provizioning 0.4.4 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/provizioning/version.rb +1 -1
- data/puppet/classes/users.pp +22 -0
- metadata +6 -17
- data/puppet/modules/users/README +0 -28
- data/puppet/modules/users/manifests/adduser.pp +0 -16
- data/puppet/modules/users/manifests/admin.pp +0 -11
- data/puppet/modules/users/manifests/automount.pp +0 -34
- data/puppet/modules/users/manifests/deluser.pp +0 -8
- data/puppet/modules/users/manifests/example42.pp +0 -16
- data/puppet/modules/users/manifests/init.pp +0 -31
- data/puppet/modules/users/manifests/ldap.pp +0 -114
- data/puppet/modules/users/manifests/params.pp +0 -84
- data/puppet/modules/users/templates/ldap/ldap.conf.erb +0 -13
- data/puppet/modules/users/templates/ldap/nsswitch.conf.erb +0 -23
- data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb +0 -8
data/lib/provizioning/version.rb
CHANGED
@@ -0,0 +1,22 @@
|
|
1
|
+
# Class: users
|
2
|
+
#
|
3
|
+
# Manages local users and external authentication methods
|
4
|
+
#
|
5
|
+
# Usage:
|
6
|
+
# include users
|
7
|
+
#
|
8
|
+
class users {
|
9
|
+
define user_homedir($fullname) {
|
10
|
+
user { "$name":
|
11
|
+
comment => "$fullname",
|
12
|
+
home => "/home/$name"
|
13
|
+
}
|
14
|
+
|
15
|
+
exec { "$name homedir":
|
16
|
+
command => "cp -R /etc/skel /home/$name; chown -R $name /home/$name",
|
17
|
+
path => "/bin:/usr/sbin",
|
18
|
+
creates => "/home/$name",
|
19
|
+
require => User[$name],
|
20
|
+
}
|
21
|
+
}
|
22
|
+
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: provizioning
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-11-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: capistrano
|
16
|
-
requirement: &
|
16
|
+
requirement: &2160147500 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2160147500
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: capistrano-ext
|
27
|
-
requirement: &
|
27
|
+
requirement: &2160146160 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,7 +32,7 @@ dependencies:
|
|
32
32
|
version: '0'
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2160146160
|
36
36
|
description: Server provisioning tools, recipes and templates based on Sprinkle
|
37
37
|
email:
|
38
38
|
- victor.castell@season.es
|
@@ -98,6 +98,7 @@ files:
|
|
98
98
|
- puppet/classes/syslogng.pp
|
99
99
|
- puppet/classes/syslogng/CentOS.cnf
|
100
100
|
- puppet/classes/syslogng/Ubuntu.cnf
|
101
|
+
- puppet/classes/users.pp
|
101
102
|
- puppet/classes/xml.pp
|
102
103
|
- puppet/classes/yum.pp
|
103
104
|
- puppet/classes/zsh.pp
|
@@ -213,18 +214,6 @@ files:
|
|
213
214
|
- puppet/modules/sudo/manifests/install.pp
|
214
215
|
- puppet/modules/sudo/manifests/sudoers.pp
|
215
216
|
- puppet/modules/ufw/manifests/init.pp
|
216
|
-
- puppet/modules/users/README
|
217
|
-
- puppet/modules/users/manifests/adduser.pp
|
218
|
-
- puppet/modules/users/manifests/admin.pp
|
219
|
-
- puppet/modules/users/manifests/automount.pp
|
220
|
-
- puppet/modules/users/manifests/deluser.pp
|
221
|
-
- puppet/modules/users/manifests/example42.pp
|
222
|
-
- puppet/modules/users/manifests/init.pp
|
223
|
-
- puppet/modules/users/manifests/ldap.pp
|
224
|
-
- puppet/modules/users/manifests/params.pp
|
225
|
-
- puppet/modules/users/templates/ldap/ldap.conf.erb
|
226
|
-
- puppet/modules/users/templates/ldap/nsswitch.conf.erb
|
227
|
-
- puppet/modules/users/templates/ldap/openldap-ldap.conf.erb
|
228
217
|
- puppet/modules/webmin/manifests/init.pp
|
229
218
|
- puppet/roles/blank.pp
|
230
219
|
- puppet/site.pp
|
data/puppet/modules/users/README
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
Puppet module: users
|
2
|
-
|
3
|
-
# Written by Lab42 #
|
4
|
-
# http://www.example42.com
|
5
|
-
|
6
|
-
Licence: GPLv3
|
7
|
-
|
8
|
-
|
9
|
-
DESCRIPTION:
|
10
|
-
This module provides users management on the system.
|
11
|
-
It manages both local users (you have obviously to add them according to custom needs) and external authentication sources, such as ldap. It provides automount features.
|
12
|
-
|
13
|
-
|
14
|
-
USER VARIABLES:
|
15
|
-
In order to customize the behaviour of the module you can set the following variables:
|
16
|
-
$users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
|
17
|
-
$users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
|
18
|
-
$users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
|
19
|
-
$users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
|
20
|
-
$users_automount (default: "no") - Set to "yes" if you want to enable homes automount
|
21
|
-
|
22
|
-
|
23
|
-
USAGE:
|
24
|
-
# Standard Classes
|
25
|
-
include users # Manages users via Puppet. Set the above variables to manage ldap authentication.
|
26
|
-
# If $my_project is set, it autoloads users::$my_project where you can define custom local users and custom configurations
|
27
|
-
|
28
|
-
DEPENDENCIES:
|
@@ -1,16 +0,0 @@
|
|
1
|
-
define adduser ( $uid='', $gid='', $shell='/bin/bash', $home='', $comment='', $password='', $groups='' ) {
|
2
|
-
|
3
|
-
user {
|
4
|
-
"$name":
|
5
|
-
# Temp fix for err: //Node[test.example42.com]/general/hardening::eal4/users::admins/Adduser[admin]/User[admin]/uid: change from 500 to failed: Could not set uid on user[admin]: Execution of '/usr/sbin/usermod -u admin' returned 4: usermod: uid 0 is not unique
|
6
|
-
# Uncomment and fix when necessary
|
7
|
-
# uid => $uid,
|
8
|
-
# gid => $gid,
|
9
|
-
shell => $shell,
|
10
|
-
comment => $comment,
|
11
|
-
home => $home,
|
12
|
-
password => $password,
|
13
|
-
groups => $groups,
|
14
|
-
ensure => present,
|
15
|
-
}
|
16
|
-
}
|
@@ -1,11 +0,0 @@
|
|
1
|
-
class users::admin {
|
2
|
-
# Creates user: admin with wheel privileges
|
3
|
-
# Default password = 'example' CHANGE IT
|
4
|
-
user {
|
5
|
-
"admin":
|
6
|
-
ensure => present,
|
7
|
-
groups => 'wheel',
|
8
|
-
# Default password = 'example' CHANGE IT before uncommenting
|
9
|
-
# password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
|
10
|
-
}
|
11
|
-
}
|
@@ -1,34 +0,0 @@
|
|
1
|
-
# Class: users::automount
|
2
|
-
#
|
3
|
-
# Manages users' home directory automount
|
4
|
-
#
|
5
|
-
# Usage:
|
6
|
-
# Set $users_auth = "ldap" and $users_automount = "yes" and
|
7
|
-
# include users
|
8
|
-
# NOTE/TODO: This class is made for automounter based on ldap. When and if other auth methods will be supported this class will be refactored.
|
9
|
-
#
|
10
|
-
# Variables:
|
11
|
-
# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
|
12
|
-
#
|
13
|
-
class users::automount {
|
14
|
-
|
15
|
-
# Load the variables used in this module. Check the params.pp file
|
16
|
-
include users::params
|
17
|
-
|
18
|
-
$users_ldap_servers = $users::params::ldap_servers
|
19
|
-
$users_ldap_basedn = $users::params::ldap_basedn
|
20
|
-
$users_ldap_ssl = $users::params::ldap_ssl
|
21
|
-
$users_automount = $users::params::automount
|
22
|
-
|
23
|
-
# Required packages
|
24
|
-
case $operatingsystem {
|
25
|
-
ubuntu,debian: {
|
26
|
-
package { "autofs": ensure => present }
|
27
|
-
package { "autofs-ldap": ensure => present }
|
28
|
-
}
|
29
|
-
redhat,centos: {
|
30
|
-
}
|
31
|
-
}
|
32
|
-
|
33
|
-
}
|
34
|
-
|
@@ -1,16 +0,0 @@
|
|
1
|
-
class users::example42 {
|
2
|
-
# Adds a local "example42" user, With password "example42".
|
3
|
-
user {
|
4
|
-
"example42":
|
5
|
-
comment => "Example 42 default user",
|
6
|
-
password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
|
7
|
-
ensure => present,
|
8
|
-
}
|
9
|
-
|
10
|
-
# Uncomment below to remove example42 user
|
11
|
-
# user {
|
12
|
-
# "example42":
|
13
|
-
# ensure => absent,
|
14
|
-
# }
|
15
|
-
|
16
|
-
}
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# Class: users
|
2
|
-
#
|
3
|
-
# Manages local users and external authentication methods
|
4
|
-
#
|
5
|
-
# Usage:
|
6
|
-
# include users
|
7
|
-
#
|
8
|
-
# Variables:
|
9
|
-
# $users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
|
10
|
-
# $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
|
11
|
-
# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
|
12
|
-
# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
|
13
|
-
# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
|
14
|
-
#
|
15
|
-
class users {
|
16
|
-
|
17
|
-
# Load the variables used in this module. Check the params.pp file
|
18
|
-
include users::params
|
19
|
-
|
20
|
-
# Include the relevant subclass according to $users_auth settings
|
21
|
-
case $users::params::auth {
|
22
|
-
ldap: { include users::ldap }
|
23
|
-
# TODO ads: { include users::ads }
|
24
|
-
# TODO nis: { include users::nis }
|
25
|
-
}
|
26
|
-
|
27
|
-
# Autoloads users::$my_project if $my_project is defined
|
28
|
-
# Place in users::$my_project your customizatios
|
29
|
-
if $my_project { include "users::${my_project}" }
|
30
|
-
|
31
|
-
}
|
@@ -1,114 +0,0 @@
|
|
1
|
-
# Class: users::ldap
|
2
|
-
#
|
3
|
-
# Manages ldap authentication
|
4
|
-
#
|
5
|
-
# Usage:
|
6
|
-
# Set $users_auth = "ldap" and
|
7
|
-
# include users
|
8
|
-
#
|
9
|
-
# Variables:
|
10
|
-
# $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
|
11
|
-
# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
|
12
|
-
# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
|
13
|
-
# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
|
14
|
-
#
|
15
|
-
class users::ldap {
|
16
|
-
|
17
|
-
# Load the variables used in this module. Check the params.pp file
|
18
|
-
include users::params
|
19
|
-
|
20
|
-
$users_ldap_servers = $users::params::ldap_servers
|
21
|
-
$users_ldap_basedn = $users::params::ldap_basedn
|
22
|
-
$users_ldap_ssl = $users::params::ldap_ssl
|
23
|
-
$users_ldap_cacert = $users::params::ldap_cacert
|
24
|
-
$users_automount = $users::params::automount
|
25
|
-
|
26
|
-
# PAM's configurations for ldap are managed in the dedicated pam::ldap class
|
27
|
-
include pam::ldap
|
28
|
-
|
29
|
-
# Include autofs::ldap if $users_automount = "yes"
|
30
|
-
if $users::params::automount == "yes" { include "autofs::ldap" }
|
31
|
-
|
32
|
-
# Systems' config files for LDAP
|
33
|
-
file { "nsswitch.conf":
|
34
|
-
path => "/etc/nsswitch.conf",
|
35
|
-
mode => "644",
|
36
|
-
owner => "root",
|
37
|
-
group => "root",
|
38
|
-
require => [ File["ldap.conf"] ],
|
39
|
-
ensure => present,
|
40
|
-
content => template("users/ldap/nsswitch.conf.erb"),
|
41
|
-
}
|
42
|
-
|
43
|
-
file { "ldap.conf":
|
44
|
-
path => $users::params::configfile_ldap ,
|
45
|
-
mode => "644",
|
46
|
-
owner => "root",
|
47
|
-
group => "root",
|
48
|
-
ensure => present,
|
49
|
-
content => template("users/ldap/ldap.conf.erb"),
|
50
|
-
}
|
51
|
-
|
52
|
-
# Openldap client config
|
53
|
-
file { "openldap-ldap.conf":
|
54
|
-
path => $operatingsystem ? {
|
55
|
-
debian => "/etc/ldap/ldap.conf",
|
56
|
-
ubuntu => "/etc/ldap/ldap.conf",
|
57
|
-
redhat => "/etc/openldap/ldap.conf",
|
58
|
-
centos => "/etc/openldap/ldap.conf",
|
59
|
-
},
|
60
|
-
mode => "644",
|
61
|
-
owner => "root",
|
62
|
-
group => "root",
|
63
|
-
ensure => present,
|
64
|
-
content => template("users/ldap/openldap-ldap.conf.erb"),
|
65
|
-
# TOTO - Breaks on ubuntu804 - Verify
|
66
|
-
# notify => $users_automount ? {
|
67
|
-
# "yes" => "Service[autofs]",
|
68
|
-
# default => undef,
|
69
|
-
# },
|
70
|
-
}
|
71
|
-
|
72
|
-
case $users_ldap_ssl {
|
73
|
-
yes: {
|
74
|
-
file { "ldap_cacert":
|
75
|
-
path => "${users::params::ldap_cacert}",
|
76
|
-
mode => "644",
|
77
|
-
owner => "root",
|
78
|
-
group => "root",
|
79
|
-
ensure => present,
|
80
|
-
source => "${users::params::users_source}/ldap/cacert.pem",
|
81
|
-
}
|
82
|
-
}
|
83
|
-
}
|
84
|
-
|
85
|
-
|
86
|
-
# Required packages
|
87
|
-
case $operatingsystem {
|
88
|
-
Ubuntu,Debian: {
|
89
|
-
package { "libpam-ldap": ensure => present }
|
90
|
-
package { "libnss-ldap": ensure => present }
|
91
|
-
package { "ldap-utils": ensure => present }
|
92
|
-
|
93
|
-
case $lsbdistcodename {
|
94
|
-
lenny: {
|
95
|
-
# Debian 5, by default, uses a separated file for pam ldap settings
|
96
|
-
file { "pam_ldap.conf":
|
97
|
-
path => "/etc/pam_ldap.conf",
|
98
|
-
mode => "644",
|
99
|
-
owner => "root",
|
100
|
-
group => "root",
|
101
|
-
ensure => present,
|
102
|
-
content => template("users/ldap/ldap.conf.erb"),
|
103
|
-
}
|
104
|
-
}
|
105
|
-
}
|
106
|
-
|
107
|
-
}
|
108
|
-
redhat,centos: {
|
109
|
-
package { "nss_ldap": ensure => present }
|
110
|
-
}
|
111
|
-
}
|
112
|
-
|
113
|
-
}
|
114
|
-
|
@@ -1,84 +0,0 @@
|
|
1
|
-
# Class: users::params
|
2
|
-
#
|
3
|
-
# Defines users parameters
|
4
|
-
# In this class are defined as variables values that are used in other users classes
|
5
|
-
# This class should be included, where necessary, and eventually be enhanced with support for more OS
|
6
|
-
# You don't have generally to modify this file.
|
7
|
-
#
|
8
|
-
class users::params {
|
9
|
-
|
10
|
-
## DEFAULTS FOR VARIABLES USERS CAN SET
|
11
|
-
# (Here are set the defaults, provide your custom variables externally)
|
12
|
-
|
13
|
-
# Define the authentication method to be used
|
14
|
-
$auth = $users_auth ? {
|
15
|
-
'' => "local",
|
16
|
-
default => $users_auth,
|
17
|
-
}
|
18
|
-
|
19
|
-
# Define the ldap server(s) to use (If $users_auth=ldap)
|
20
|
-
$ldap_servers = $users_ldap_servers ? {
|
21
|
-
'' => [ "ldapm.example42.com" , "ldaps.example42.com" ],
|
22
|
-
default => $users_ldap_servers,
|
23
|
-
}
|
24
|
-
|
25
|
-
# Define the ldap basdn to use (If $users_auth=ldap)
|
26
|
-
$ldap_basedn = $users_ldap_basedn ? {
|
27
|
-
'' => "dc=example42,dc=com",
|
28
|
-
default => $users_ldap_basedn,
|
29
|
-
}
|
30
|
-
|
31
|
-
# Define if you want to use SSL for ldap authentication (If $users_auth=ldap)
|
32
|
-
$ldap_ssl = $users_ldap_ssl ? {
|
33
|
-
'' => "no",
|
34
|
-
default => $users_ldap_ssl,
|
35
|
-
}
|
36
|
-
|
37
|
-
# Define if you want to use automount (If $users_auth=ldap)
|
38
|
-
$automount = $users_automount ? {
|
39
|
-
'' => "no",
|
40
|
-
default => $users_automount,
|
41
|
-
}
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
## MODULES INTERNAL VARIABLES
|
46
|
-
# (Modify only to adapt to unsupported OSes)
|
47
|
-
|
48
|
-
$ldap_cacert = $operatingsystem ? {
|
49
|
-
'debian' => "/etc/ldap/cacert.pem",
|
50
|
-
'ubuntu' => "/etc/ldap/cacert.pem",
|
51
|
-
default => "/etc/openldap/cacert.pem",
|
52
|
-
}
|
53
|
-
|
54
|
-
$configfile_ldap = $operatingsystem ? {
|
55
|
-
debian => $lsbdistid ? {
|
56
|
-
debian => "/etc/libnss-ldap.conf",
|
57
|
-
ubuntu => "/etc/ldap.conf",
|
58
|
-
},
|
59
|
-
ubuntu => "/etc/ldap.conf",
|
60
|
-
redhat => "/etc/ldap.conf",
|
61
|
-
centos => "/etc/ldap.conf",
|
62
|
-
}
|
63
|
-
|
64
|
-
|
65
|
-
## FILE SERVING SOURCE
|
66
|
-
# Sets the correct source for static files
|
67
|
-
# In order to provide files from different sources without modifying the module
|
68
|
-
# you can override the default source path setting the variable $base_source
|
69
|
-
# Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
|
70
|
-
|
71
|
-
# What follows automatically manages the new source standard (with /modules/) from 0.25
|
72
|
-
|
73
|
-
case $base_source {
|
74
|
-
'': { $general_base_source="puppet://$servername" }
|
75
|
-
default: { $general_base_source=$base_source }
|
76
|
-
}
|
77
|
-
|
78
|
-
$users_source = $puppetversion ? {
|
79
|
-
/(^0.25)/ => "$general_base_source/modules/users",
|
80
|
-
/(^0.)/ => "$general_base_source/users",
|
81
|
-
default => "$general_base_source/modules/users",
|
82
|
-
}
|
83
|
-
|
84
|
-
}
|
@@ -1,13 +0,0 @@
|
|
1
|
-
# File managed by Puppet
|
2
|
-
host <% users_ldap_servers.each do |ldap| %><%= ldap %> <% end %>
|
3
|
-
base <%= users_ldap_basedn %>
|
4
|
-
pam_password exop
|
5
|
-
pam_lookup_policy yes
|
6
|
-
|
7
|
-
<% if users_ldap_ssl == "yes" && operatingsystem != "Ubuntu" -%>
|
8
|
-
ssl start_tls
|
9
|
-
tls_cacertfile <%= users_ldap_cacert %>
|
10
|
-
tls_checkpeer yes
|
11
|
-
<% end -%>
|
12
|
-
|
13
|
-
nss_initgroups_ignoreusers Debian-exim,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntpd,proxy,root,snmp,sshd,statd,sync,sys,syslog,uucp,www-data
|
@@ -1,23 +0,0 @@
|
|
1
|
-
# /etc/nsswitch.conf
|
2
|
-
#
|
3
|
-
# File managed by Puppet
|
4
|
-
|
5
|
-
passwd: files ldap
|
6
|
-
group: files
|
7
|
-
shadow: files ldap
|
8
|
-
<% if users_automount == "yes" -%>
|
9
|
-
automount: ldap
|
10
|
-
<% else -%>
|
11
|
-
automount: files
|
12
|
-
<% end -%>
|
13
|
-
|
14
|
-
hosts: files dns
|
15
|
-
networks: files
|
16
|
-
|
17
|
-
protocols: db files
|
18
|
-
services: db files
|
19
|
-
ethers: db files
|
20
|
-
rpc: db files
|
21
|
-
|
22
|
-
# netgroup: nis
|
23
|
-
|
@@ -1,8 +0,0 @@
|
|
1
|
-
# File Managed by Puppet
|
2
|
-
HOST <% users_ldap_servers.each do |ldap| -%><%= ldap -%> <% end %>
|
3
|
-
URI ldap://<%= users_ldap_servers.first %>
|
4
|
-
BASE <%= users_ldap_basedn %>
|
5
|
-
<% if users_ldap_ssl == "yes" -%>
|
6
|
-
TLS_CACERT <%= users_ldap_cacert %>
|
7
|
-
TLS_REQCERT demand
|
8
|
-
<% end -%>
|