ExternalMirrors
/
users-formula
spegling av https://github.com/saltstack-formulas/users-formula
Bevaka 1
Stjärnmärk 0
Förgrening 1
Kod Ärenden 0 Släpp 13 Wiki Aktiviteter
Saltstack Official Users Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
15 Incheckningar
3 Grenar
Träd: 547db95d62
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '547db95d62'
${ noResults }
users-formula/users/init.sls

init.sls 3.2KB
Normal View Historik

Initial commit
11 år sedan
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 år sedan
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 år sedan
Fix Undefined jinja variable error with Salt 0.17.1 Ran into an error with Salt version 0.17.1: Rendering SLS users failed, render error: Undefined jinja variable; line 32 After finding https://github.com/saltstack/salt/issues/8245, and working on line 32, I surmised that line 28 might be the actual cause of the issue. I just added a quick check to see if uid exists in user, just as the user uid line does.
11 år sedan
Initial commit
11 år sedan
Fixed user default shell source Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
11 år sedan
Initial commit
11 år sedan
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 år sedan
Initial commit
11 år sedan
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 år sedan
Initial commit
11 år sedan
Fix requisites for user state group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
11 år sedan
Initial commit
11 år sedan
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 år sedan
Initial commit
11 år sedan
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 år sedan
Initial commit
11 år sedan
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. include:

  2.   - users.sudo

  3. 

  4. {% for name, user in pillar.get('users', {}).items() %}

  5. {% if user == None %}

  6. {% set user = {} %}

  7. {% endif %}

  8. {% set home = user.get('home', "/home/%s" % name) %}

  9. 

  10. {% for group in user.get('groups', []) %}

  11. {{ group }}_group:

  12.   group:

  13.     - name: {{ group }}

  14.     - present

  15. {% endfor %}

  16. 

  17. {{ name }}_user:

  18.   file.directory:

  19.     - name: {{ home }}

  20.     - user: {{ name }}

  21.     - group: {{ name }}

  22.     - mode: 0755

  23.     - require:

  24.       - user: {{ name }}

  25.       - group: {{ name }}

  26.   group.present:

  27.     - name: {{ name }}

  28.     {% if 'uid' in user -%}

  29.     - gid: {{ user['uid'] }}

  30.     {% endif %}

  31.   user.present:

  32.     - name: {{ name }}

  33.     - home: {{ home }}

  34.     - shell: {{ user.get('shell', '/bin/bash') }}

  35.     {% if 'uid' in user -%}

  36.     - uid: {{ user['uid'] }}

  37.     {% endif %}

  38.     - gid_from_name: True

  39.     {% if 'fullname' in user %}

  40.     - fullname: {{ user['fullname'] }}

  41.     {% endif %}

  42.     - groups:

  43.         - {{ name }}

  44.       {% for group in user.get('groups', []) %}

  45.         - {{ group }}

  46.       {% endfor %}

  47.     - require:

  48.         - group: {{ name }}

  49.       {% for group in user.get('groups', []) %}

  50.         - group: {{ group }}

  51.       {% endfor %}

  52. 

  53. user_keydir_{{ name }}:

  54.   file.directory:

  55.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  56.     - user: {{ name }}

  57.     - group: {{ name }}

  58.     - makedirs: True

  59.     - mode: 744

  60.     - require:

  61.       - user: {{ name }}

  62.       - group: {{ name }}

  63.       {% for group in user.get('groups', []) %}

  64.       - group: {{ group }}

  65.       {% endfor %}

  66. 

  67.   {% if 'privkey' in user %}

  68. user_{{ name }}_private_key:

  69.   file.managed:

  70.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa

  71.     - user: {{ name }}

  72.     - group: {{ name }}

  73.     - mode: 600

  74.     - source: salt://keys/{{ user['privkey'] }}

  75.     - require:

  76.       - user: {{ name }}_user

  77.       {% for group in user.get('groups', []) %}

  78.       - group: {{ group }}_group

  79.       {% endfor %}

  80. user_{{ name }}_public_key:

  81.   file.managed:

  82.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub

  83.     - user: {{ name }}

  84.     - group: {{ name }}

  85.     - mode: 644

  86.     - source: salt://keys/{{ user['privkey'] }}.pub

  87.     - require:

  88.       - user: {{ name }}_user

  89.       {% for group in user.get('groups', []) %}

  90.       - group: {{ group }}_group

  91.       {% endfor %}

  92.   {% endif %}

  93. 

  94. 

  95.   {% if 'ssh_auth' in user %}

  96.   {% for auth in user['ssh_auth'] %}

  97. ssh_auth_{{ name }}_{{ loop.index0 }}:

  98.   ssh_auth.present:

  99.     - user: {{ name }}

  100.     - name: {{ auth }}

  101.     - require:

  102.         - file: {{ name }}_user

  103.         - user: {{ name }}_user

  104. {% endfor %}

  105. {% endif %}

  106. 

  107. 

  108. {% if 'sudouser' in user and user['sudouser'] %}

  109. sudoer-{{ name }}:

  110.   file.managed:

  111.     - name: /etc/sudoers.d/{{ name }}

  112.     - user: root

  113.     - group: root

  114.     - mode: '0440'

  115. /etc/sudoers.d/{{ name }}:

  116.   file.append:

  117.   - text:

  118.     - "{{ name }}    ALL=(ALL)  NOPASSWD: ALL"

  119.   - require:

  120.     - file: sudoer-defaults

  121.     - file: sudoer-{{ name }}

  122. {% else %}

  123. /etc/sudoers.d/{{ name }}:

  124.   file.absent:

  125.     - name: /etc/sudoers.d/{{ name }}

  126. {% endif %}

  127. 

  128. {% endfor %}

  129. 

  130. {% for user in pillar.get('absent_users', []) %}

  131. {{ user }}:

  132.   user.absent

  133. /etc/sudoers.d/{{ user }}:

  134.   file.absent:

  135.     - name: /etc/sudoers.d/{{ user }}

  136. {% endfor %}