Commit 208aefb8 authored by Micah's avatar Micah

Merge branch 'koumbit' into shared

parents c0a3c676 81a06483
......@@ -36,3 +36,4 @@ root ALL=(ALL) ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
#includedir /usr/local/etc/sudoers.d
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
define sudo::access (
$ensure = 'present',
$user = undef,
$access = 'ALL=(ALL) ALL'
) {
include sudo
if $user == undef {
$real_user = $name
} else {
$real_user = $user
}
# there shouldn't be a dot in those filenames!
file { "${sudo::dir}/01-user_access-${title}":
ensure => 'present',
owner => 'root',
group => 0,
mode => '0440',
content => "# THIS FILE IS MANAGED BY PUPPET !\n${real_user} ${access}\n",
}
}
class sudo::base {
if $sudo::deploy_sudoers {
file{'/etc/sudoers':
source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
"puppet:///modules/site_sudo/sudoers/sudoers",
"puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
"puppet:///modules/sudo/sudoers/sudoers" ],
owner => root, group => 0, mode => 0440;
}
}
}
class sudo::freebsd inherits sudo::base {
package{'sudo':
ensure => installed,
}
if $sudo_deploy_sudoers {
File['/etc/sudoers']{
path => "/usr/local/etc/sudoers",
require => Package['sudo'],
}
}
}
......@@ -3,11 +3,28 @@
# GPLv3
class sudo(
$deploy_sudoers = false
) {
case $::kernel {
linux: { include sudo::linux }
freebsd: { include sudo::freebsd }
default: { include sudo::base }
$deploy_sudoers = $sudo::deploy_sudoers,
$path = $sudo::params::path,
$dir = $sudo::params::dir
) inherits sudo::params {
package {'sudo':
ensure => installed,
}
if $sudo::deploy_sudoers {
file {
$sudo::path:
source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
"puppet:///modules/site_sudo/sudoers/sudoers",
"puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
"puppet:///modules/sudo/sudoers/sudoers" ],
require => Package['sudo'],
owner => root, group => 0, mode => 0440;
}
}
file {
$sudo::dir:
ensure => directory,
require => Package['sudo'],
owner => root, group => 0, mode => 0550;
}
}
class sudo::linux inherits sudo::base {
package{'sudo':
ensure => installed,
}
if $sudo_deploy_sudoers {
File['/etc/sudoers']{
require => Package['sudo'],
}
}
}
class sudo::params {
$dir = $::kernel ? {
/freebsd/ => '/usr/local/etc/sudoers.d',
default => '/etc/sudoers.d',
}
$path = $::kernel ? {
/freebsd/ => '/usr/local/etc/sudoers',
default => '/etc/sudoers',
}
$deploy_sudoers = false
}
define sudo::user_alias (
$members,
$ensure = 'present'
) {
# this is 00-prefixed so that it's defined before the other definitions
file { "${sudo::dir}/00-user_alias-${title}":
ensure => $ensure,
owner => 'root',
group => 0,
mode => '0440',
content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n",
}
}
class { 'sudo': dir => '/tmp/sudoers.d' }
sudo::access { 'foo': }
class { 'sudo': deploy_sudoers => true }
# needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp
sudo::access { 'foo': }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment