Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # 2009 - Joe McDonagh - Joseph.E.McDonagh@gmail.com
- #
- # These are the definitions for IT and regular ssh users. Note if you
- # want an ssh_user to be in multiple groups, pass the groups parameter
- # with a comma-separated list like:
- #
- # groups => "ssh_users,second_group,third",
- #
- # Admins have their shell hardcoded at the moment. If you'd like something
- # else, just open it after you log in, or edit your .bashrc (Also served from
- # puppet).
- #
- # You can find the actual user resources in user.pp.
- #
- # NOTE: This define also creates a nagios contact for users of the admin
- # defined type. Keep this in mind.
- import '*'
- class accounts {
- include users, groups
- define admin (
- $cell_number,
- $cell_provider,
- $comment = "$name",
- $ensure_d = "present",
- $gid,
- $sshpubkey,
- $sshpubkey_comment,
- $uid
- ) {
- $ensure = extlookup("user_${name}", "$ensure_d")
- $username = $name
- # Exports a nagios contact for admins
- @@nagios_contact {
- "$sshpubkey_comment":
- alias => "$comment",
- contact_name => "$name",
- email => "${cell_number}@${cell_provider}",
- ensure => "$ensure",
- host_notification_commands => "notify-host-by-email",
- host_notification_options => "d,r",
- host_notification_period => "24x7",
- notify => Exec["nagios-reload"],
- require => File["/etc/nagios3/nagios.puppet.d/contacts.cfg"],
- service_notification_commands => "notify-service-by-email",
- service_notification_options => "w,c,r",
- service_notification_period => "24x7",
- target => "/etc/nagios3/nagios.puppet.d/contacts.cfg",
- }
- file {
- "/home/$username/.bashrc":
- group => "$username",
- mode => "640",
- owner => "$username",
- path => $kernel ? {
- Linux => "/home/$username/.bashrc",
- OpenBSD => "/home/$username/.profile"
- },
- require => User["$username"],
- source => "puppet://$server/accounts/$username.bashrc";
- [ "/home/$username/working", "/home/$username/scratch",
- "/home/$username/img", "/home/$username/rrd" ]:
- ensure => "directory",
- group => "$username",
- mode => "640",
- owner => "$username",
- require => User["$username"];
- }
- group {
- "$username":
- ensure => "$ensure",
- gid => "$gid",
- }
- ssh_authorized_key {
- "${sshpubkey_comment}":
- ensure => "$ensure",
- key => "$sshpubkey",
- require => User["$username"],
- target => "/home/${username}/.ssh/authorized_keys2",
- type => "rsa",
- user => "$username",
- }
- user {
- "$username":
- comment => "$comment",
- ensure => "$ensure",
- gid => "$gid",
- groups => "infrastructure",
- home => "/home/$username",
- managehome => "true",
- password => "*",
- require => [ Group["$username"], Group["infrastructure"] ],
- shell => $kernel ? {
- Linux => "/bin/bash",
- OpenBSD => "/usr/local/bin/bash"
- },
- uid => "$uid",
- }
- }
- define ssh_user (
- $comment = "User",
- $ensure_d = "present",
- $gid,
- $groups = "ssh_users",
- $shell = "/bin/bash",
- $sshpubkey,
- $sshpubkey_comment,
- $uid
- ) {
- $ensure = extlookup("user_${name}", "$ensure_d")
- $username = $name
- group {
- "$username":
- ensure => "$ensure",
- gid => "$gid",
- }
- ssh_authorized_key {
- "${sshpubkey_comment}":
- ensure => "$ensure",
- key => "$sshpubkey",
- require => User["$username"],
- target => "/home/${username}/.ssh/authorized_keys2",
- type => "rsa",
- user => "$username",
- }
- user {
- "$username":
- ensure => "$ensure",
- uid => "$uid",
- gid => "$gid",
- comment => "$comment",
- home => "/home/$username",
- shell => "$shell",
- groups => "$groups",
- password => "*",
- managehome => "true",
- require => [ Group["$username"], Group["ssh_users"] ]
- }
- }
- }
Add Comment
Please, Sign In to add comment