Puppet Class: psick::bolt::node

Defined in:
manifests/bolt/node.pp

Summary

Manages bolt configurations on target nodes

Overview

Parameters:

  • ensure (Variant[Boolean,String]) (defaults to: pick($psick::bolt::ensure, 'present'))
  • user_password (Optional[String]) (defaults to: undef)
  • user_home (Optional[String]) (defaults to: undef)
  • create_ssh_user (Boolean) (defaults to: true)
  • configure_sudo (Boolean) (defaults to: true)
  • sudo_template (String) (defaults to: 'psick/bolt/user/sudo.erb')
  • manage (Boolean) (defaults to: $psick::manage)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'manifests/bolt/node.pp', line 3

class psick::bolt::node (
  Variant[Boolean,String] $ensure          = pick($psick::bolt::ensure, 'present'),
  Optional[String]        $user_password   = undef,
  Optional[String]        $user_home       = undef,
  Boolean                 $create_ssh_user = true,
  Boolean                 $configure_sudo  = true,
  String                  $sudo_template   = 'psick/bolt/user/sudo.erb',

  Boolean            $manage               = $psick::manage,
  Boolean            $noop_manage          = $psick::noop_manage,
  Boolean            $noop_value           = $psick::noop_value,
) {
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }

    $dir_ensure = ::tp::ensure2dir($ensure)

    include psick::bolt

    $user_home_dir = $user_home ? {
      undef   => $psick::bolt::ssh_user ? {
        'root'    => '/root',
        default => "/home/${psick::bolt::ssh_user}",
      },
      default => $user_home
    }

    if $create_ssh_user {
      user { $psick::bolt::ssh_user:
        ensure     => $ensure,
        comment    => 'Puppet managed user for bolt access',
        managehome => true,
        shell      => '/bin/bash',
        home       => $user_home_dir,
        password   => $user_password,
      }

      file { "${user_home_dir}/.ssh" :
        ensure  => $dir_ensure,
        mode    => '0700',
        owner   => $psick::bolt::ssh_user,
        group   => $psick::bolt::ssh_group,
        require => User[$psick::bolt::ssh_user],
      }
    }

    if $configure_sudo {
      file { "/etc/sudoers.d/${psick::bolt::ssh_user}" :
        ensure  => file,
        mode    => '0440',
        owner   => 'root',
        group   => 'root',
        content => template($sudo_template),
      }
    }

    if $psick::bolt::keyshare_method == 'storeconfigs' {
      @@sshkey { "bolt_${facts['networking']['fqdn']}_rsa":
        ensure       => $ensure,
        host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
        type         => 'ssh-rsa',
        key          => $facts['ssh']['rsa']['key'],
        tag          => "bolt_node_${psick::bolt::master}_rsa",
      }
      # Authorize master host bolt user ssh key for remote connection
      Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>>
    }
    if $psick::bolt::keyshare_method == 'static' {
      ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::bolt_user_pub_key}":
        ensure => $ensure,
        key    => $psick::bolt::bolt_user_pub_key,
        user   => $psick::bolt::ssh_user,
        type   => 'rsa',
      }
    }
  }
}