Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/129728
Change subject: Add the decom-user resource ...................................................................... Add the decom-user resource Change-Id: Ic76f4dcf5b3b76bfe0d6329e5efd8ecb4aa4f614 --- A manifests/decom-user.pp 1 file changed, 45 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/28/129728/1 diff --git a/manifests/decom-user.pp b/manifests/decom-user.pp new file mode 100644 index 0000000..236f879 --- /dev/null +++ b/manifests/decom-user.pp @@ -0,0 +1,45 @@ +# resource decom-user +# +# Try our very hardest to wipe out all traces of an existing user. +# +define decom-user($username=$title, $uid) { + + if $realm == labs { + fail("You probably don't want to include this on labs.") + } + + if defined(user[$username]) { + # A user really needs to be removed from admins.pp before + # being added to the decom list. + fail("User ${username} is both defined and decommissioned.") + } else { + # remove from /etc/passwd + user { $username: + name => username, + uid => $uid, + ensure => absent, + managehome => true, + } + + # remove any remaining owned files + # NOTE: Expensive! We limit this to a single + # run if and only if the homedir exists. + # Of course, that means we need to do this before + # we rm the homedir. + exec { "disown ${username}": + command => "/usr/bin/find / -user ${uid} -print0 | xargs -0 chown -h 0", + onlyif => "/usr/bin/test -d /home/${username}", + timeout => 1200, + require => user[$username], + } + + # remove homedir + # NOTE: $managehome, above, is documented as doing this, + # but it really doesn't. + exec { "/bin/rm -rf /home/${username}": + onlyif => "/usr/bin/test -d /home/${username}", + require => exec["disown ${username}"], + returns => ['123','0'], + } + } +} -- To view, visit https://gerrit.wikimedia.org/r/129728 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic76f4dcf5b3b76bfe0d6329e5efd8ecb4aa4f614 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits