RubyGems - bebox - Versions diffs - 0.0.1 - Mend

bebox 0.0.1

Files changed (402) hide show

data/lib/templates/puppet/step-0/modules/sudo/manifests/configs.pp ADDED Viewed

@@ -0,0 +1,24 @@
+# Class: sudo::configs
+#
+# This class enables support for a full hiera based sudoers configuration.
+# Hiera functionality is auto enabled during the initial sudo module load;
+#   this class is not intended to be loaded directly.
+#
+# See the primary sudo module documentation for usage and examples.
+#
+class sudo::configs {
+  # NOTE: hiera_hash does not work as expected in a parameterized class
+  #   definition; so we call it here.
+  #
+  # http://docs.puppetlabs.com/hiera/1/puppet.html#limitations
+  # https://tickets.puppetlabs.com/browse/HI-118
+  #
+  $configs = hiera_hash('sudo::configs', undef)
+  if $configs {
+    create_resources('::sudo::conf', $configs)
+  }
+}

data/lib/templates/puppet/step-0/modules/sudo/manifests/init.pp ADDED Viewed

@@ -0,0 +1,151 @@
+# Class: sudo
+#
+# This module manages sudo
+#
+# Parameters:
+#   [*ensure*]
+#     Ensure if present or absent.
+#     Default: present
+#
+#   [*package*]
+#     Name of the package.
+#     Only set this, if your platform is not supported or you know,
+#     what you're doing.
+#     Default: auto-set, platform specific
+#
+#   [*package_ensure*]
+#     Allows you to ensure a particular version of a package
+#     Default: present
+#
+#   [*package_source*]
+#     Where to find the package.  Only set this on AIX (required) and
+#     Solaris (required) or if your platform is not supported or you
+#     know, what you're doing.
+#
+#     The default for aix is the perzl sudo package. For solaris 10 we
+#     use the official www.sudo.ws binary package.
+#
+#     Default: AIX: perzl.org
+#              Solaris: www.sudo.ws
+#
+#   [*package_admin_file*]
+#     Where to find a Solaris 10 package admin file for
+#     an unattended installation. We do not supply a default file, so
+#     this has to be staged separately
+#
+#     Only set this on Solaris 10 (required)
+#     Default: /var/sadm/install/admin/puppet
+#
+#   [*purge*]
+#     Whether or not to purge sudoers.d directory
+#     Default: true
+#
+#   [*config_file*]
+#     Main configuration file.
+#     Only set this, if your platform is not supported or you know,
+#     what you're doing.
+#     Default: auto-set, platform specific
+#
+#   [*config_file_replace*]
+#     Replace configuration file with that one delivered with this module
+#     Default: true
+#
+#   [*config_dir*]
+#     Main configuration directory
+#     Only set this, if your platform is not supported or you know,
+#     what you're doing.
+#     Default: auto-set, platform specific
+#
+#   [*source*]
+#     Alternate source file location
+#     Only set this, if your platform is not supported or you know,
+#     what you're doing.
+#     Default: auto-set, platform specific
+#
+# Actions:
+#   Installs sudo package and checks the state of sudoers file and sudoers.d directory.
+#
+# Requires:
+#   Nothing
+#
+# Sample Usage:
+#   class { 'sudo': }
+#
+# [Remember: No empty lines between comments and class definition]
+class sudo(
+  $enable              = true,
+  $package             = $sudo::params::package,
+  $package_ensure      = present,
+  $package_source      = $sudo::params::package_source,
+  $package_admin_file  = $sudo::params::package_admin_file,
+  $purge               = true,
+  $config_file         = $sudo::params::config_file,
+  $config_file_replace = true,
+  $config_dir          = $sudo::params::config_dir,
+  $source              = $sudo::params::source
+) inherits sudo::params {
+  validate_bool($enable)
+  case $enable {
+    true: {
+      $dir_ensure  = 'directory'
+      $file_ensure = 'present'
+    }
+    false: {
+      $dir_ensure  = 'absent'
+      $file_ensure = 'absent'
+    }
+  }
+  class { 'sudo::package':
+    package            => $package,
+    package_ensure     => $package_ensure,
+    package_source     => $package_source,
+    package_admin_file => $package_admin_file,
+  }
+  file { $config_file:
+    ensure  => $file_ensure,
+    owner   => 'root',
+    group   => $sudo::params::config_file_group,
+    mode    => '0440',
+    replace => $config_file_replace,
+    source  => $source,
+    require => Package[$package],
+  }
+  file { $config_dir:
+    ensure  => $dir_ensure,
+    owner   => 'root',
+    group   => $sudo::params::config_file_group,
+    mode    => '0550',
+    recurse => $purge,
+    purge   => $purge,
+    require => Package[$package],
+  }
+  if $config_file_replace == false and $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' {
+    augeas { 'includedirsudoers':
+      changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'],
+      incl => "$config_file",
+      lens => 'FixedSudoers.lns',
+    }
+  }
+  # Load the Hiera based sudoer configuration (if enabled and present)
+  #
+  # NOTE: We must use 'include' here to avoid circular dependencies with
+  #     sudo::conf
+  #
+  # NOTE: There is no way to detect the existence of hiera. This automatic
+  #   functionality is therefore made exclusive to Puppet 3+ (hiera is embedded)
+  #   in order to preserve backwards compatibility.
+  #
+  #   http://projects.puppetlabs.com/issues/12345
+  #
+  if (versioncmp($::puppetversion, '3') != -1) {
+    include 'sudo::configs'
+  }
+}

data/lib/templates/puppet/step-0/modules/sudo/manifests/package/aix.pp ADDED Viewed

@@ -0,0 +1,46 @@
+# == Class: sudo::package::aix
+#
+# Install the perzl.org sudo package. It also requires the openldap
+# rpm. so we add a dependencies to the ldap module.
+#
+# === Parameters
+#
+# Document parameters here.
+#
+# [*package*]
+#   The name of the sudo package to be installed
+#
+# [*package_ensure*]
+#   Ensure if present or absent
+#
+# [*package_source*]
+#   Where to find the sudo packge, should be a local file or a uri
+#
+# === Examples
+#
+#  class { sudo::package::aix:
+#    package => 'sudo',
+#    package_source 'http://myaixpkgserver/pkgs/aix/sudo-1.8.6p7-1.aix5.1.ppc.rpm'',
+#  }
+#
+# === Authors
+#
+# Toni Schmidbauer <toni@stderr.at>
+#
+# === Copyright
+#
+# Copyright 2013 Toni Schmidbauer
+#
+class sudo::package::aix (
+  $package,
+  $package_source,
+  $package_ensure = 'present',
+  ) {
+    package { $package:
+      ensure   => $package_ensure,
+      source   => $package_source,
+      provider => rpm,
+    }
+}

data/lib/templates/puppet/step-0/modules/sudo/manifests/package/solaris.pp ADDED Viewed

@@ -0,0 +1,60 @@
+# == Class: sudo::package::solaris
+#
+# install sudo under solaris 10/11.
+#
+# === Parameters
+#
+# Document parameters here.
+#
+# [*package*]
+#   The name of the sudo package to be installed
+#
+# [*package_ensure*]
+#   Ensure if present or absent
+#
+# [*package_source*]
+#   Where to find the sudo packge, should be a local file or a uri
+#
+# [*package_admin_file*]
+#   Solaris 10 package admin file for unattended installation
+#
+# === Examples
+#
+#  class { sudo::package::solaris:
+#    package => 'sudo',
+#  }
+#
+# === Authors
+#
+# Toni Schmidbauer <toni@stderr.at>
+#
+# === Copyright
+#
+# Copyright 2013 Toni Schmidbauer
+#
+class sudo::package::solaris (
+  $package,
+  $package_source     = '',
+  $package_ensure     = 'present',
+  $package_admin_file = '',
+  ) {
+  case $::kernelrelease {
+    '5.11': {
+      package { $package:
+        ensure => $package_ensure,
+      }
+    }
+    '5.10': {
+      package { $package:
+        ensure          => $package_ensure,
+        source          => $package_source,
+        adminfile       => $package_admin_file,
+        install_options => ['-G', ],
+      }
+    }
+    default: {
+      fail("Unsupported Solaris kernelrelease ${::kernelrelease}!")
+    }
+  }
+}

data/lib/templates/puppet/step-0/modules/sudo/manifests/package.pp ADDED Viewed

@@ -0,0 +1,61 @@
+# == Class: sudo::package
+#
+# Installs the sudo package on various platforms.
+#
+# === Parameters
+#
+# Document parameters here.
+#
+# [*package*]
+#   The name of the sudo package to be installed
+#
+# [*package_ensure*]
+#   Ensure if present or absent
+#
+# [*package_source*]
+#   Where to find the sudo packge, should be a local file or a uri
+#
+# === Examples
+#
+#  class { sysdoc::package
+#    package => 'sudo',
+#  }
+#
+# === Authors
+#
+# Toni Schmidbauer <toni@stderr.at>
+#
+# === Copyright
+#
+# Copyright 2013 Toni Schmidbauer
+#
+class sudo::package(
+  $package,
+  $package_ensure = present,
+  $package_source = '',
+  $package_admin_file = '',
+  ) {
+  case $::osfamily {
+    aix: {
+      class { 'sudo::package::aix':
+        package        => $package,
+        package_source => $package_source,
+        package_ensure => $package_ensure,
+      }
+    }
+    solaris: {
+      class { 'sudo::package::solaris':
+        package            => $package,
+        package_source     => $package_source,
+        package_ensure     => $package_ensure,
+        package_admin_file => $package_admin_file,
+      }
+    }
+    default: {
+      package { $package:
+        ensure => $package_ensure,
+      }
+    }
+  }
+}

data/lib/templates/puppet/step-0/modules/sudo/manifests/params.pp ADDED Viewed

@@ -0,0 +1,127 @@
+class sudo::params {
+  $source_base = "puppet:///modules/${module_name}/"
+  case $::osfamily {
+    debian: {
+      case $::operatingsystem {
+        'Ubuntu': {
+          $source = "${source_base}sudoers.ubuntu"
+        }
+        default: {
+          case $::lsbdistcodename {
+            'wheezy': {
+              $source = "${source_base}sudoers.wheezy"
+            }
+            default: {
+              $source = "${source_base}sudoers.deb"
+            }
+          }
+        }
+      }
+      $package = 'sudo'
+      $config_file = '/etc/sudoers'
+      $config_dir = '/etc/sudoers.d/'
+      $config_file_group = 'root'
+    }
+    redhat: {
+      $package = 'sudo'
+      $config_file = '/etc/sudoers'
+      $config_dir = '/etc/sudoers.d/'
+      $source = $::operatingsystemrelease ? {
+        /^5/    => "${source_base}sudoers.rhel5",
+        /^6/    => "${source_base}sudoers.rhel6",
+        default => "${source_base}sudoers.rhel6",
+        }
+      $config_file_group = 'root'
+    }
+    suse: {
+      $package = 'sudo'
+      $config_file = '/etc/sudoers'
+      $config_dir = '/etc/sudoers.d/'
+      $source = "${source_base}sudoers.suse"
+      $config_file_group = 'root'
+    }
+    solaris: {
+      case $::operatingsystem {
+        'OmniOS': {
+          $package = 'sudo'
+          $config_file = '/etc/sudoers'
+          $config_dir = '/etc/sudoers.d/'
+          $source = "${source_base}sudoers.omnios"
+          $config_file_group = 'root'
+        }
+        default: {
+          case $::kernelrelease {
+            '5.11': {
+              $package = 'pkg://solaris/security/sudo'
+              $config_file = '/etc/sudoers'
+              $config_dir = '/etc/sudoers.d/'
+              $source = "${source_base}sudoers.solaris"
+              $config_file_group = 'root'
+            }
+            '5.10': {
+              $package = 'TCMsudo'
+              $package_source = 'http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-i386.pkg.gz'
+              $package_admin_file = '/var/sadm/install/admin/puppet'
+              $config_file = '/etc/sudoers'
+              $config_dir = '/etc/sudoers.d/'
+              $source = "${source_base}sudoers.solaris"
+              $config_file_group = 'root'
+            }
+            default: {
+              fail("Unsupported platform: ${::osfamily}/${::operatingsystem}/${::kernelrelease}")
+            }
+          }
+        }
+      }
+    }
+    freebsd: {
+      $package = 'security/sudo'
+      $config_file = '/usr/local/etc/sudoers'
+      $config_dir = '/usr/local/etc/sudoers.d/'
+      $source = "${source_base}sudoers.freebsd"
+      $config_file_group = 'wheel'
+    }
+    aix: {
+      $package = 'sudo'
+      $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm'
+      $config_file = '/etc/sudoers'
+      $config_dir = '/etc/sudoers.d/'
+      $source = "${source_base}sudoers.aix"
+      $config_file_group = 'system'
+    }
+    default: {
+      case $::operatingsystem {
+        gentoo: {
+          $package = 'sudo'
+          $config_file = '/etc/sudoers'
+          $config_dir = '/etc/sudoers.d/'
+          $source = "${source_base}sudoers.deb"
+          $config_file_group = 'root'
+        }
+        archlinux: {
+          $package = 'sudo'
+          $config_file = '/etc/sudoers'
+          $config_dir = '/etc/sudoers.d/'
+          $source = "${source_base}sudoers.archlinux"
+          $config_file_group = 'root'
+        }
+        amazon: {
+          $package = 'sudo'
+          $config_file = '/etc/sudoers'
+          $config_dir = '/etc/sudoers.d/'
+          $source = $::operatingsystemrelease ? {
+            /^5/    => "${source_base}sudoers.rhel5",
+            /^6/    => "${source_base}sudoers.rhel6",
+            default => "${source_base}sudoers.rhel6",
+          }
+          $config_file_group = 'root'
+        }
+        default: {
+          fail("Unsupported platform: ${::osfamily}/${::operatingsystem}")
+        }
+      }
+    }
+  }
+}

data/lib/templates/puppet/step-0/modules/sudo/metadata.json ADDED Viewed

@@ -0,0 +1,59 @@
+{
+  "author": "saz",
+  "checksums": {
+    "manifests/package.pp": "75b527364251a68c95b9958bc46f2de4",
+    "lib/augeas/lenses/fixedsudoers.aug": "1492fda700091a906d27195bcdc40c90",
+    "spec/classes/package_aix_spec.rb": "bec2e7879dba5977f2a470b230c11750",
+    ".gemfile": "14bd1a18be3e43568e7825c12a3dc0aa",
+    "manifests/configs.pp": "c6e29a9a2490d00a9aacadbbd887e38d",
+    ".travis.yml": "2fbb8aedfde8603aca1a9617bf450f13",
+    "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
+    "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
+    "LICENSE": "c43ad7837d4770c3823fdab29a78f0e3",
+    "manifests/params.pp": "e290e3610dc6b9e02cf0d3c4b7750a3a",
+    "files/sudoers.deb": "ebd77e09715c4da6be84d56233139fff",
+    "manifests/allow.pp": "888e9ed1f5e4c6ec4d7309b7dc390296",
+    "files/sudoers.rhel5": "68ba7e0c1d117579112e5ef95464aac5",
+    "spec/classes/sudo_spec.rb": "eadd5d58f918783ca0c15d0ff4c3e3a3",
+    "files/sudoers.rhel6": "4093e52552d97099d003c645f15f9372",
+    "manifests/package/aix.pp": "195b5cd05c7921ead3c32674f84b1af7",
+    "manifests/init.pp": "b3133b7505c83daad6d613b6a755191f",
+    "files/sudoers.omnios": "cd782a48b45d845b34262063e4c8c0b1",
+    "files/sudoers.suse": "40468b19c03962cf383caf5ababed6d0",
+    "manifests/conf.pp": "25aa49bd86d5884cd8b1ec4b0b905de4",
+    "files/sudoers.freebsd": "4e2d60b0bdc7c3d77ceae7fd9224f47f",
+    "README.md": "e9e3f573a085c08d2ea116a0fed38e7a",
+    "Rakefile": "0254db5d3fc38c67a2c160d7296a24f8",
+    ".bundle/config": "7f1c988748783d2a8d455376eed1470c",
+    "files/sudoers.aix": "cd782a48b45d845b34262063e4c8c0b1",
+    "spec/classes/package_spec.rb": "0f9bbd84bf19cdf08ec8018bf42b8cf2",
+    "spec/defines/sudo_spec.rb": "e98a45d7e4c4eee0118f0e54c3c63440",
+    "templates/users_groups.erb": "93854eda68a164a05d3c2aed3efbea6e",
+    "Modulefile": "aef6a385252d46ca3faadad77354dcad",
+    "tests/init.pp": "63f528ee1d1698fadd336da35dd4ec7a",
+    "files/sudoers.archlinux": "5256992be7eb0edb09564f08f01e92c6",
+    ".fixtures.yml": "5999b8700eec463d58e0d6c1f95141b0",
+    "files/sudoers.wheezy": "730c932c78e53458817e742050edb089",
+    ".gemfile.lock": "c37e217586bb814998d29338aca60d1b",
+    "files/sudoers.ubuntu": "e8e73f16ed73309df7574c12fbcc0af7",
+    "manifests/package/solaris.pp": "ff97652fef9bab5157a48ef9b9d87ac8",
+    "files/sudoers.solaris": "49aee40059e1427dd59b8b5c25a45ca5"
+  },
+  "dependencies": [
+    {
+      "name": "puppetlabs/stdlib",
+      "version_requirement": "\u003e\u003d 2.3.0"
+    }
+  ],
+  "description": "Manage sudo configuration via Puppet",
+  "license": "Apache License, Version 2.0",
+  "name": "saz-sudo",
+  "operatingsystem_support": [],
+  "project_page": "https://github.com/saz/puppet-sudo",
+  "requirements": [],
+  "source": "UNKNOWN",
+  "summary": "UNKNOWN",
+  "tags": [],
+  "types": [],
+  "version": "3.0.6"
+}

data/lib/templates/puppet/step-0/modules/sudo/templates/users_groups.erb ADDED Viewed

@@ -0,0 +1,9 @@
+# This file is managed by Puppet. All changes will be reverted
+# on the next Puppet run. Avoid making changes here.
+<%# We can prevent excess newlines by using a special "-%" closing tag -%>
+<% @users.each do |user| -%>
+<%= user %> ALL=(ALL) ALL
+<% end -%>
+<% @groups.each do |group| -%>
+%<%= group %> ALL=(ALL) ALL
+<% end -%>

data/lib/templates/puppet/step-0/modules/users/manifests/init.pp ADDED Viewed

@@ -0,0 +1,15 @@
+class users {
+  $hiera_users = hiera("user_accounts")
+  each($hiera_users) |$value| {
+    $name = $value[name]
+    $email = $value[email]
+    $uid = $value[uid]
+    $key = $value[key]
+    users::user { $name:
+      uid => $uid,
+      email => $email,
+      key => $key,
+    }
+  }
+}

data/lib/templates/puppet/step-0/modules/users/manifests/user.pp ADDED Viewed

@@ -0,0 +1,50 @@
+define users::user($email, $uid, $key)  {
+  $username = $title
+  $groups = ["root", "sudo"]
+  user { $username:
+    ensure     => present,
+    comment    => "${email}",
+    home       => "/home/${username}",
+    shell      => "/bin/bash",
+    groups     => $groups,
+    membership => "inclusive",
+    uid        => $uid,
+    managehome => true,
+    # Generated from openssl passwd -1 in the server
+    # by default 'bebox'
+    password   => '$1$x3VGbtoD$igWgkE/f.P3QpQjOZcTBz/'
+  }
+  group { $username:
+    gid     => $uid,
+    require => User[$username],
+  }
+  file { "/home/${username}/":
+    ensure  => directory,
+    owner   => $username,
+    group   => $username,
+    mode    => 0644,
+    require => [ User[$username], Group[$username] ]
+  }
+  file { "/home/${username}/.ssh":
+    ensure  => directory,
+    owner   => $username,
+    group   => $username,
+    mode    => 0600,
+    require => File["/home/${username}/"],
+  }
+  file { "/home/${username}/.ssh/authorized_keys":
+    ensure  => present,
+    owner   => $username,
+    group   => $username,
+    mode    => 0600,
+    require => File["/home/${username}/.ssh"],
+    content => $key,
+  }
+}

data/lib/templates/puppet/step-1/Puppetfile.erb ADDED Viewed

@@ -0,0 +1,5 @@
+forge "https://forgeapi.puppetlabs.com"
+<% profile_modules.each do |puppet_module| %>
+<%="#{puppet_module}\n"%>
+<% end %>

data/lib/templates/puppet/step-1/hiera/data/common.yaml.erb ADDED Viewed

@@ -0,0 +1,11 @@
+user_accounts:
+  - name:   '<%= project_name %>'
+    email:  ''
+    key:    '<%= ssh_key %>'
+    uid:    7001
+# Add rules to permit ssh forward agent to github repositories
+ssh::client_rules:
+  'Host github.com':
+    'User' : '<%= project_name %>'
+    'ForwardAgent': 'yes'
+    'StrictHostKeyChecking': 'no'

data/lib/templates/puppet/step-1/hiera/data/environment.yaml.erb ADDED Viewed

@@ -0,0 +1,11 @@
+user_accounts:
+  - name:   '<%= project_name %>'
+    email:  ''
+    key:    '<%= ssh_key %>'
+    uid:    7001
+# Add rules to permit ssh forward agent to github repositories
+ssh::client_rules:
+  'Host github.com':
+    'User' : '<%= project_name %>'
+    'ForwardAgent': 'yes'
+    'StrictHostKeyChecking': 'no'

data/lib/templates/puppet/step-1/hiera/data/node.yaml.erb ADDED Viewed

@@ -0,0 +1,11 @@
+user_accounts:
+  - name:   '<%= project_name %>'
+    email:  ''
+    key:    '<%= ssh_key %>'
+    uid:    7001
+# Add rules to permit ssh forward agent to github repositories
+ssh::client_rules:
+  'Host github.com':
+    'User' : '<%= project_name %>'
+    'ForwardAgent': 'yes'
+    'StrictHostKeyChecking': 'no'

data/lib/templates/puppet/step-1/hiera/hiera.yaml.erb ADDED Viewed

@@ -0,0 +1,11 @@
+# Important note: This file is empty.
+# /etc/puppet/hiera.yml is used by default.
+# deploy_user and deploy_environment is set in the puppet apply command executed by capistrano
+:backends: yaml
+:yaml:
+  :datadir: %{::deploy_to}/current/steps/<%=step_dir%>/hiera/data
+:hierarchy:
+  - %{::fqdn}
+  - %{::deploy_environment}
+  - common
+:logger: console

data/lib/templates/puppet/step-1/manifests/node.erb ADDED Viewed

@@ -0,0 +1,5 @@
+node <%= node.hostname %> {
+  include roles::users
+}

data/lib/templates/puppet/step-1/manifests/site.pp.erb ADDED Viewed

@@ -0,0 +1,15 @@
+# This file associates nodes with roles
+# Example:
+# node node0.server1.test {
+#   include roles::role_1
+# }
+# The roles and profiles pattern recommends to associate one node with
+# one and only one role.
+# The role can be set to the node manually or through the
+# 'bebox node set_role' command.
+<% nodes.each do |node| %>
+node <%= node.hostname %> {
+  include roles::users
+}
+<% end %>