diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 11:24:04 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 11:24:04 -0300 |
| commit | 52f7c6aa99e34f69c34360124605e48b63ec4e55 (patch) | |
| tree | e83a40a465545e6b6fcdf2c70f2c32f10db324c0 | |
| parent | b837a50240da25f471010fefcee19045c0b4d37d (diff) | |
| download | puppet-user-52f7c6aa99e34f69c34360124605e48b63ec4e55.tar.gz puppet-user-52f7c6aa99e34f69c34360124605e48b63ec4e55.tar.bz2 | |
Take advantage of autoloading
| -rw-r--r-- | manifests/init.pp | 177 | ||||
| -rw-r--r-- | manifests/manage.pp | 174 |
2 files changed, 174 insertions, 177 deletions
diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index 9b8d04a..0000000 --- a/manifests/init.pp +++ /dev/null @@ -1,177 +0,0 @@ -# -# User module based on git://git.puppet.immerda.ch/module-user.git -# -# Password hash can be generated with mkpasswd provided by whois -# debian package: mkpasswd -m sha-256, see crypt(3) for details -# on supported hashes. -# -class user { - - define manage( - $password, - $ensure = present, - $uid = 'absent', - $gid = 'uid', - $groups = [], - $managehome = true, - $homedir_mode = '0750', - $comment = 'absent', - $homedir = 'absent', - $shell = 'absent', - $sshkey = 'absent', - $sshkey_options = [], - $sshkey_type = 'absent', - $membership = 'minimum', - $ticket = false, - $refresh_keys = false) { - - $real_groups = $groups ? { - '' => [ "$title", ], - default => $groups, - } - - $real_homedir = $homedir ? { - 'absent' => "/home/$name", - default => $homedir, - } - - $real_name_comment = $comment ? { - 'absent' => $name, - default => $comment, - } - - $real_sshkey_type = $sshkey_type ? { - 'absent' => "ssh-rsa", - default => $sshkey_type, - } - - $real_shell = $shell ? { - 'absent' => $operatingsystem ? { - openbsd => "/usr/local/bin/bash", - default => "/bin/bash", - }, - default => $shell, - } - - if $managehome == true { - if $ensure == 'absent' { - file{"$real_homedir": - ensure => absent, - purge => true, - force => true, - recurse => true, - } - } else { - file{"$real_homedir": - ensure => directory, - require => User[$name], - owner => $name, mode => $homedir_mode; - } - case $gid { - 'absent','uid': { - File[$real_homedir]{ - group => $name, - } - } - default: { - File[$real_homedir]{ - group => $gid, - } - } - } - } - } else { - if $managehome != false { - if !defined(File[$managehome]) { - file { $managehome: - ensure => present, - owner => $name, - mode => $homedir_mode, - require => User[$name], - } - } - - case $gid { - 'absent','uid': { - File[$managehome] { - group => $name, - } - } - default: { - File[$managehome] { - group => $gid, - } - } - } - - file{ "$real_homedir": - ensure => $managehome, - require => File[$managehome], - } - } - } - - if $uid != 'absent' { - $real_uid = $uid - } else { - $real_uid = false - } - - if $gid != 'absent' { - if $gid == 'uid' { - if $uid != 'absent' { - $real_gid = $uid - } else { - $real_gid = false - } - } else { - $real_gid = $gid - } - } else { - $real_gid = false - } - - # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html - user { "$title": - ensure => $ensure, - allowdupe => false, - comment => "$real_name_comment", - home => $real_homedir, - managehome => $managehome, - shell => $real_shell, - groups => $real_groups, - membership => $membership, - password => $password, - uid => $real_uid ? { false => undef, default => $real_uid }, - gid => $real_gid ? { false => undef, default => $real_gid }, - } - - if $refresh_keys == true { - cron { "gpg-refresh-keys-${title}": - command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", - user => $title, - hour => "*/1", - minute => "0", - ensure => present, - require => User[$title], - } - } - - # lots of bugs preventing a good implementation for ssh keys - # http://projects.reductivelabs.com/issues/1409 - # http://projects.reductivelabs.com/issues/2004 - # http://projects.reductivelabs.com/issues/2020 - # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot - if $sshkey != 'absent' { - ssh_authorized_key { "$title": - ensure => $ensure, - key => $sshkey, - user => $title, - options => $sshkey_options, - type => $real_sshkey_type, - target => "$real_homedir/.ssh/authorized_keys", - require => User["$title"], - } - } - } -} diff --git a/manifests/manage.pp b/manifests/manage.pp new file mode 100644 index 0000000..240ca2f --- /dev/null +++ b/manifests/manage.pp @@ -0,0 +1,174 @@ +# +# User module based on git://git.puppet.immerda.ch/module-user.git +# +# Password hash can be generated with mkpasswd provided by whois +# debian package: mkpasswd -m sha-256, see crypt(3) for details +# on supported hashes. +# +define user::manage( + $password, + $ensure = present, + $uid = 'absent', + $gid = 'uid', + $groups = [], + $managehome = true, + $homedir_mode = '0750', + $comment = 'absent', + $homedir = 'absent', + $shell = 'absent', + $sshkey = 'absent', + $sshkey_options = [], + $sshkey_type = 'absent', + $membership = 'minimum', + $ticket = false, + $refresh_keys = false) { + + $real_groups = $groups ? { + '' => [ "$title", ], + default => $groups, + } + + $real_homedir = $homedir ? { + 'absent' => "/home/$name", + default => $homedir, + } + + $real_name_comment = $comment ? { + 'absent' => $name, + default => $comment, + } + + $real_sshkey_type = $sshkey_type ? { + 'absent' => "ssh-rsa", + default => $sshkey_type, + } + + $real_shell = $shell ? { + 'absent' => $operatingsystem ? { + openbsd => "/usr/local/bin/bash", + default => "/bin/bash", + }, + default => $shell, + } + + if $managehome == true { + if $ensure == 'absent' { + file{"$real_homedir": + ensure => absent, + purge => true, + force => true, + recurse => true, + } + } else { + file{"$real_homedir": + ensure => directory, + require => User[$name], + owner => $name, mode => $homedir_mode; + } + case $gid { + 'absent','uid': { + File[$real_homedir]{ + group => $name, + } + } + default: { + File[$real_homedir]{ + group => $gid, + } + } + } + } + } else { + if $managehome != false { + if !defined(File[$managehome]) { + file { $managehome: + ensure => present, + owner => $name, + mode => $homedir_mode, + require => User[$name], + } + } + + case $gid { + 'absent','uid': { + File[$managehome] { + group => $name, + } + } + default: { + File[$managehome] { + group => $gid, + } + } + } + + file{ "$real_homedir": + ensure => $managehome, + require => File[$managehome], + } + } + } + + if $uid != 'absent' { + $real_uid = $uid + } else { + $real_uid = false + } + + if $gid != 'absent' { + if $gid == 'uid' { + if $uid != 'absent' { + $real_gid = $uid + } else { + $real_gid = false + } + } else { + $real_gid = $gid + } + } else { + $real_gid = false + } + + # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html + user { "$title": + ensure => $ensure, + allowdupe => false, + comment => "$real_name_comment", + home => $real_homedir, + managehome => $managehome, + shell => $real_shell, + groups => $real_groups, + membership => $membership, + password => $password, + uid => $real_uid ? { false => undef, default => $real_uid }, + gid => $real_gid ? { false => undef, default => $real_gid }, + } + + if $refresh_keys == true { + cron { "gpg-refresh-keys-${title}": + command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", + user => $title, + hour => "*/1", + minute => "0", + ensure => present, + require => User[$title], + } + } + + # lots of bugs preventing a good implementation for ssh keys + # http://projects.reductivelabs.com/issues/1409 + # http://projects.reductivelabs.com/issues/2004 + # http://projects.reductivelabs.com/issues/2020 + # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot + if $sshkey != 'absent' { + ssh_authorized_key { "$title": + ensure => $ensure, + key => $sshkey, + user => $title, + options => $sshkey_options, + type => $real_sshkey_type, + target => "$real_homedir/.ssh/authorized_keys", + require => User["$title"], + } + } +} |