ExternalMirrors
/
users-formula
зеркало из https://github.com/saltstack-formulas/users-formula
Следить 1
В избранное 0
Форкнуть 1
Код Задачи 0 Релизы 13 Вики Активность
Saltstack Official Users Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
15 коммитов
3 Ветки
Дерево: 547db95d62
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '547db95d62'
${ noResults }
users-formula/users/init.sls

init.sls 3.2KB
Исходник Normal View История

Initial commit
11 лет назад
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 лет назад
Initial commit
11 лет назад
Fixed user default shell source Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
11 лет назад
Initial commit
11 лет назад
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 лет назад
Initial commit
11 лет назад
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 лет назад
Initial commit
11 лет назад
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 лет назад
Initial commit
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Initial commit
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Initial commit
11 лет назад
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. include:

  2.   - users.sudo

  3. 

  4. {% for name, user in pillar.get('users', {}).items() %}

  5. {% if user == None %}

  6. {% set user = {} %}

  7. {% endif %}

  8. {% set home = user.get('home', "/home/%s" % name) %}

  9. 

  10. {% for group in user.get('groups', []) %}

  11. {{ group }}_group:

  12.   group:

  13.     - name: {{ group }}

  14.     - present

  15. {% endfor %}

  16. 

  17. {{ name }}_user:

  18.   file.directory:

  19.     - name: {{ home }}

  20.     - user: {{ name }}

  21.     - group: {{ name }}

  22.     - mode: 0755

  23.     - require:

  24.       - user: {{ name }}

  25.       - group: {{ name }}

  26.   group.present:

  27.     - name: {{ name }}

  28.     {% if 'uid' in user -%}

  29.     - gid: {{ user['uid'] }}

  30.     {% endif %}

  31.   user.present:

  32.     - name: {{ name }}

  33.     - home: {{ home }}

  34.     - shell: {{ user.get('shell', '/bin/bash') }}

  35.     {% if 'uid' in user -%}

  36.     - uid: {{ user['uid'] }}

  37.     {% endif %}

  38.     - gid_from_name: True

  39.     {% if 'fullname' in user %}

  40.     - fullname: {{ user['fullname'] }}

  41.     {% endif %}

  42.     - groups:

  43.         - {{ name }}

  44.       {% for group in user.get('groups', []) %}

  45.         - {{ group }}

  46.       {% endfor %}

  47.     - require:

  48.         - group: {{ name }}

  49.       {% for group in user.get('groups', []) %}

  50.         - group: {{ group }}

  51.       {% endfor %}

  52. 

  53. user_keydir_{{ name }}:

  54.   file.directory:

  55.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  56.     - user: {{ name }}

  57.     - group: {{ name }}

  58.     - makedirs: True

  59.     - mode: 744

  60.     - require:

  61.       - user: {{ name }}

  62.       - group: {{ name }}

  63.       {% for group in user.get('groups', []) %}

  64.       - group: {{ group }}

  65.       {% endfor %}

  66. 

  67.   {% if 'privkey' in user %}

  68. user_{{ name }}_private_key:

  69.   file.managed:

  70.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa

  71.     - user: {{ name }}

  72.     - group: {{ name }}

  73.     - mode: 600

  74.     - source: salt://keys/{{ user['privkey'] }}

  75.     - require:

  76.       - user: {{ name }}_user

  77.       {% for group in user.get('groups', []) %}

  78.       - group: {{ group }}_group

  79.       {% endfor %}

  80. user_{{ name }}_public_key:

  81.   file.managed:

  82.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub

  83.     - user: {{ name }}

  84.     - group: {{ name }}

  85.     - mode: 644

  86.     - source: salt://keys/{{ user['privkey'] }}.pub

  87.     - require:

  88.       - user: {{ name }}_user

  89.       {% for group in user.get('groups', []) %}

  90.       - group: {{ group }}_group

  91.       {% endfor %}

  92.   {% endif %}

  93. 

  94. 

  95.   {% if 'ssh_auth' in user %}

  96.   {% for auth in user['ssh_auth'] %}

  97. ssh_auth_{{ name }}_{{ loop.index0 }}:

  98.   ssh_auth.present:

  99.     - user: {{ name }}

  100.     - name: {{ auth }}

  101.     - require:

  102.         - file: {{ name }}_user

  103.         - user: {{ name }}_user

  104. {% endfor %}

  105. {% endif %}

  106. 

  107. 

  108. {% if 'sudouser' in user and user['sudouser'] %}

  109. sudoer-{{ name }}:

  110.   file.managed:

  111.     - name: /etc/sudoers.d/{{ name }}

  112.     - user: root

  113.     - group: root

  114.     - mode: '0440'

  115. /etc/sudoers.d/{{ name }}:

  116.   file.append:

  117.   - text:

  118.     - "{{ name }}    ALL=(ALL)  NOPASSWD: ALL"

  119.   - require:

  120.     - file: sudoer-defaults

  121.     - file: sudoer-{{ name }}

  122. {% else %}

  123. /etc/sudoers.d/{{ name }}:

  124.   file.absent:

  125.     - name: /etc/sudoers.d/{{ name }}

  126. {% endif %}

  127. 

  128. {% endfor %}

  129. 

  130. {% for user in pillar.get('absent_users', []) %}

  131. {{ user }}:

  132.   user.absent

  133. /etc/sudoers.d/{{ user }}:

  134.   file.absent:

  135.     - name: /etc/sudoers.d/{{ user }}

  136. {% endfor %}