1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# File 'manifests/base/config.pp', line 1
class dmlite::base::config (
$user = $dmlite::base::params::user,
$uid = $dmlite::base::params::uid,
$gid = $dmlite::base::params::gid,
$cert = $dmlite::base::params::cert,
$certkey = $dmlite::base::params::certkey,
$egiCA = $dmlite::base::params::egiCA,
) inherits dmlite::base::params {
include('fetchcrl')
group { $user:
ensure => present,
gid => $gid,
}
user { $user:
ensure => present,
uid => $uid,
gid => $gid,
managehome => true,
require => Group[$user],
}
# define only if it doesn't exist,
# no matter the parameters
if !defined_with_params(File['/etc/grid-security'], '') {
file { '/etc/grid-security':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
seluser => 'system_u',
selrole => 'object_r',
seltype => 'etc_t',
}
}
file {
"/etc/grid-security/${user}":
ensure => directory,
owner => $user,
group => $user,
mode => '0755',
seluser => 'system_u',
selrole => 'object_r',
seltype => 'etc_t',
require => User[$user];
"/etc/grid-security/${user}/${cert}":
owner => $user,
group => $user,
mode => '0444',
seluser => 'system_u',
selrole => 'object_r',
seltype => 'etc_t',
source => '/etc/grid-security/hostcert.pem',
require => User[$user];
"/etc/grid-security/${user}/${certkey}":
owner => $user,
group => $user,
mode => '0400',
seluser => 'system_u',
selrole => 'object_r',
seltype => 'etc_t',
source => '/etc/grid-security/hostkey.pem',
require => User[$user];
}
dmlite::limits {
'*-soft': domain => '*', type => 'soft', item => 'nofile', value => 65000;
'*-hard': domain => '*', type => 'hard', item => 'nofile', value => 65000;
'*-soft-nproc': domain => '*', type => 'soft', item => 'nproc', value => 65000;
'*-hard-proc': domain => '*', type => 'hard', item => 'nproc', value => 65000;
}
}
|