diff options
| author | mh <mh@immerda.ch> | 2015-02-14 13:50:13 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2015-02-14 13:51:30 +0100 |
| commit | 3a4ca36cd63a244208c8ce91f0cdad8cd01046f0 (patch) | |
| tree | c794e08dcc557db27f4879830dd14ae6b551aa76 | |
| parent | f4785d2d570078b36c6a13a8a7d40bb3ce40150c (diff) | |
linting + purge_ssh_keys param
| -rw-r--r-- | manifests/managed.pp | 111 |
1 files changed, 61 insertions, 50 deletions
diff --git a/manifests/managed.pp b/manifests/managed.pp index 51ab964..0b0d677 100644 --- a/manifests/managed.pp +++ b/manifests/managed.pp @@ -5,56 +5,64 @@ # password: the password in cleartext or as crypted string # which should be set. Default: absent -> no password is set. # To create an encrypted password, you can use: -# /usr/bin/mkpasswd -H md5 --salt=$salt $password , where $salt is 8 bytes long -# Note: On OpenBSD systems we can only manage crypted passwords. -# Therefor the password_crypted option doesn't have any effect. -# You'll find a python script in ${module}/password/openbsd/genpwd.py +# /usr/bin/mkpasswd -H md5 --salt=$salt $password +# where $salt is 8 bytes long +# Note: On OpenBSD systems we can only manage crypted +# passwords. +# Therefor the password_crypted option doesn't have any +# effect. +# You'll find a python script in +# ${module}/password/openbsd/genpwd.py # Which will help you to create such a password # password_crypted: if the supplied password is crypted or not. # Default: true -# Note: If you'd like to use unencrypted passwords, you have to set a variable -# $password_salt to an 8 character long salt, being used for the password. +# Note: If you'd like to use unencrypted passwords, you have +# to set a variable $password_salt to an 8 character +# long salt, being used for the password. # gid: define the gid of the group # absent: let the system take a gid -# uid: take the same as the uid has if it isn't absent (*default*) +# uid: take the same as the uid has if it isn't absent +# (*default*) # <value>: take this gid -# manage_group: Wether we should add a group with the same name as well, this works only -# if you supply a uid. +# manage_group: Wether we should add a group with the same name as well, +# this works only if you supply a uid. # Default: true define user::managed( - $ensure = present, - $name_comment = 'absent', - $uid = 'absent', - $gid = 'uid', - $groups = [], - $manage_group = true, - $membership = 'minimum', - $homedir = 'absent', - $managehome = true, - $homedir_mode = '0750', - $sshkey = 'absent', - $password = 'absent', + $ensure = present, + $name_comment = 'absent', + $uid = 'absent', + $gid = 'uid', + $groups = [], + $manage_group = true, + $membership = 'minimum', + $homedir = 'absent', + $managehome = true, + $homedir_mode = '0750', + $sshkey = 'absent', + $purge_ssh_keys = false, + $password = 'absent', + $password_salt = false, $password_crypted = true, - $allowdupe = false, - $shell = 'absent' + $allowdupe = false, + $shell = 'absent' ){ $real_homedir = $homedir ? { - 'absent' => "/home/$name", - default => $homedir + 'absent' => "/home/${name}", + default => $homedir } $real_name_comment = $name_comment ? { 'absent' => $name, - default => $name_comment, + default => $name_comment, } $real_shell = $shell ? { 'absent' => $::operatingsystem ? { - openbsd => "/usr/local/bin/bash", - default => "/bin/bash", + 'openbsd' => '/usr/local/bin/bash', + default => '/bin/bash', }, - default => $shell, + default => $shell, } if size($name) > 31 { @@ -62,14 +70,15 @@ define user::managed( } user { $name: - ensure => $ensure, - allowdupe => $allowdupe, - comment => "$real_name_comment", - home => $real_homedir, - managehome => $managehome, - shell => $real_shell, - groups => $groups, - membership => $membership, + ensure => $ensure, + allowdupe => $allowdupe, + comment => $real_name_comment, + home => $real_homedir, + managehome => $managehome, + shell => $real_shell, + groups => $groups, + membership => $membership, + purge_ssh_keys => $purge_ssh_keys, } @@ -77,16 +86,17 @@ define user::managed( file{$real_homedir: } if $ensure == 'absent' { File[$real_homedir]{ - ensure => absent, - purge => true, - force => true, + ensure => absent, + purge => true, + force => true, recurse => true, } } else { File[$real_homedir]{ - ensure => directory, + ensure => directory, require => User[$name], - owner => $name, mode => $homedir_mode, + owner => $name, + mode => $homedir_mode, } case $gid { 'absent','uid': { @@ -131,7 +141,7 @@ define user::managed( ensure => absent, } case $::operatingsystem { - OpenBSD: { + 'OpenBSD': { Group[$name]{ before => User[$name], } @@ -146,8 +156,8 @@ define user::managed( } else { if $manage_group { group { $name: + ensure => $ensure, allowdupe => false, - ensure => $ensure, } if $real_gid { Group[$name]{ @@ -156,7 +166,7 @@ define user::managed( } if $ensure == 'absent' { case $::operatingsystem { - OpenBSD: { + 'OpenBSD': { Group[$name]{ before => User[$name], } @@ -176,7 +186,7 @@ define user::managed( } } case $ensure { - present: { + 'present': { if $sshkey != 'absent' { User[$name]{ before => Class[$sshkey], @@ -186,11 +196,11 @@ define user::managed( if $password != 'absent' { case $::operatingsystem { - openbsd: { + 'OpenBSD': { exec { "setpass ${name}": - unless => "grep -q '^${name}:${password}:' /etc/master.passwd", + unless => "grep -q '^${name}:${password}:' /etc/master.passwd", command => "usermod -p '${password}' ${name}", - require => User["${name}"], + require => User[$name], } } default: { @@ -201,7 +211,8 @@ define user::managed( if $password_salt { $real_password = mkpasswd($password,$password_salt) } else { - fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!") + fail("To use unencrypted passwords you have to define a \ +variable \$password_salt to an 8 character salt for passwords!") } } User[$name]{ |