3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# File 'manifests/admin/user.pp', line 3
class psick::admin::user (
Variant[Boolean,String] $ensure = pick($psick::admin::ensure, 'present'),
Optional[String] $password = undef,
Boolean $configure_sudo = true,
Boolean $run_ssh_keygen = true,
Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,
) {
if $manage {
if $noop_manage {
noop($noop_value)
}
include psick::admin
user { $psick::admin::user:
ensure => $ensure,
comment => 'Puppet managed admin user',
managehome => true,
shell => '/bin/bash',
home => "/home/${psick::admin::user}",
password => $password,
}
$dir_ensure = ::tp::ensure2dir($ensure)
file { "/home/${psick::admin::user}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
owner => $psick::admin::user,
group => $psick::admin::user,
require => User[$psick::admin::user],
}
if $run_ssh_keygen and $psick::admin::master_enable {
psick::openssh::keygen { $psick::admin::user:
require => File["/home/${$psick::admin::user}/.ssh"],
}
psick::puppet::set_external_fact { 'admin_user_key.sh':
template => 'psick/admin/admin_user_key.sh.epp',
mode => '0755',
}
}
if $configure_sudo {
file { "/etc/sudoers.d/${psick::admin::user}" :
ensure => file,
mode => '0440',
owner => 'root',
group => 'root',
content => "${psick::admin::user} ALL = NOPASSWD : ALL\n",
}
}
}
}
|