provizioning 0.4.4 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,3 @@
1
1
  module Provizioning
2
- VERSION = "0.4.4"
2
+ VERSION = "0.4.5"
3
3
  end
@@ -0,0 +1,22 @@
1
+ # Class: users
2
+ #
3
+ # Manages local users and external authentication methods
4
+ #
5
+ # Usage:
6
+ # include users
7
+ #
8
+ class users {
9
+ define user_homedir($fullname) {
10
+ user { "$name":
11
+ comment => "$fullname",
12
+ home => "/home/$name"
13
+ }
14
+
15
+ exec { "$name homedir":
16
+ command => "cp -R /etc/skel /home/$name; chown -R $name /home/$name",
17
+ path => "/bin:/usr/sbin",
18
+ creates => "/home/$name",
19
+ require => User[$name],
20
+ }
21
+ }
22
+ }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: provizioning
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 0.4.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-11-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: capistrano
16
- requirement: &2157234620 !ruby/object:Gem::Requirement
16
+ requirement: &2160147500 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2157234620
24
+ version_requirements: *2160147500
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: capistrano-ext
27
- requirement: &2157233100 !ruby/object:Gem::Requirement
27
+ requirement: &2160146160 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *2157233100
35
+ version_requirements: *2160146160
36
36
  description: Server provisioning tools, recipes and templates based on Sprinkle
37
37
  email:
38
38
  - victor.castell@season.es
@@ -98,6 +98,7 @@ files:
98
98
  - puppet/classes/syslogng.pp
99
99
  - puppet/classes/syslogng/CentOS.cnf
100
100
  - puppet/classes/syslogng/Ubuntu.cnf
101
+ - puppet/classes/users.pp
101
102
  - puppet/classes/xml.pp
102
103
  - puppet/classes/yum.pp
103
104
  - puppet/classes/zsh.pp
@@ -213,18 +214,6 @@ files:
213
214
  - puppet/modules/sudo/manifests/install.pp
214
215
  - puppet/modules/sudo/manifests/sudoers.pp
215
216
  - puppet/modules/ufw/manifests/init.pp
216
- - puppet/modules/users/README
217
- - puppet/modules/users/manifests/adduser.pp
218
- - puppet/modules/users/manifests/admin.pp
219
- - puppet/modules/users/manifests/automount.pp
220
- - puppet/modules/users/manifests/deluser.pp
221
- - puppet/modules/users/manifests/example42.pp
222
- - puppet/modules/users/manifests/init.pp
223
- - puppet/modules/users/manifests/ldap.pp
224
- - puppet/modules/users/manifests/params.pp
225
- - puppet/modules/users/templates/ldap/ldap.conf.erb
226
- - puppet/modules/users/templates/ldap/nsswitch.conf.erb
227
- - puppet/modules/users/templates/ldap/openldap-ldap.conf.erb
228
217
  - puppet/modules/webmin/manifests/init.pp
229
218
  - puppet/roles/blank.pp
230
219
  - puppet/site.pp
@@ -1,28 +0,0 @@
1
- Puppet module: users
2
-
3
- # Written by Lab42 #
4
- # http://www.example42.com
5
-
6
- Licence: GPLv3
7
-
8
-
9
- DESCRIPTION:
10
- This module provides users management on the system.
11
- It manages both local users (you have obviously to add them according to custom needs) and external authentication sources, such as ldap. It provides automount features.
12
-
13
-
14
- USER VARIABLES:
15
- In order to customize the behaviour of the module you can set the following variables:
16
- $users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
17
- $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
18
- $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
19
- $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
20
- $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
21
-
22
-
23
- USAGE:
24
- # Standard Classes
25
- include users # Manages users via Puppet. Set the above variables to manage ldap authentication.
26
- # If $my_project is set, it autoloads users::$my_project where you can define custom local users and custom configurations
27
-
28
- DEPENDENCIES:
@@ -1,16 +0,0 @@
1
- define adduser ( $uid='', $gid='', $shell='/bin/bash', $home='', $comment='', $password='', $groups='' ) {
2
-
3
- user {
4
- "$name":
5
- # Temp fix for err: //Node[test.example42.com]/general/hardening::eal4/users::admins/Adduser[admin]/User[admin]/uid: change from 500 to failed: Could not set uid on user[admin]: Execution of '/usr/sbin/usermod -u admin' returned 4: usermod: uid 0 is not unique
6
- # Uncomment and fix when necessary
7
- # uid => $uid,
8
- # gid => $gid,
9
- shell => $shell,
10
- comment => $comment,
11
- home => $home,
12
- password => $password,
13
- groups => $groups,
14
- ensure => present,
15
- }
16
- }
@@ -1,11 +0,0 @@
1
- class users::admin {
2
- # Creates user: admin with wheel privileges
3
- # Default password = 'example' CHANGE IT
4
- user {
5
- "admin":
6
- ensure => present,
7
- groups => 'wheel',
8
- # Default password = 'example' CHANGE IT before uncommenting
9
- # password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
10
- }
11
- }
@@ -1,34 +0,0 @@
1
- # Class: users::automount
2
- #
3
- # Manages users' home directory automount
4
- #
5
- # Usage:
6
- # Set $users_auth = "ldap" and $users_automount = "yes" and
7
- # include users
8
- # NOTE/TODO: This class is made for automounter based on ldap. When and if other auth methods will be supported this class will be refactored.
9
- #
10
- # Variables:
11
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
12
- #
13
- class users::automount {
14
-
15
- # Load the variables used in this module. Check the params.pp file
16
- include users::params
17
-
18
- $users_ldap_servers = $users::params::ldap_servers
19
- $users_ldap_basedn = $users::params::ldap_basedn
20
- $users_ldap_ssl = $users::params::ldap_ssl
21
- $users_automount = $users::params::automount
22
-
23
- # Required packages
24
- case $operatingsystem {
25
- ubuntu,debian: {
26
- package { "autofs": ensure => present }
27
- package { "autofs-ldap": ensure => present }
28
- }
29
- redhat,centos: {
30
- }
31
- }
32
-
33
- }
34
-
@@ -1,8 +0,0 @@
1
- define deluser {
2
-
3
- user {
4
- "$name":
5
- ensure => absent,
6
- }
7
- }
8
-
@@ -1,16 +0,0 @@
1
- class users::example42 {
2
- # Adds a local "example42" user, With password "example42".
3
- user {
4
- "example42":
5
- comment => "Example 42 default user",
6
- password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
7
- ensure => present,
8
- }
9
-
10
- # Uncomment below to remove example42 user
11
- # user {
12
- # "example42":
13
- # ensure => absent,
14
- # }
15
-
16
- }
@@ -1,31 +0,0 @@
1
- # Class: users
2
- #
3
- # Manages local users and external authentication methods
4
- #
5
- # Usage:
6
- # include users
7
- #
8
- # Variables:
9
- # $users_auth (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
10
- # $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
11
- # $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
12
- # $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
13
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
14
- #
15
- class users {
16
-
17
- # Load the variables used in this module. Check the params.pp file
18
- include users::params
19
-
20
- # Include the relevant subclass according to $users_auth settings
21
- case $users::params::auth {
22
- ldap: { include users::ldap }
23
- # TODO ads: { include users::ads }
24
- # TODO nis: { include users::nis }
25
- }
26
-
27
- # Autoloads users::$my_project if $my_project is defined
28
- # Place in users::$my_project your customizatios
29
- if $my_project { include "users::${my_project}" }
30
-
31
- }
@@ -1,114 +0,0 @@
1
- # Class: users::ldap
2
- #
3
- # Manages ldap authentication
4
- #
5
- # Usage:
6
- # Set $users_auth = "ldap" and
7
- # include users
8
- #
9
- # Variables:
10
- # $users_ldap_servers (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
11
- # $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
12
- # $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
13
- # $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
14
- #
15
- class users::ldap {
16
-
17
- # Load the variables used in this module. Check the params.pp file
18
- include users::params
19
-
20
- $users_ldap_servers = $users::params::ldap_servers
21
- $users_ldap_basedn = $users::params::ldap_basedn
22
- $users_ldap_ssl = $users::params::ldap_ssl
23
- $users_ldap_cacert = $users::params::ldap_cacert
24
- $users_automount = $users::params::automount
25
-
26
- # PAM's configurations for ldap are managed in the dedicated pam::ldap class
27
- include pam::ldap
28
-
29
- # Include autofs::ldap if $users_automount = "yes"
30
- if $users::params::automount == "yes" { include "autofs::ldap" }
31
-
32
- # Systems' config files for LDAP
33
- file { "nsswitch.conf":
34
- path => "/etc/nsswitch.conf",
35
- mode => "644",
36
- owner => "root",
37
- group => "root",
38
- require => [ File["ldap.conf"] ],
39
- ensure => present,
40
- content => template("users/ldap/nsswitch.conf.erb"),
41
- }
42
-
43
- file { "ldap.conf":
44
- path => $users::params::configfile_ldap ,
45
- mode => "644",
46
- owner => "root",
47
- group => "root",
48
- ensure => present,
49
- content => template("users/ldap/ldap.conf.erb"),
50
- }
51
-
52
- # Openldap client config
53
- file { "openldap-ldap.conf":
54
- path => $operatingsystem ? {
55
- debian => "/etc/ldap/ldap.conf",
56
- ubuntu => "/etc/ldap/ldap.conf",
57
- redhat => "/etc/openldap/ldap.conf",
58
- centos => "/etc/openldap/ldap.conf",
59
- },
60
- mode => "644",
61
- owner => "root",
62
- group => "root",
63
- ensure => present,
64
- content => template("users/ldap/openldap-ldap.conf.erb"),
65
- # TOTO - Breaks on ubuntu804 - Verify
66
- # notify => $users_automount ? {
67
- # "yes" => "Service[autofs]",
68
- # default => undef,
69
- # },
70
- }
71
-
72
- case $users_ldap_ssl {
73
- yes: {
74
- file { "ldap_cacert":
75
- path => "${users::params::ldap_cacert}",
76
- mode => "644",
77
- owner => "root",
78
- group => "root",
79
- ensure => present,
80
- source => "${users::params::users_source}/ldap/cacert.pem",
81
- }
82
- }
83
- }
84
-
85
-
86
- # Required packages
87
- case $operatingsystem {
88
- Ubuntu,Debian: {
89
- package { "libpam-ldap": ensure => present }
90
- package { "libnss-ldap": ensure => present }
91
- package { "ldap-utils": ensure => present }
92
-
93
- case $lsbdistcodename {
94
- lenny: {
95
- # Debian 5, by default, uses a separated file for pam ldap settings
96
- file { "pam_ldap.conf":
97
- path => "/etc/pam_ldap.conf",
98
- mode => "644",
99
- owner => "root",
100
- group => "root",
101
- ensure => present,
102
- content => template("users/ldap/ldap.conf.erb"),
103
- }
104
- }
105
- }
106
-
107
- }
108
- redhat,centos: {
109
- package { "nss_ldap": ensure => present }
110
- }
111
- }
112
-
113
- }
114
-
@@ -1,84 +0,0 @@
1
- # Class: users::params
2
- #
3
- # Defines users parameters
4
- # In this class are defined as variables values that are used in other users classes
5
- # This class should be included, where necessary, and eventually be enhanced with support for more OS
6
- # You don't have generally to modify this file.
7
- #
8
- class users::params {
9
-
10
- ## DEFAULTS FOR VARIABLES USERS CAN SET
11
- # (Here are set the defaults, provide your custom variables externally)
12
-
13
- # Define the authentication method to be used
14
- $auth = $users_auth ? {
15
- '' => "local",
16
- default => $users_auth,
17
- }
18
-
19
- # Define the ldap server(s) to use (If $users_auth=ldap)
20
- $ldap_servers = $users_ldap_servers ? {
21
- '' => [ "ldapm.example42.com" , "ldaps.example42.com" ],
22
- default => $users_ldap_servers,
23
- }
24
-
25
- # Define the ldap basdn to use (If $users_auth=ldap)
26
- $ldap_basedn = $users_ldap_basedn ? {
27
- '' => "dc=example42,dc=com",
28
- default => $users_ldap_basedn,
29
- }
30
-
31
- # Define if you want to use SSL for ldap authentication (If $users_auth=ldap)
32
- $ldap_ssl = $users_ldap_ssl ? {
33
- '' => "no",
34
- default => $users_ldap_ssl,
35
- }
36
-
37
- # Define if you want to use automount (If $users_auth=ldap)
38
- $automount = $users_automount ? {
39
- '' => "no",
40
- default => $users_automount,
41
- }
42
-
43
-
44
-
45
- ## MODULES INTERNAL VARIABLES
46
- # (Modify only to adapt to unsupported OSes)
47
-
48
- $ldap_cacert = $operatingsystem ? {
49
- 'debian' => "/etc/ldap/cacert.pem",
50
- 'ubuntu' => "/etc/ldap/cacert.pem",
51
- default => "/etc/openldap/cacert.pem",
52
- }
53
-
54
- $configfile_ldap = $operatingsystem ? {
55
- debian => $lsbdistid ? {
56
- debian => "/etc/libnss-ldap.conf",
57
- ubuntu => "/etc/ldap.conf",
58
- },
59
- ubuntu => "/etc/ldap.conf",
60
- redhat => "/etc/ldap.conf",
61
- centos => "/etc/ldap.conf",
62
- }
63
-
64
-
65
- ## FILE SERVING SOURCE
66
- # Sets the correct source for static files
67
- # In order to provide files from different sources without modifying the module
68
- # you can override the default source path setting the variable $base_source
69
- # Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
70
-
71
- # What follows automatically manages the new source standard (with /modules/) from 0.25
72
-
73
- case $base_source {
74
- '': { $general_base_source="puppet://$servername" }
75
- default: { $general_base_source=$base_source }
76
- }
77
-
78
- $users_source = $puppetversion ? {
79
- /(^0.25)/ => "$general_base_source/modules/users",
80
- /(^0.)/ => "$general_base_source/users",
81
- default => "$general_base_source/modules/users",
82
- }
83
-
84
- }
@@ -1,13 +0,0 @@
1
- # File managed by Puppet
2
- host <% users_ldap_servers.each do |ldap| %><%= ldap %> <% end %>
3
- base <%= users_ldap_basedn %>
4
- pam_password exop
5
- pam_lookup_policy yes
6
-
7
- <% if users_ldap_ssl == "yes" && operatingsystem != "Ubuntu" -%>
8
- ssl start_tls
9
- tls_cacertfile <%= users_ldap_cacert %>
10
- tls_checkpeer yes
11
- <% end -%>
12
-
13
- nss_initgroups_ignoreusers Debian-exim,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntpd,proxy,root,snmp,sshd,statd,sync,sys,syslog,uucp,www-data
@@ -1,23 +0,0 @@
1
- # /etc/nsswitch.conf
2
- #
3
- # File managed by Puppet
4
-
5
- passwd: files ldap
6
- group: files
7
- shadow: files ldap
8
- <% if users_automount == "yes" -%>
9
- automount: ldap
10
- <% else -%>
11
- automount: files
12
- <% end -%>
13
-
14
- hosts: files dns
15
- networks: files
16
-
17
- protocols: db files
18
- services: db files
19
- ethers: db files
20
- rpc: db files
21
-
22
- # netgroup: nis
23
-
@@ -1,8 +0,0 @@
1
- # File Managed by Puppet
2
- HOST <% users_ldap_servers.each do |ldap| -%><%= ldap -%> <% end %>
3
- URI ldap://<%= users_ldap_servers.first %>
4
- BASE <%= users_ldap_basedn %>
5
- <% if users_ldap_ssl == "yes" -%>
6
- TLS_CACERT <%= users_ldap_cacert %>
7
- TLS_REQCERT demand
8
- <% end -%>