Saltstack Official Users Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
10 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
11 лет назад
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180
  1. include:
  2. - users.sudo
  3. {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
  4. {%- if user == None -%}
  5. {%- set user = {} -%}
  6. {%- endif -%}
  7. {%- set home = user.get('home', "/home/%s" % name) -%}
  8. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}
  9. {%- set user_group = user.prime_group.name -%}
  10. {%- else -%}
  11. {%- set user_group = name -%}
  12. {%- endif %}
  13. {% for group in user.get('groups', []) %}
  14. {{ name }}_{{ group }}_group:
  15. group:
  16. - name: {{ group }}
  17. - present
  18. {% endfor %}
  19. {{ name }}_user:
  20. file.directory:
  21. - name: {{ home }}
  22. - user: {{ name }}
  23. - group: {{ user_group }}
  24. - mode: 0755
  25. - require:
  26. - user: {{ name }}
  27. - group: {{ user_group }}
  28. group.present:
  29. - name: {{ user_group }}
  30. {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}
  31. - gid: {{ user['prime_group']['gid'] }}
  32. {%- elif 'uid' in user %}
  33. - gid: {{ user['uid'] }}
  34. {%- endif %}
  35. user.present:
  36. - name: {{ name }}
  37. - home: {{ home }}
  38. - shell: {{ user.get('shell', '/bin/bash') }}
  39. {% if 'uid' in user -%}
  40. - uid: {{ user['uid'] }}
  41. {% endif -%}
  42. {% if 'password' in user -%}
  43. - password: {{ user['password'] }}
  44. {% endif -%}
  45. {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}
  46. - gid: {{ user['prime_group']['gid'] }}
  47. {% else -%}
  48. - gid_from_name: True
  49. {% endif -%}
  50. {% if 'fullname' in user %}
  51. - fullname: {{ user['fullname'] }}
  52. {% endif -%}
  53. - groups:
  54. - {{ user_group }}
  55. {% for group in user.get('groups', []) -%}
  56. - {{ group }}
  57. {% endfor %}
  58. - require:
  59. - group: {{ user_group }}
  60. {% for group in user.get('groups', []) -%}
  61. - group: {{ group }}
  62. {% endfor %}
  63. user_keydir_{{ name }}:
  64. file.directory:
  65. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
  66. - user: {{ name }}
  67. - group: {{ user_group }}
  68. - makedirs: True
  69. - mode: 700
  70. - require:
  71. - user: {{ name }}
  72. - group: {{ user_group }}
  73. {%- for group in user.get('groups', []) %}
  74. - group: {{ group }}
  75. {%- endfor %}
  76. {% if 'ssh_keys' in user %}
  77. {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
  78. user_{{ name }}_private_key:
  79. file.managed:
  80. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}
  81. - user: {{ name }}
  82. - group: {{ user_group }}
  83. - mode: 600
  84. - contents_pillar: users:{{ name }}:ssh_keys:privkey
  85. - require:
  86. - user: {{ name }}_user
  87. {% for group in user.get('groups', []) %}
  88. - group: {{ name }}_{{ group }}_group
  89. {% endfor %}
  90. user_{{ name }}_public_key:
  91. file.managed:
  92. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub
  93. - user: {{ name }}
  94. - group: {{ user_group }}
  95. - mode: 644
  96. - contents_pillar: users:{{ name }}:ssh_keys:pubkey
  97. - require:
  98. - user: {{ name }}_user
  99. {% for group in user.get('groups', []) %}
  100. - group: {{ name }}_{{ group }}_group
  101. {% endfor %}
  102. {% endif %}
  103. {% if 'ssh_auth' in user %}
  104. {% for auth in user['ssh_auth'] %}
  105. ssh_auth_{{ name }}_{{ loop.index0 }}:
  106. ssh_auth.present:
  107. - user: {{ name }}
  108. - name: {{ auth }}
  109. - require:
  110. - file: {{ name }}_user
  111. - user: {{ name }}_user
  112. {% endfor %}
  113. {% endif %}
  114. {% if 'sudouser' in user and user['sudouser'] %}
  115. sudoer-{{ name }}:
  116. file.managed:
  117. - name: /etc/sudoers.d/{{ name }}
  118. - user: root
  119. - group: root
  120. - mode: '0440'
  121. {% if 'sudo_rules' in user %}
  122. /etc/sudoers.d/{{ name }}:
  123. file.append:
  124. - text:
  125. {% for rule in user['sudo_rules'] %}
  126. - "{{ name }} {{ rule }}"
  127. {% endfor %}
  128. - require:
  129. - file: sudoer-defaults
  130. - file: sudoer-{{ name }}
  131. {% endif %}
  132. {% else %}
  133. /etc/sudoers.d/{{ name }}:
  134. file.absent:
  135. - name: /etc/sudoers.d/{{ name }}
  136. {% endif %}
  137. {% endfor %}
  138. {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}
  139. {{ name }}:
  140. {% if 'purge' in user or 'force' in user %}
  141. user.absent:
  142. {% if 'purge' in user %}
  143. - purge: {{ user['purge'] }}
  144. {% endif %}
  145. {% if 'force' in user %}
  146. - force: {{ user['force'] }}
  147. {% endif %}
  148. {% else %}
  149. user.absent
  150. {% endif -%}
  151. /etc/sudoers.d/{{ name }}:
  152. file.absent:
  153. - name: /etc/sudoers.d/{{ name }}
  154. {% endfor %}
  155. {% for user in pillar.get('absent_users', []) %}
  156. {{ user }}:
  157. user.absent
  158. /etc/sudoers.d/{{ user }}:
  159. file.absent:
  160. - name: /etc/sudoers.d/{{ user }}
  161. {% endfor %}
  162. {% for group in pillar.get('absent_groups', []) %}
  163. {{ group }}:
  164. group.absent
  165. {% endfor %}