provizioning 0.4.4 → 0.4.5

data/lib/provizioning/version.rb

@@ -1,3 +1,3 @@
 module Provizioning
-  VERSION = "0.4.4"
+  VERSION = "0.4.5"
 end

data/puppet/classes/users.pp

@@ -0,0 +1,22 @@
+# Class: users
+#
+# Manages local users and external authentication methods 
+#
+# Usage:
+# include users
+#
+class users {
+  define user_homedir($fullname) {
+    user { "$name":
+      comment => "$fullname",
+      home => "/home/$name"
+    }
+
+    exec { "$name homedir":
+      command => "cp -R /etc/skel /home/$name; chown -R $name /home/$name",
+      path => "/bin:/usr/sbin",
+      creates => "/home/$name",
+      require => User[$name],
+    }
+  }
+}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: provizioning
 version: !ruby/object:Gem::Version
-  version: 0.4.4
+  version: 0.4.5
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capistrano
-  requirement: &2157234620 !ruby/object:Gem::Requirement
+  requirement: &2160147500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2157234620
+  version_requirements: *2160147500
 - !ruby/object:Gem::Dependency
   name: capistrano-ext
-  requirement: &2157233100 !ruby/object:Gem::Requirement
+  requirement: &2160146160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2157233100
+  version_requirements: *2160146160
 description: Server provisioning tools, recipes and templates based on Sprinkle
 email:
 - victor.castell@season.es
@@ -98,6 +98,7 @@ files:
 - puppet/classes/syslogng.pp
 - puppet/classes/syslogng/CentOS.cnf
 - puppet/classes/syslogng/Ubuntu.cnf
+- puppet/classes/users.pp
 - puppet/classes/xml.pp
 - puppet/classes/yum.pp
 - puppet/classes/zsh.pp
@@ -213,18 +214,6 @@ files:
 - puppet/modules/sudo/manifests/install.pp
 - puppet/modules/sudo/manifests/sudoers.pp
 - puppet/modules/ufw/manifests/init.pp
-- puppet/modules/users/README
-- puppet/modules/users/manifests/adduser.pp
-- puppet/modules/users/manifests/admin.pp
-- puppet/modules/users/manifests/automount.pp
-- puppet/modules/users/manifests/deluser.pp
-- puppet/modules/users/manifests/example42.pp
-- puppet/modules/users/manifests/init.pp
-- puppet/modules/users/manifests/ldap.pp
-- puppet/modules/users/manifests/params.pp
-- puppet/modules/users/templates/ldap/ldap.conf.erb
-- puppet/modules/users/templates/ldap/nsswitch.conf.erb
-- puppet/modules/users/templates/ldap/openldap-ldap.conf.erb
 - puppet/modules/webmin/manifests/init.pp
 - puppet/roles/blank.pp
 - puppet/site.pp

data/puppet/modules/users/README

@@ -1,28 +0,0 @@
-Puppet module: users 
-
-# Written by Lab42 #
-# http://www.example42.com
-
-Licence: GPLv3
-
-
-DESCRIPTION:
-This module provides users management on the system.
-It manages both local users (you have obviously to add them according to custom needs) and external authentication sources, such as ldap. It provides automount features.
-
-
-USER VARIABLES:
-In order to customize the behaviour of the module you can set the following variables:
-$users_auth  (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
-$users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
-$users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
-$users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication 
-$users_automount (default: "no") - Set to "yes" if you want to enable homes automount
-
-
-USAGE:
-# Standard Classes 
-include users # Manages users via Puppet. Set the above variables to manage ldap authentication.
-              # If $my_project is set, it autoloads users::$my_project where you can define custom local users and custom configurations
-
-DEPENDENCIES:

data/puppet/modules/users/manifests/adduser.pp

@@ -1,16 +0,0 @@
-define adduser ( $uid='', $gid='', $shell='/bin/bash', $home='', $comment='', $password='', $groups='' ) {
-
-    user {
-        "$name":
-# Temp fix for err: //Node[test.example42.com]/general/hardening::eal4/users::admins/Adduser[admin]/User[admin]/uid: change from 500 to  failed: Could not set uid on user[admin]: Execution of '/usr/sbin/usermod -u  admin' returned 4: usermod: uid 0 is not unique
-# Uncomment and fix when necessary
-#            uid      => $uid,
-#            gid      => $gid,
-            shell    => $shell,
-            comment  => $comment,
-            home     => $home,
-            password => $password,
-            groups   => $groups,
-            ensure   => present,
-       }
-}

data/puppet/modules/users/manifests/admin.pp

@@ -1,11 +0,0 @@
-class users::admin {
-# Creates user: admin with wheel privileges
-# Default password = 'example'  CHANGE IT
-    user {
-        "admin":
-        ensure   => present,
-        groups   => 'wheel',
-# Default password = 'example'  CHANGE IT before uncommenting
-#        password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
-    }
-}

data/puppet/modules/users/manifests/automount.pp

@@ -1,34 +0,0 @@
-# Class: users::automount
-#
-# Manages users' home directory automount 
-#
-# Usage:
-# Set $users_auth = "ldap" and $users_automount = "yes" and
-# include users
-# NOTE/TODO: This class is made for automounter based on ldap. When and if other auth methods will be supported this class will be refactored.
-# 
-# Variables:
-# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
-#
-class users::automount {
-
-# Load the variables used in this module. Check the params.pp file
-    include users::params
-
-    $users_ldap_servers = $users::params::ldap_servers
-    $users_ldap_basedn = $users::params::ldap_basedn
-    $users_ldap_ssl = $users::params::ldap_ssl 
-    $users_automount = $users::params::automount 
-
-# Required packages
-    case $operatingsystem {
-        ubuntu,debian: {
-             package { "autofs": ensure => present }
-             package { "autofs-ldap": ensure => present }
-        }
-        redhat,centos: {
-        }
-    }
-
-}
-

data/puppet/modules/users/manifests/deluser.pp

@@ -1,8 +0,0 @@
-define deluser {
-
-    user {
-        "$name":
-            ensure   => absent,
-       }
-}
-

data/puppet/modules/users/manifests/example42.pp

@@ -1,16 +0,0 @@
-class users::example42 {
-# Adds a local "example42" user, With password "example42".
-       user {
-        "example42":
-            comment  => "Example 42 default user",
-            password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
-            ensure   => present,
-       }
-
-# Uncomment below to remove example42 user
-#       user {
-#        "example42":
-#            ensure   => absent,
-#       }
-
-}

data/puppet/modules/users/manifests/init.pp

@@ -1,31 +0,0 @@
-# Class: users
-#
-# Manages local users and external authentication methods 
-#
-# Usage:
-# include users
-#
-# Variables:
-# $users_auth  (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
-# $users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
-# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
-# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication 
-# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
-#
-class users {
-
-# Load the variables used in this module. Check the params.pp file
-    include users::params
-
-# Include the relevant subclass according to $users_auth settings
-    case $users::params::auth {
-        ldap: { include users::ldap }
-# TODO  ads: { include users::ads }
-# TODO  nis: { include users::nis }
-    }
-
-# Autoloads users::$my_project if $my_project is defined
-# Place in users::$my_project your customizatios
-    if $my_project { include "users::${my_project}" }
-
-}

data/puppet/modules/users/manifests/ldap.pp

@@ -1,114 +0,0 @@
-# Class: users::ldap
-#
-# Manages ldap authentication 
-#
-# Usage:
-# Set $users_auth = "ldap" and
-# include users
-#
-# Variables:
-# $users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
-# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
-# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication 
-# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
-#
-class users::ldap {
-
-# Load the variables used in this module. Check the params.pp file
-    include users::params
-
-    $users_ldap_servers = $users::params::ldap_servers
-    $users_ldap_basedn = $users::params::ldap_basedn
-    $users_ldap_ssl = $users::params::ldap_ssl 
-    $users_ldap_cacert = $users::params::ldap_cacert 
-    $users_automount = $users::params::automount 
-
-# PAM's configurations for ldap are managed in the dedicated pam::ldap class
-    include pam::ldap
-
-# Include autofs::ldap if $users_automount = "yes"
-    if $users::params::automount == "yes" { include "autofs::ldap" }
-
-# Systems' config files for LDAP 
-    file { "nsswitch.conf":
-        path    => "/etc/nsswitch.conf",
-        mode    => "644",
-        owner   => "root",
-        group   => "root",
-        require => [ File["ldap.conf"] ],
-        ensure  => present,
-        content => template("users/ldap/nsswitch.conf.erb"),
-    }
-
-    file { "ldap.conf":
-        path    => $users::params::configfile_ldap ,
-        mode    => "644",
-        owner   => "root",
-        group   => "root",
-        ensure  => present,
-        content => template("users/ldap/ldap.conf.erb"),
-    }
-
-# Openldap client config
-    file { "openldap-ldap.conf":
-        path    => $operatingsystem ? {
-            debian => "/etc/ldap/ldap.conf",
-            ubuntu => "/etc/ldap/ldap.conf",
-            redhat => "/etc/openldap/ldap.conf",
-            centos => "/etc/openldap/ldap.conf",
-        },
-        mode    => "644",
-        owner   => "root",
-        group   => "root",
-        ensure  => present,
-        content => template("users/ldap/openldap-ldap.conf.erb"),
-    # TOTO - Breaks on ubuntu804 - Verify
-    #    notify  => $users_automount ? {
-    #        "yes"   => "Service[autofs]",
-    #        default => undef,
-    #    },
-    }
-
-    case $users_ldap_ssl {
-        yes: {
-            file { "ldap_cacert":
-                path    => "${users::params::ldap_cacert}",
-                mode    => "644",
-                owner   => "root",
-                group   => "root",
-                ensure  => present,
-                source => "${users::params::users_source}/ldap/cacert.pem",
-            }
-        }
-    }
-
-
-# Required packages
-    case $operatingsystem {
-        Ubuntu,Debian: {
-             package { "libpam-ldap": ensure => present }
-             package { "libnss-ldap": ensure => present }
-             package { "ldap-utils": ensure => present }
-
-             case $lsbdistcodename {
-                 lenny: {
-                     # Debian 5, by default, uses a separated file for pam ldap settings 
-                     file { "pam_ldap.conf":
-                         path    => "/etc/pam_ldap.conf",
-                         mode    => "644",
-                         owner   => "root",
-                         group   => "root",
-                         ensure  => present,
-                         content => template("users/ldap/ldap.conf.erb"),
-                     }
-                 }
-             }
-
-        }
-        redhat,centos: {
-             package { "nss_ldap": ensure => present }
-        }
-    }
-
-}
-

data/puppet/modules/users/manifests/params.pp

@@ -1,84 +0,0 @@
-# Class: users::params
-#
-# Defines users parameters
-# In this class are defined as variables values that are used in other users classes
-# This class should be included, where necessary, and eventually be enhanced with support for more OS
-# You don't have generally to modify this file.
-#
-class users::params  {
-
-## DEFAULTS FOR VARIABLES USERS CAN SET
-# (Here are set the defaults, provide your custom variables externally)
-
-# Define the authentication method to be used 
-    $auth = $users_auth ? {
-        ''      => "local",
-        default => $users_auth,
-    }
-
-# Define the ldap server(s) to use (If $users_auth=ldap) 
-    $ldap_servers = $users_ldap_servers ? {
-        ''      => [ "ldapm.example42.com" , "ldaps.example42.com" ],
-        default => $users_ldap_servers,
-    }
-
-# Define the ldap basdn to use (If $users_auth=ldap)
-    $ldap_basedn = $users_ldap_basedn ? {
-        ''      => "dc=example42,dc=com",
-        default => $users_ldap_basedn,
-    }
-
-# Define if you want to use SSL for ldap authentication (If $users_auth=ldap)
-    $ldap_ssl = $users_ldap_ssl ? {
-        ''      => "no",
-        default => $users_ldap_ssl,
-    }
-
-# Define if you want to use automount (If $users_auth=ldap)
-    $automount = $users_automount ? {
-        ''      => "no",
-        default => $users_automount,
-    }
-
-
-
-## MODULES INTERNAL VARIABLES
-# (Modify only to adapt to unsupported OSes)
-
-    $ldap_cacert = $operatingsystem ? {
-        'debian' => "/etc/ldap/cacert.pem",
-        'ubuntu' => "/etc/ldap/cacert.pem",
-        default  => "/etc/openldap/cacert.pem",
-    }
-
-    $configfile_ldap = $operatingsystem ? {
-            debian => $lsbdistid ? {
-                 debian => "/etc/libnss-ldap.conf",
-                 ubuntu => "/etc/ldap.conf",
-            },
-            ubuntu => "/etc/ldap.conf",
-            redhat => "/etc/ldap.conf",
-            centos => "/etc/ldap.conf",
-    }
-
-
-## FILE SERVING SOURCE
-# Sets the correct source for static files
-# In order to provide files from different sources without modifying the module
-# you can override the default source path setting the variable $base_source
-# Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
- 
-# What follows automatically manages the new source standard (with /modules/) from 0.25 
-
-    case $base_source {
-        '': { $general_base_source="puppet://$servername" }
-        default: { $general_base_source=$base_source }
-    }
-
-    $users_source = $puppetversion ? {
-        /(^0.25)/ => "$general_base_source/modules/users",
-        /(^0.)/   => "$general_base_source/users",
-        default   => "$general_base_source/modules/users",
-    }
-
-}

data/puppet/modules/users/templates/ldap/ldap.conf.erb

@@ -1,13 +0,0 @@
-# File managed by Puppet
-host <% users_ldap_servers.each do |ldap| %><%= ldap %> <% end %>
-base <%= users_ldap_basedn %>
-pam_password exop
-pam_lookup_policy yes
-
-<% if users_ldap_ssl == "yes" && operatingsystem != "Ubuntu" -%>
-ssl start_tls
-tls_cacertfile <%= users_ldap_cacert %>
-tls_checkpeer yes
-<% end -%>
-
-nss_initgroups_ignoreusers Debian-exim,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntpd,proxy,root,snmp,sshd,statd,sync,sys,syslog,uucp,www-data

data/puppet/modules/users/templates/ldap/nsswitch.conf.erb

@@ -1,23 +0,0 @@
-# /etc/nsswitch.conf
-#
-# File managed by Puppet
-
-passwd:         files ldap
-group:          files
-shadow:         files ldap
-<% if users_automount == "yes" -%>
-automount:	ldap
-<% else -%>
-automount:	files
-<% end -%>
-
-hosts:          files dns
-networks:       files
-
-protocols:      db files
-services:       db files
-ethers:         db files
-rpc:            db files
-
-# netgroup:       nis
-

data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb

@@ -1,8 +0,0 @@
-# File Managed by Puppet
-HOST <% users_ldap_servers.each do |ldap| -%><%= ldap -%> <% end %>
-URI ldap://<%= users_ldap_servers.first %>
-BASE <%= users_ldap_basedn %>
-<% if users_ldap_ssl == "yes" -%>
-TLS_CACERT <%= users_ldap_cacert %>
-TLS_REQCERT demand
-<% end -%>