ExternalMirrors
/
users-formula
peilaus alkaen https://github.com/saltstack-formulas/users-formula
Tarkkaile 1
Äänestä 0
Fork 1
Koodi Ongelmat 0 Julkaisut 13 Wiki Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commitit
3 Branchit
Puu: 547db95d62
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '547db95d62'
${ noResults }
users-formula/users/init.sls

init.sls 3.2KB
Raaka Normal View Historia

Initial commit
11 vuotta sitten
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 vuotta sitten
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 vuotta sitten
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 vuotta sitten
Initial commit
11 vuotta sitten
Fixed user default shell source Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
11 vuotta sitten
Initial commit
11 vuotta sitten
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 vuotta sitten
Initial commit
11 vuotta sitten
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 vuotta sitten
Initial commit
11 vuotta sitten
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 vuotta sitten
Initial commit
11 vuotta sitten
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 vuotta sitten
Initial commit
11 vuotta sitten
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 vuotta sitten
Initial commit
11 vuotta sitten
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. include:

  2.   - users.sudo

  3. 

  4. {% for name, user in pillar.get('users', {}).items() %}

  5. {% if user == None %}

  6. {% set user = {} %}

  7. {% endif %}

  8. {% set home = user.get('home', "/home/%s" % name) %}

  9. 

  10. {% for group in user.get('groups', []) %}

  11. {{ group }}_group:

  12.   group:

  13.     - name: {{ group }}

  14.     - present

  15. {% endfor %}

  16. 

  17. {{ name }}_user:

  18.   file.directory:

  19.     - name: {{ home }}

  20.     - user: {{ name }}

  21.     - group: {{ name }}

  22.     - mode: 0755

  23.     - require:

  24.       - user: {{ name }}

  25.       - group: {{ name }}

  26.   group.present:

  27.     - name: {{ name }}

  28.     {% if 'uid' in user -%}

  29.     - gid: {{ user['uid'] }}

  30.     {% endif %}

  31.   user.present:

  32.     - name: {{ name }}

  33.     - home: {{ home }}

  34.     - shell: {{ user.get('shell', '/bin/bash') }}

  35.     {% if 'uid' in user -%}

  36.     - uid: {{ user['uid'] }}

  37.     {% endif %}

  38.     - gid_from_name: True

  39.     {% if 'fullname' in user %}

  40.     - fullname: {{ user['fullname'] }}

  41.     {% endif %}

  42.     - groups:

  43.         - {{ name }}

  44.       {% for group in user.get('groups', []) %}

  45.         - {{ group }}

  46.       {% endfor %}

  47.     - require:

  48.         - group: {{ name }}

  49.       {% for group in user.get('groups', []) %}

  50.         - group: {{ group }}

  51.       {% endfor %}

  52. 

  53. user_keydir_{{ name }}:

  54.   file.directory:

  55.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  56.     - user: {{ name }}

  57.     - group: {{ name }}

  58.     - makedirs: True

  59.     - mode: 744

  60.     - require:

  61.       - user: {{ name }}

  62.       - group: {{ name }}

  63.       {% for group in user.get('groups', []) %}

  64.       - group: {{ group }}

  65.       {% endfor %}

  66. 

  67.   {% if 'privkey' in user %}

  68. user_{{ name }}_private_key:

  69.   file.managed:

  70.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa

  71.     - user: {{ name }}

  72.     - group: {{ name }}

  73.     - mode: 600

  74.     - source: salt://keys/{{ user['privkey'] }}

  75.     - require:

  76.       - user: {{ name }}_user

  77.       {% for group in user.get('groups', []) %}

  78.       - group: {{ group }}_group

  79.       {% endfor %}

  80. user_{{ name }}_public_key:

  81.   file.managed:

  82.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub

  83.     - user: {{ name }}

  84.     - group: {{ name }}

  85.     - mode: 644

  86.     - source: salt://keys/{{ user['privkey'] }}.pub

  87.     - require:

  88.       - user: {{ name }}_user

  89.       {% for group in user.get('groups', []) %}

  90.       - group: {{ group }}_group

  91.       {% endfor %}

  92.   {% endif %}

  93. 

  94. 

  95.   {% if 'ssh_auth' in user %}

  96.   {% for auth in user['ssh_auth'] %}

  97. ssh_auth_{{ name }}_{{ loop.index0 }}:

  98.   ssh_auth.present:

  99.     - user: {{ name }}

  100.     - name: {{ auth }}

  101.     - require:

  102.         - file: {{ name }}_user

  103.         - user: {{ name }}_user

  104. {% endfor %}

  105. {% endif %}

  106. 

  107. 

  108. {% if 'sudouser' in user and user['sudouser'] %}

  109. sudoer-{{ name }}:

  110.   file.managed:

  111.     - name: /etc/sudoers.d/{{ name }}

  112.     - user: root

  113.     - group: root

  114.     - mode: '0440'

  115. /etc/sudoers.d/{{ name }}:

  116.   file.append:

  117.   - text:

  118.     - "{{ name }}    ALL=(ALL)  NOPASSWD: ALL"

  119.   - require:

  120.     - file: sudoer-defaults

  121.     - file: sudoer-{{ name }}

  122. {% else %}

  123. /etc/sudoers.d/{{ name }}:

  124.   file.absent:

  125.     - name: /etc/sudoers.d/{{ name }}

  126. {% endif %}

  127. 

  128. {% endfor %}

  129. 

  130. {% for user in pillar.get('absent_users', []) %}

  131. {{ user }}:

  132.   user.absent

  133. /etc/sudoers.d/{{ user }}:

  134.   file.absent:

  135.     - name: /etc/sudoers.d/{{ user }}

  136. {% endfor %}