In regard to: Re: [Puppet Users] Puppet visudo/ sudoers help, Tony Caffe...:
I understand but that is not what I asked for help. I would like some help
on making or writing the code needed to add users to visudo.
$ cat puppet/modules/sudo/manifests/config.pp
define sudo::config($content='', $source='') {
case $content {
'': {
file {"/etc/sudoers.d/${name}":
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
source => $source,
}
}
default: {
file {"/etc/sudoers.d/${name}":
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
content => $content,
}
}
}
}
# vim:sm:ts=2:expandtab
Example usage for "source":
sudo::config{ 'networker-jukebox':
source => 'puppet:///networker/networker_jb_sudoers',
}
Example usage for "contents":
sudo::config{ 'myuser':
content => "myuser ALL = (ALL) ALL\n"
}
Note that both RHEL 5.x and 6.x have a sudo that supports the include
mechanism, but only RHEL 6.x ships with an /etc/sudoers.d and an
/etc/sudoers that has the "include /etc/sudoers.d/*" pre-populated.
Since both flavors support it, we just have our sudo init.pp make sure
the directory is present and make certain that the /etc/sudoers has the
necessary "include" statement. From then on, it's just puppet dropping
files into /etc/sudoers.d via the sudo::config() define.
The bad part about our current implementation is that there's no syntax
checking for the contents/source, so a bad entry can sneak in and cause
sudo to completely not work until it's fixed. There are ways around this
but it's more complicated than we felt like getting for now.
If you need to support systems where sudo is old enough that "include"
isn't even an option, then I highly recommend you look at the "concat"
module, and build up your sudoers file from file fragments.
Another option for older sudo versions that don't support including
fragments is using file_line from puppetlabs-stdlib.
Tim
On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:
First suggestion:
Use a group name ( like "wheel" ) and declare the sudo privileges to the
group.
Then all you need do is add that group in the "groups" parameter for
puppet type user.
On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:
Hi,
I am trying to get puppet going on CentOS 6.3 and I got it installed and
running. I want to create good manifests for basic stuff. I know I will
learn more as I go but I am new to programming in general and puppet code.
I have puppet master install on 1 cloud server and a client test puppet on
another cloud server. I was able to run this code correctly. Now I want to
make it better.
Here is what I have so far for my Push to add users to my nodes.
site.pp: (I know its short lol)
node 'puppet-client' {
import "classes/adduser.pp"
}
adduser.pp located in /etc/puppet/manifests/classes/
define custom_user($passwd) {
user { "${name}":
ensure => present,
password => $passwd,
shell => "/bin/bash",
managehome => true,
}
}
custom_user {
"anthony":
passwd => 'Removed real hash here',
}
custom_user {
"admin":
passwd => 'Hash for password gone',
}
custom_user {
"luca":
passwd => 'My Password Hash Here',
}
So I am testing on a test-only server till I get the hang of it. So I
have many cloud servers and need to be able to add my admin users. I need
help now to modify /etc/sudoers or visudo and add these people to the doc
with ALL=(ALL) ALL
Please help me. I know I need to add a template and also a module of my
own. I mainly need help with code and learning to build off this for future
system changes. Please help me keep this simple and dumb-down lol. FYI -
After this I want to start on Apache and editing the config and setting up
new servers from an image. This is more practical and important to start
with.
Thanks all.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
To post to this group, send email to puppet...@googlegroups.com<javascript:>.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com <javascript:>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
