I use a template for a single /etc/sudoers: # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # Of course, if you do, Puppet will completely rewrite it 30 minutes later. # Defaults env_reset <% unless @cmd_aliases.empty? -%> # Cmnd alias specification <%- @cmd_aliases.each_pair do |key, val| -%> Cmnd_Alias <%= key %> = <%= val %> <%- end -%> <% end -%> <% unless @host_aliases.empty? -%> # Host alias specification <%- @host_aliases.each_pair do |key, val| -%> Host_Alias <%= key %> = <%= val %> <%- end -%> <% end -%> <%- if @sudoers -%> # User alias specification <%- @sudoers.each_pair do |key, val| -%> User_Alias <%= key %> = <%= val %> <%- end -%> <% end -%> <%- if @user_priv -%> # User Privilege Specifications <%- @user_priv.each_pair do |key, val| -%> <%= key %> <%= val %> <%- end -%> <% end -%>
And then in YAML I use a fairly primitive definition and load up the variables using a deep merge: sudo::user_aliases: NOPWD: - user1 sudo::user_priv: NOPWD: - "ALL = NOPASSWD: ALL" -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/61c9ecfb-0005-4919-98f3-25faf56169fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.