Re: [Puppet Users] Puppet visudo/ sudoers help
Thanks. I used this:
file {'puppet_sudo':
ensure => present,
path => '/tmp/puppet_sudo',
source => 'puppet:///files/puppet_sudo',
owner => 'root',
group => 'root',
mode => 0440,
}
file {'move_puppet_sudo':
ensure => present,
path => '/etc/sudoers.d/',
source => '/tmp/puppet_sudo',
owner => 'root',
group => 'root',
mode => 0440,
require=> file['puppet_sudo'],
}
but My Puppet master is 6.3 and all my puppet clients are all 5.8. 5.8
doesnt have the line
#includedir /etc/sudoers.d
nor does it have a DIRECTORY /etc/sudoers.d/, just a file called
/etc/sudoers.d
Any Idea about that? I am avoiding writing code since I dont know how.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/G3ZQJhWgM1QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet visudo/ sudoers help
In regard to: Re: [Puppet Users] Puppet visudo/ sudoers help, Tony Caffe...:
I understand but that is not what I asked for help. I would like some help
on making or writing the code needed to add users to visudo.
$ cat puppet/modules/sudo/manifests/config.pp
define sudo::config($content='', $source='') {
case $content {
'': {
file {"/etc/sudoers.d/${name}":
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
source => $source,
}
}
default: {
file {"/etc/sudoers.d/${name}":
ensure => file,
owner => 'root',
group => 'root',
mode=> '0440',
content => $content,
}
}
}
}
# vim:sm:ts=2:expandtab
Example usage for "source":
sudo::config{ 'networker-jukebox':
source => 'puppet:///networker/networker_jb_sudoers',
}
Example usage for "contents":
sudo::config{ 'myuser':
content => "myuser ALL = (ALL) ALL\n"
}
Note that both RHEL 5.x and 6.x have a sudo that supports the include
mechanism, but only RHEL 6.x ships with an /etc/sudoers.d and an
/etc/sudoers that has the "include /etc/sudoers.d/*" pre-populated.
Since both flavors support it, we just have our sudo init.pp make sure
the directory is present and make certain that the /etc/sudoers has the
necessary "include" statement. From then on, it's just puppet dropping
files into /etc/sudoers.d via the sudo::config() define.
The bad part about our current implementation is that there's no syntax
checking for the contents/source, so a bad entry can sneak in and cause
sudo to completely not work until it's fixed. There are ways around this
but it's more complicated than we felt like getting for now.
If you need to support systems where sudo is old enough that "include"
isn't even an option, then I highly recommend you look at the "concat"
module, and build up your sudoers file from file fragments.
Another option for older sudo versions that don't support including
fragments is using file_line from puppetlabs-stdlib.
Tim
On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:
First suggestion:
Use a group name ( like "wheel" ) and declare the sudo privileges to the
group.
Then all you need do is add that group in the "groups" parameter for
puppet type user.
On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:
Hi,
I am trying to get puppet going on CentOS 6.3 and I got it installed and
running. I want to create good manifests for basic stuff. I know I will
learn more as I go but I am new to programming in general and puppet code.
I have puppet master install on 1 cloud server and a client test puppet on
another cloud server. I was able to run this code correctly. Now I want to
make it better.
Here is what I have so far for my Push to add users to my nodes.
site.pp: (I know its short lol)
node 'puppet-client' {
import "classes/adduser.pp"
}
adduser.pp located in /etc/puppet/manifests/classes/
define custom_user($passwd) {
user { "${name}":
ensure => present,
password => $passwd,
shell => "/bin/bash",
managehome => true,
}
}
custom_user {
"anthony":
passwd => 'Removed real hash here',
}
custom_user {
"admin":
passwd => 'Hash for password gone',
}
custom_user {
"luca":
passwd => 'My Password Hash Here',
}
So I am testing on a test-only server till I get the hang of it. So I
have many cloud servers and need to be able to add my admin users. I need
help now to modify /etc/sudoers or visudo and add these people to the doc
with ALL=(ALL) ALL
Please help me. I know I need to add a template and also a module of my
own. I mainly need help with code and learning to build off this for future
system changes. Please help me keep this simple and dumb-down lol. FYI -
After this I want to start on Apache and editing the config and setting up
new servers from an image. This is more practical and important to start
with.
Thanks all.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com .
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=e
Re: [Puppet Users] Puppet visudo/ sudoers help
Would I still need to write ruby code? I dont know ruby or really any other programming language. So I would create a duplicate of the sudoers file in /etc/sudoers.d/ that adds a user to it and it will work? I am not to sure of how sudoers.d works. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/be_1FNEoI8kJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet visudo/ sudoers help
On 8/29/2012 8:31 AM, Tony Caffe wrote:
Hi,
I am trying to get puppet going on CentOS 6.3 and I got it installed and
running. I want to create good manifests for basic stuff. I know I will learn
more as I go but I am new to programming in general and puppet code. I have
puppet master install on 1 cloud server and a client test puppet on another
cloud server. I was able to run this code correctly. Now I want to make it
better.
Here is what I have so far for my Push to add users to my nodes.
site.pp: (I know its short lol)
node 'puppet-client' {
import "classes/adduser.pp"
}
adduser.pp located in /etc/puppet/manifests/classes/
define custom_user($passwd) {
user { "${name}":
ensure => present,
password => $passwd,
shell => "/bin/bash",
managehome => true,
}
}
custom_user {
"anthony":
passwd => 'Removed real hash here',
}
custom_user {
"admin":
passwd => 'Hash for password gone',
}
custom_user {
"luca":
passwd => 'My Password Hash Here',
}
So I am testing on a test-only server till I get the hang of it. So I have many
cloud servers and need to be able to add my admin users. I need help now to
modify /etc/sudoers or visudo and add these people to the doc with ALL=(ALL)
ALL
Please help me. I know I need to add a template and also a module of my own. I
mainly need help with code and learning to build off this for future system
changes. Please help me keep this simple and dumb-down lol. FYI - After this I
want to start on Apache and editing the config and setting up new servers from
an image. This is more practical and important to start with.
Your sudo should be new enough to support /etc/sudoers.d/ which means
you can just drop a file per user into that dir. Make Puppet manage the
whole dir and purge anything it doesn't recognize and you're all set.
Ramin
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet visudo/ sudoers help
You learn from use one of these:
http://forge.puppetlabs.com/modules?q=sudo
On Wed, Aug 29, 2012 at 02:13:34PM -0700, Tony Caffe wrote:
>I understand but that is not what I asked for help. I would like some help
>on making or writing the code needed to add users to visudo.
>On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:
>
> First suggestion:
>
> Use a group name ( like "wheel" ) and declare the sudo privileges to the
> group.
> Then all you need do is add that group in the "groups" parameter for
> puppet type user.
>
> On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:
>
> > Hi,
> >
> > I am trying to get puppet going on CentOS 6.3 and I got it installed
> and running. I want to create good manifests for basic stuff. I know I
> will learn more as I go but I am new to programming in general and
> puppet code. I have puppet master install on 1 cloud server and a client
> test puppet on another cloud server. I was able to run this code
> correctly. Now I want to make it better.
> > Here is what I have so far for my Push to add users to my nodes.
> >
> > site.pp: (I know its short lol)
> >
> > node 'puppet-client' {
> > import "classes/adduser.pp"
> > }
> >
> >
> > adduser.pp located in /etc/puppet/manifests/classes/
> >
> > define custom_user($passwd) {
> > user { "${name}":
> > ensure => present,
> > password => $passwd,
> > shell => "/bin/bash",
> > managehome => true,
> > }
> > }
> > custom_user {
> > "anthony":
> > passwd => 'Removed real hash here',
> > }
> > custom_user {
> > "admin":
> > passwd => 'Hash for password gone',
> > }
> > custom_user {
> > "luca":
> > passwd => 'My Password Hash Here',
> > }
> >
> >
> > So I am testing on a test-only server till I get the hang of it. So I
> have many cloud servers and need to be able to add my admin users. I
> need help now to modify /etc/sudoers or visudo and add these people to
> the doc with ALL=(ALL) ALL
> >
> > Please help me. I know I need to add a template and also a module of
> my own. I mainly need help with code and learning to build off this for
> future system changes. Please help me keep this simple and dumb-down
> lol. FYI - After this I want to start on Apache and editing the config
> and setting up new servers from an image. This is more practical and
> important to start with.
> >
> > Thanks all.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To view this discussion on the web visit
> [1]https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
> > To post to this group, send email to [2]puppet...@googlegroups.com.
> > To unsubscribe from this group, send email to
> [3]puppet-users...@googlegroups.com.
> > For more options, visit this group at
> [4]http://groups.google.com/group/puppet-users?hl=en.
> >
>
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To view this discussion on the web visit
>[5]https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
>Visible links
>1. https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J
>2. javascript:
>3. javascript:
>4. http://groups.google.com/group/puppet-users?hl=en
>5. https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet visudo/ sudoers help
I understand but that is not what I asked for help. I would like some help
on making or writing the code needed to add users to visudo.
On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:
>
> First suggestion:
>
> Use a group name ( like "wheel" ) and declare the sudo privileges to the
> group.
> Then all you need do is add that group in the "groups" parameter for
> puppet type user.
>
> On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:
>
> > Hi,
> >
> > I am trying to get puppet going on CentOS 6.3 and I got it installed and
> running. I want to create good manifests for basic stuff. I know I will
> learn more as I go but I am new to programming in general and puppet code.
> I have puppet master install on 1 cloud server and a client test puppet on
> another cloud server. I was able to run this code correctly. Now I want to
> make it better.
> > Here is what I have so far for my Push to add users to my nodes.
> >
> > site.pp: (I know its short lol)
> >
> > node 'puppet-client' {
> > import "classes/adduser.pp"
> > }
> >
> >
> > adduser.pp located in /etc/puppet/manifests/classes/
> >
> > define custom_user($passwd) {
> >user { "${name}":
> >ensure => present,
> >password => $passwd,
> >shell => "/bin/bash",
> >managehome => true,
> >}
> > }
> > custom_user {
> >"anthony":
> >passwd => 'Removed real hash here',
> > }
> > custom_user {
> >"admin":
> >passwd => 'Hash for password gone',
> > }
> > custom_user {
> > "luca":
> > passwd => 'My Password Hash Here',
> > }
> >
> >
> > So I am testing on a test-only server till I get the hang of it. So I
> have many cloud servers and need to be able to add my admin users. I need
> help now to modify /etc/sudoers or visudo and add these people to the doc
> with ALL=(ALL) ALL
> >
> > Please help me. I know I need to add a template and also a module of my
> own. I mainly need help with code and learning to build off this for future
> system changes. Please help me keep this simple and dumb-down lol. FYI -
> After this I want to start on Apache and editing the config and setting up
> new servers from an image. This is more practical and important to start
> with.
> >
> > Thanks all.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
> > To post to this group, send email to
> > puppet...@googlegroups.com.
>
> > To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com .
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet visudo/ sudoers help
First suggestion:
Use a group name ( like "wheel" ) and declare the sudo privileges to the group.
Then all you need do is add that group in the "groups" parameter for puppet
type user.
On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:
> Hi,
>
> I am trying to get puppet going on CentOS 6.3 and I got it installed and
> running. I want to create good manifests for basic stuff. I know I will learn
> more as I go but I am new to programming in general and puppet code. I have
> puppet master install on 1 cloud server and a client test puppet on another
> cloud server. I was able to run this code correctly. Now I want to make it
> better.
> Here is what I have so far for my Push to add users to my nodes.
>
> site.pp: (I know its short lol)
>
> node 'puppet-client' {
> import "classes/adduser.pp"
> }
>
>
> adduser.pp located in /etc/puppet/manifests/classes/
>
> define custom_user($passwd) {
>user { "${name}":
>ensure => present,
>password => $passwd,
>shell => "/bin/bash",
>managehome => true,
>}
> }
> custom_user {
>"anthony":
>passwd => 'Removed real hash here',
> }
> custom_user {
>"admin":
>passwd => 'Hash for password gone',
> }
> custom_user {
> "luca":
> passwd => 'My Password Hash Here',
> }
>
>
> So I am testing on a test-only server till I get the hang of it. So I have
> many cloud servers and need to be able to add my admin users. I need help
> now to modify /etc/sudoers or visudo and add these people to the doc with
> ALL=(ALL) ALL
>
> Please help me. I know I need to add a template and also a module of my own.
> I mainly need help with code and learning to build off this for future system
> changes. Please help me keep this simple and dumb-down lol. FYI - After this
> I want to start on Apache and editing the config and setting up new servers
> from an image. This is more practical and important to start with.
>
> Thanks all.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
