!!',
Boolean $ignore_pass = false,
Array[String] $groups = [],
Array[String] $sshkeys = [],
Array[String] $sudo_rules = [],
String $shell = '/usr/bin/bash',
) {
# Set gid to uid if gid is undef
$final_gid = $gid ? {
undef => $uid,
default => $gid,
}
# Manage user
accounts::user { $username:
uid => $uid,
gid => $final_gid,
shell => $shell,
groups => $groups,
sshkeys => $sshkeys,
system => $system,
locked => $locked,
password => $password,
create_group => $create_group,
managehome => $manage_home,
purge_sshkeys => $purge_sshkeys,
ignore_password_if_empty => $ignore_pass,
}
# Manage sudo rules
sudo::conf { "${username}_sudo":
content => $sudo_rules,
}
}