preussal
5 years ago
3 changed files with 34 additions and 9 deletions
+ 10
- 8
linux/system/group.sls
View File
| {%- if group.enabled %} | {%- if group.enabled %} | ||||
| {%- set requires = [] %} | |||||
| {%- for user in group.get('addusers', []) %} | |||||
| {%- if user in system.get('user', {}).keys() %} | |||||
| {%- do requires.append({'user': 'system_user_'+user}) %} | |||||
| {%- endif %} | |||||
| {%- endfor %} | |||||
| system_group_{{ group_name }}: | system_group_{{ group_name }}: | ||||
| group.present: | group.present: | ||||
| - name: {{ group.get('name', group_name) }} | - name: {{ group.get('name', group_name) }} | ||||
| {%- if group.gid is defined and group.gid %} | {%- if group.gid is defined and group.gid %} | ||||
| - gid: {{ group.gid }} | - gid: {{ group.gid }} | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- if group.members is defined %} | |||||
| - members: {{ group.members|json }} | |||||
| {%- else %} | |||||
| {%- set requires = [] %} | |||||
| {%- for user in group.get('addusers', []) %} | |||||
| {%- if user in system.get('user', {}).keys() %} | |||||
| {%- do requires.append({'user': 'system_user_'+user}) %} | |||||
| {%- endif %} | |||||
| {%- endfor %} | |||||
| - require: {{ requires|yaml }} | - require: {{ requires|yaml }} | ||||
| {{ set_p('addusers', group)|indent(2, True) }} | {{ set_p('addusers', group)|indent(2, True) }} | ||||
| {{ set_p('delusers', group)|indent(2, True) }} | {{ set_p('delusers', group)|indent(2, True) }} | ||||
| {% endif %} | |||||
| {%- else %} | {%- else %} | ||||
| system_group_{{ group_name }}: | system_group_{{ group_name }}: |
+ 21
- 1
linux/system/selinux.sls
View File
| {%- from "linux/map.jinja" import system with context %} | {%- from "linux/map.jinja" import system with context %} | ||||
| {%- if system.selinux is defined %} | {%- if system.selinux is defined %} | ||||
| {%- if system.enabled %} | |||||
| include: | include: | ||||
| - linux.system.repo | - linux.system.repo | ||||
| {%- if grains.os_family == 'RedHat' %} | {%- if grains.os_family == 'RedHat' %} | ||||
| {%- set mode = system.selinux %} | {%- set mode = system.selinux %} | ||||
| {%- if system.selinux == 'disabled' %} | |||||
| {{ mode }}: | |||||
| selinux_config: | |||||
| cmd.run: | |||||
| - names: | |||||
| - "sed -i 's/enforcing/disabled/g' /etc/selinux/config" | |||||
| - "sed -i 's/permissive/disabled/g' /etc/selinux/config" | |||||
| - unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled' | |||||
| selinux_setenforce: | |||||
| cmd.run: | |||||
| - name: "setenforce 0" | |||||
| - unless: getenforce | grep 'Disabled' | |||||
| {%- else %} | |||||
| selinux_config: | |||||
| selinux.mode: | selinux.mode: | ||||
| - name: {{ system.get('selinux', 'permissive') }} | |||||
| - require: | - require: | ||||
| - pkg: linux_repo_prereq_pkgs | - pkg: linux_repo_prereq_pkgs | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- endif %} | |||||
| {%- endif %} |
+ 3
- 0
linux/system/user.sls
View File
| - inactdays: {{ user.inactdays }} | - inactdays: {{ user.inactdays }} | ||||
| {%- endif %} | {%- endif %} | ||||
| - require: {{ requires|yaml }} | - require: {{ requires|yaml }} | ||||
| {%- if user.allow_uid_change is defined and user.allow_uid_change %} | |||||
| - allow_uid_change: true | |||||
| {%- endif %} | |||||
| system_user_home_{{ user.home }}: | system_user_home_{{ user.home }}: | ||||
| file.directory: | file.directory: |
Loading…