tree  /etc/puppet
|-- auth.conf
|-- environments
|   `-- example_env
|       |-- README.environment
|       |-- manifests
|       `-- modules
|-- fileserver.conf
|-- manifests
|   `-- site.pp
|-- modules
|   |-- dp_host
|   |   `-- manifests
|   |       `-- init.pp
|   |-- sudo_configfile
|   |   |-- files
|   |   |   `-- adminsudo
|   |   `-- manifests
|   |       `-- init.pp
|   `-- usersudoers
|       |-- files
|       `-- manifests
|           `-- init.pp
`-- puppet.conf

cat manifests/site.pp
node 'pocpuppetclient'{
    include usersudoers
    include sudo_usersudoers
    include dp_host
}
cat modules/dp_host/manifests/init.pp
class dp_host
{
    host { "example.srv":
        ensure => 'present',
        target => '/etc/hosts',
        ip => '10.99.98.9',
        host_aliases => ['example.srv.savedomain.lan','example.srvdomain.lan']
    }

}
cat modules/usersudoers/manifests/init.pp
class usersudoers
{
    # function to create an user
    # the password is setting only on the creation
    define create_user ( $id, $realname, $gid, $state, $pass, $shell) {
        user { $id:
            ensure => $state,
            comment => $realname,
            managehome => true,
            gid => $gid,
            shell => $shell,
        }

        #case $::osfamily {
        #        RedHat: {$action = "/bin/sed -i -e 's/$id:!!:/$id:$pass:/g' /etc/shadow; chage -d 0 $id"}
        #        Debian: {$action = "/bin/sed -i -e 's/$id:x:/$id:$pass:/g' /etc/shadow; chage -d 0 $id"}
        #}

        #exec { "$action":
        #        path => "/usr/bin:/usr/sbin:/bin",
        #        onlyif => "egrep -q  -e '$id:!!:' -e '$id:x:' /etc/shadow",
        #        require => User[$id]
        #}

        # set user password during the creation only
        exec { "/usr/sbin/usermod -p '$pass' $id ; chage -d 0 $id":
            path => "/usr/bin:/usr/sbin:/bin",
            onlyif => "egrep -q  -e '$id:!!:' -e '$id:x:' /etc/shadow",
            require => User[$id];
        }
    }

    # function to delete old user
    define disable_user ( $id) {
        user { $id:
            ensure         => 'absent',
            managehome     => true,
        }

    }

    ### MAIN ###

    # Create group
    group{'adminsudo':
        ensure         => 'present',
        gid            => '700'
    }

    # List of users to create
    create_user{ 'olikiang': id => 'olikiang', realname => 'Olivier LI KIANG CHEONG', gid => 'adminsudo', state => 'present', pass => '$1$W8ibGOjm$1aNO2uIJAd9m8ahcLwt92.', shell=> '/bin/zsh'}

    # List of users to disable
    disable_user{ 'pdupont': id => 'pdupont'}

    # config zsh for olikiang user
    file{'/home/olikiang/.zsh':
        ensure         => 'directory',
        mode           => '0755',
        owner          => 'olikiang',
        group          => 'adminsudo',
        source         => 'puppet:///modules/usersudoers/.zsh',
        sourceselect   => all,
        recurse        => true,
    }

    file{'/home/olikiang/.zshrc':
        ensure         => 'link',
        mode           => '0755',
        owner          => 'olikiang',
        group          => 'adminsudo',
        source         => 'puppet:///modules/usersudoers/.zshrc',
    }

    ### END ###

}
cat modules/sudo_configfile/manifests/init.pp
class sudo_configfile
{
    file{'/etc/sudoers.d/adminsudo':
        ensure         => 'present',
        mode           => '0600',
        owner          => 'root',
        group          => 'root',
        source         => 'puppet:///modules/sudo_configfile/adminsudo',
    }
}
gestion_de_configuration/puppet_module.txt · Dernière modification: 2017/07/07 14:42 (modification externe)
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0