provizioning 0.4.4 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. data/lib/provizioning/version.rb +1 -1
  2. data/puppet/classes/users.pp +22 -0
  3. metadata +6 -17
  4. data/puppet/modules/users/README +0 -28
  5. data/puppet/modules/users/manifests/adduser.pp +0 -16
  6. data/puppet/modules/users/manifests/admin.pp +0 -11
  7. data/puppet/modules/users/manifests/automount.pp +0 -34
  8. data/puppet/modules/users/manifests/deluser.pp +0 -8
  9. data/puppet/modules/users/manifests/example42.pp +0 -16
  10. data/puppet/modules/users/manifests/init.pp +0 -31
  11. data/puppet/modules/users/manifests/ldap.pp +0 -114
  12. data/puppet/modules/users/manifests/params.pp +0 -84
  13. data/puppet/modules/users/templates/ldap/ldap.conf.erb +0 -13
  14. data/puppet/modules/users/templates/ldap/nsswitch.conf.erb +0 -23
  15. data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb +0 -8
data/lib/provizioning/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Provizioning
2
- VERSION = "0.4.4"
2
+ VERSION = "0.4.5"
3
3
  end
data/puppet/classes/users.pp ADDED
@@ -0,0 +1,22 @@
1
+ # Class: users
2
+ #
3
+ # Manages local users and external authentication methods
4
+ #
5
+ # Usage:
6
+ # include users
7
+ #
8
+ class users {
9
+ define user_homedir($fullname) {
10
+ user { "$name":
11
+ comment => "$fullname",
12
+ home => "/home/$name"
13
+ }
14
+
15
+ exec { "$name homedir":
16
+ command => "cp -R /etc/skel /home/$name; chown -R $name /home/$name",
17
+ path => "/bin:/usr/sbin",
18
+ creates => "/home/$name",
19
+ require => User[$name],
20
+ }
21
+ }
22
+ }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: provizioning
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 0.4.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-11-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: capistrano
16
- requirement: &2157234620 !ruby/object:Gem::Requirement
16
+ requirement: &2160147500 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2157234620
24
+ version_requirements: *2160147500
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: capistrano-ext
27
- requirement: &2157233100 !ruby/object:Gem::Requirement
27
+ requirement: &2160146160 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *2157233100
35
+ version_requirements: *2160146160
36
36
  description: Server provisioning tools, recipes and templates based on Sprinkle
37
37
  email:
38
38
  - victor.castell@season.es
@@ -98,6 +98,7 @@ files:
98
98
  - puppet/classes/syslogng.pp
99
99
  - puppet/classes/syslogng/CentOS.cnf
100
100
  - puppet/classes/syslogng/Ubuntu.cnf
101
+ - puppet/classes/users.pp
101
102
  - puppet/classes/xml.pp
102
103
  - puppet/classes/yum.pp
103
104
  - puppet/classes/zsh.pp
@@ -213,18 +214,6 @@ files:
213
214
  - puppet/modules/sudo/manifests/install.pp
214
215
  - puppet/modules/sudo/manifests/sudoers.pp
215
216
  - puppet/modules/ufw/manifests/init.pp
216
- - puppet/modules/users/README
217
- - puppet/modules/users/manifests/adduser.pp
218
- - puppet/modules/users/manifests/admin.pp
219
- - puppet/modules/users/manifests/automount.pp
220
- - puppet/modules/users/manifests/deluser.pp
221
- - puppet/modules/users/manifests/example42.pp
222
- - puppet/modules/users/manifests/init.pp
223
- - puppet/modules/users/manifests/ldap.pp
224
- - puppet/modules/users/manifests/params.pp
225
- - puppet/modules/users/templates/ldap/ldap.conf.erb
226
- - puppet/modules/users/templates/ldap/nsswitch.conf.erb
227
- - puppet/modules/users/templates/ldap/openldap-ldap.conf.erb
228
217
  - puppet/modules/webmin/manifests/init.pp
229
218
  - puppet/roles/blank.pp
230
219
  - puppet/site.pp
data/puppet/modules/users/README DELETED
@@ -1,28 +0,0 @@
1
- Puppet module: users
2
-
3
- # Written by Lab42 #
4
- # http://www.example42.com
5
-
6
- Licence: GPLv3
7
-
8
-
9
- DESCRIPTION:
10
- This module provides users management on the system.
11
- It manages both local users (you have obviously to add them according to custom needs) and external authentication sources, such as ldap. It provides automount features.
12
-
13
-
14
- USER VARIABLES:
15
- In order to customize the behaviour of the module you can set the following variables:
16
- $users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
17
- $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
18
- $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
19
- $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
20
- $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
21
-
22
-
23
- USAGE:
24
- # Standard Classes
25
- include users # Manages users via Puppet. Set the above variables to manage ldap authentication.
26
- # If $my_project is set, it autoloads users::$my_project where you can define custom local users and custom configurations
27
-
28
- DEPENDENCIES:
data/puppet/modules/users/manifests/adduser.pp DELETED
@@ -1,16 +0,0 @@
1
- define adduser ( $uid='', $gid='', $shell='/bin/bash', $home='', $comment='', $password='', $groups='' ) {
2
-
3
- user {
4
- "$name":
5
- # Temp fix for err: //Node[test.example42.com]/general/hardening::eal4/users::admins/Adduser[admin]/User[admin]/uid: change from 500 to failed: Could not set uid on user[admin]: Execution of '/usr/sbin/usermod -u admin' returned 4: usermod: uid 0 is not unique
6
- # Uncomment and fix when necessary
7
- # uid => $uid,
8
- # gid => $gid,
9
- shell => $shell,
10
- comment => $comment,
11
- home => $home,
12
- password => $password,
13
- groups => $groups,
14
- ensure => present,
15
- }
16
- }
data/puppet/modules/users/manifests/admin.pp DELETED
@@ -1,11 +0,0 @@
1
- class users::admin {
2
- # Creates user: admin with wheel privileges
3
- # Default password = 'example' CHANGE IT
4
- user {
5
- "admin":
6
- ensure => present,
7
- groups => 'wheel',
8
- # Default password = 'example' CHANGE IT before uncommenting
9
- # password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
10
- }
11
- }
data/puppet/modules/users/manifests/automount.pp DELETED
@@ -1,34 +0,0 @@
1
- # Class: users::automount
2
- #
3
- # Manages users' home directory automount
4
- #
5
- # Usage:
6
- # Set $users_auth = "ldap" and $users_automount = "yes" and
7
- # include users
8
- # NOTE/TODO: This class is made for automounter based on ldap. When and if other auth methods will be supported this class will be refactored.
9
- #
10
- # Variables:
11
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
12
- #
13
- class users::automount {
14
-
15
- # Load the variables used in this module. Check the params.pp file
16
- include users::params
17
-
18
- $users_ldap_servers = $users::params::ldap_servers
19
- $users_ldap_basedn = $users::params::ldap_basedn
20
- $users_ldap_ssl = $users::params::ldap_ssl
21
- $users_automount = $users::params::automount
22
-
23
- # Required packages
24
- case $operatingsystem {
25
- ubuntu,debian: {
26
- package { "autofs": ensure => present }
27
- package { "autofs-ldap": ensure => present }
28
- }
29
- redhat,centos: {
30
- }
31
- }
32
-
33
- }
34
-
data/puppet/modules/users/manifests/deluser.pp DELETED
@@ -1,8 +0,0 @@
1
- define deluser {
2
-
3
- user {
4
- "$name":
5
- ensure => absent,
6
- }
7
- }
8
-
data/puppet/modules/users/manifests/example42.pp DELETED
@@ -1,16 +0,0 @@
1
- class users::example42 {
2
- # Adds a local "example42" user, With password "example42".
3
- user {
4
- "example42":
5
- comment => "Example 42 default user",
6
- password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
7
- ensure => present,
8
- }
9
-
10
- # Uncomment below to remove example42 user
11
- # user {
12
- # "example42":
13
- # ensure => absent,
14
- # }
15
-
16
- }
data/puppet/modules/users/manifests/init.pp DELETED
@@ -1,31 +0,0 @@
1
- # Class: users
2
- #
3
- # Manages local users and external authentication methods
4
- #
5
- # Usage:
6
- # include users
7
- #
8
- # Variables:
9
- # $users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
10
- # $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
11
- # $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
12
- # $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
13
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
14
- #
15
- class users {
16
-
17
- # Load the variables used in this module. Check the params.pp file
18
- include users::params
19
-
20
- # Include the relevant subclass according to $users_auth settings
21
- case $users::params::auth {
22
- ldap: { include users::ldap }
23
- # TODO ads: { include users::ads }
24
- # TODO nis: { include users::nis }
25
- }
26
-
27
- # Autoloads users::$my_project if $my_project is defined
28
- # Place in users::$my_project your customizatios
29
- if $my_project { include "users::${my_project}" }
30
-
31
- }
data/puppet/modules/users/manifests/ldap.pp DELETED
@@ -1,114 +0,0 @@
1
- # Class: users::ldap
2
- #
3
- # Manages ldap authentication
4
- #
5
- # Usage:
6
- # Set $users_auth = "ldap" and
7
- # include users
8
- #
9
- # Variables:
10
- # $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
11
- # $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
12
- # $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
13
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
14
- #
15
- class users::ldap {
16
-
17
- # Load the variables used in this module. Check the params.pp file
18
- include users::params
19
-
20
- $users_ldap_servers = $users::params::ldap_servers
21
- $users_ldap_basedn = $users::params::ldap_basedn
22
- $users_ldap_ssl = $users::params::ldap_ssl
23
- $users_ldap_cacert = $users::params::ldap_cacert
24
- $users_automount = $users::params::automount
25
-
26
- # PAM's configurations for ldap are managed in the dedicated pam::ldap class
27
- include pam::ldap
28
-
29
- # Include autofs::ldap if $users_automount = "yes"
30
- if $users::params::automount == "yes" { include "autofs::ldap" }
31
-
32
- # Systems' config files for LDAP
33
- file { "nsswitch.conf":
34
- path => "/etc/nsswitch.conf",
35
- mode => "644",
36
- owner => "root",
37
- group => "root",
38
- require => [ File["ldap.conf"] ],
39
- ensure => present,
40
- content => template("users/ldap/nsswitch.conf.erb"),
41
- }
42
-
43
- file { "ldap.conf":
44
- path => $users::params::configfile_ldap ,
45
- mode => "644",
46
- owner => "root",
47
- group => "root",
48
- ensure => present,
49
- content => template("users/ldap/ldap.conf.erb"),
50
- }
51
-
52
- # Openldap client config
53
- file { "openldap-ldap.conf":
54
- path => $operatingsystem ? {
55
- debian => "/etc/ldap/ldap.conf",
56
- ubuntu => "/etc/ldap/ldap.conf",
57
- redhat => "/etc/openldap/ldap.conf",
58
- centos => "/etc/openldap/ldap.conf",
59
- },
60
- mode => "644",
61
- owner => "root",
62
- group => "root",
63
- ensure => present,
64
- content => template("users/ldap/openldap-ldap.conf.erb"),
65
- # TOTO - Breaks on ubuntu804 - Verify
66
- # notify => $users_automount ? {
67
- # "yes" => "Service[autofs]",
68
- # default => undef,
69
- # },
70
- }
71
-
72
- case $users_ldap_ssl {
73
- yes: {
74
- file { "ldap_cacert":
75
- path => "${users::params::ldap_cacert}",
76
- mode => "644",
77
- owner => "root",
78
- group => "root",
79
- ensure => present,
80
- source => "${users::params::users_source}/ldap/cacert.pem",
81
- }
82
- }
83
- }
84
-
85
-
86
- # Required packages
87
- case $operatingsystem {
88
- Ubuntu,Debian: {
89
- package { "libpam-ldap": ensure => present }
90
- package { "libnss-ldap": ensure => present }
91
- package { "ldap-utils": ensure => present }
92
-
93
- case $lsbdistcodename {
94
- lenny: {
95
- # Debian 5, by default, uses a separated file for pam ldap settings
96
- file { "pam_ldap.conf":
97
- path => "/etc/pam_ldap.conf",
98
- mode => "644",
99
- owner => "root",
100
- group => "root",
101
- ensure => present,
102
- content => template("users/ldap/ldap.conf.erb"),
103
- }
104
- }
105
- }
106
-
107
- }
108
- redhat,centos: {
109
- package { "nss_ldap": ensure => present }
110
- }
111
- }
112
-
113
- }
114
-
data/puppet/modules/users/manifests/params.pp DELETED
@@ -1,84 +0,0 @@
1
- # Class: users::params
2
- #
3
- # Defines users parameters
4
- # In this class are defined as variables values that are used in other users classes
5
- # This class should be included, where necessary, and eventually be enhanced with support for more OS
6
- # You don't have generally to modify this file.
7
- #
8
- class users::params {
9
-
10
- ## DEFAULTS FOR VARIABLES USERS CAN SET
11
- # (Here are set the defaults, provide your custom variables externally)
12
-
13
- # Define the authentication method to be used
14
- $auth = $users_auth ? {
15
- '' => "local",
16
- default => $users_auth,
17
- }
18
-
19
- # Define the ldap server(s) to use (If $users_auth=ldap)
20
- $ldap_servers = $users_ldap_servers ? {
21
- '' => [ "ldapm.example42.com" , "ldaps.example42.com" ],
22
- default => $users_ldap_servers,
23
- }
24
-
25
- # Define the ldap basdn to use (If $users_auth=ldap)
26
- $ldap_basedn = $users_ldap_basedn ? {
27
- '' => "dc=example42,dc=com",
28
- default => $users_ldap_basedn,
29
- }
30
-
31
- # Define if you want to use SSL for ldap authentication (If $users_auth=ldap)
32
- $ldap_ssl = $users_ldap_ssl ? {
33
- '' => "no",
34
- default => $users_ldap_ssl,
35
- }
36
-
37
- # Define if you want to use automount (If $users_auth=ldap)
38
- $automount = $users_automount ? {
39
- '' => "no",
40
- default => $users_automount,
41
- }
42
-
43
-
44
-
45
- ## MODULES INTERNAL VARIABLES
46
- # (Modify only to adapt to unsupported OSes)
47
-
48
- $ldap_cacert = $operatingsystem ? {
49
- 'debian' => "/etc/ldap/cacert.pem",
50
- 'ubuntu' => "/etc/ldap/cacert.pem",
51
- default => "/etc/openldap/cacert.pem",
52
- }
53
-
54
- $configfile_ldap = $operatingsystem ? {
55
- debian => $lsbdistid ? {
56
- debian => "/etc/libnss-ldap.conf",
57
- ubuntu => "/etc/ldap.conf",
58
- },
59
- ubuntu => "/etc/ldap.conf",
60
- redhat => "/etc/ldap.conf",
61
- centos => "/etc/ldap.conf",
62
- }
63
-
64
-
65
- ## FILE SERVING SOURCE
66
- # Sets the correct source for static files
67
- # In order to provide files from different sources without modifying the module
68
- # you can override the default source path setting the variable $base_source
69
- # Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
70
-
71
- # What follows automatically manages the new source standard (with /modules/) from 0.25
72
-
73
- case $base_source {
74
- '': { $general_base_source="puppet://$servername" }
75
- default: { $general_base_source=$base_source }
76
- }
77
-
78
- $users_source = $puppetversion ? {
79
- /(^0.25)/ => "$general_base_source/modules/users",
80
- /(^0.)/ => "$general_base_source/users",
81
- default => "$general_base_source/modules/users",
82
- }
83
-
84
- }
data/puppet/modules/users/templates/ldap/ldap.conf.erb DELETED
@@ -1,13 +0,0 @@
1
- # File managed by Puppet
2
- host <% users_ldap_servers.each do |ldap| %><%= ldap %> <% end %>
3
- base <%= users_ldap_basedn %>
4
- pam_password exop
5
- pam_lookup_policy yes
6
-
7
- <% if users_ldap_ssl == "yes" && operatingsystem != "Ubuntu" -%>
8
- ssl start_tls
9
- tls_cacertfile <%= users_ldap_cacert %>
10
- tls_checkpeer yes
11
- <% end -%>
12
-
13
- nss_initgroups_ignoreusers Debian-exim,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntpd,proxy,root,snmp,sshd,statd,sync,sys,syslog,uucp,www-data
data/puppet/modules/users/templates/ldap/nsswitch.conf.erb DELETED
@@ -1,23 +0,0 @@
1
- # /etc/nsswitch.conf
2
- #
3
- # File managed by Puppet
4
-
5
- passwd: files ldap
6
- group: files
7
- shadow: files ldap
8
- <% if users_automount == "yes" -%>
9
- automount: ldap
10
- <% else -%>
11
- automount: files
12
- <% end -%>
13
-
14
- hosts: files dns
15
- networks: files
16
-
17
- protocols: db files
18
- services: db files
19
- ethers: db files
20
- rpc: db files
21
-
22
- # netgroup: nis
23
-
data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb DELETED
@@ -1,8 +0,0 @@
1
- # File Managed by Puppet
2
- HOST <% users_ldap_servers.each do |ldap| -%><%= ldap -%> <% end %>
3
- URI ldap://<%= users_ldap_servers.first %>
4
- BASE <%= users_ldap_basedn %>
5
- <% if users_ldap_ssl == "yes" -%>
6
- TLS_CACERT <%= users_ldap_cacert %>
7
- TLS_REQCERT demand
8
- <% end -%>