Puppet Class: stns::client
- Defined in:
- manifests/client.pp
Overview
Class: stns::client
stns::client is to install and configure libnss-stns.
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'manifests/client.pp', line 5
class stns::client (
Optional[String] $api_end_point,
Optional[String] $auth_token,
Optional[String] $user,
Optional[String] $password,
Optional[String] $wrapper_path,
Optional[String] $chain_ssh_wrapper,
Optional[Boolean] $ssl_verify,
Optional[Integer] $request_timeout,
Optional[Integer] $request_retry,
Optional[String] $http_proxy,
Optional[Integer] $uid_shift,
Optional[Integer] $gid_shift,
String $libnss_stns_ensure = 'present',
Boolean $handle_nsswitch = false,
Boolean $handle_sshd_config = false,
) {
require stns::repo
include stns::client::install
include stns::client::config
Class['stns::repo']
-> Class['stns::client::install']
-> Class['stns::client::config']
if $handle_nsswitch {
augeas { 'nsswitch stns':
context => '/files/etc/nsswitch.conf',
changes => [
"set *[self::database = 'passwd']/service[1] files",
"set *[self::database = 'passwd']/service[2] stns",
"set *[self::database = 'shadow']/service[1] files",
"set *[self::database = 'shadow']/service[2] stns",
"set *[self::database = 'group']/service[1] files",
"set *[self::database = 'group']/service[2] stns",
],
}
}
if $handle_sshd_config {
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease != '7') {
$cmd_user = 'AuthorizedKeysCommandRunAs'
} else {
$cmd_user = 'AuthorizedKeysCommandUser'
}
$ssh_service = $::osfamily ? {
'RedHat' => 'sshd',
'Debian' => 'ssh',
}
augeas {'sshd_config with stns':
context => '/files/etc/ssh/sshd_config',
changes => [
'set PubkeyAuthentication yes',
'set AuthorizedKeysCommand /usr/lib/stns/stns-key-wrapper',
"set ${cmd_user} root",
],
require => Package['openssh-server'],
notify => Service[$ssh_service],
}
}
}
|