ExternalMirrors
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 13 Wiki Activity
Browse Source

Merge branch 'master' of https://github.com/saltstack-formulas/users-formula

tags/v0.45.0
Karsten Kosmala 8 years ago
parent
4f3d60e08e 0c364461c7
commit
5985275022
7 changed files with 54 additions and 31 deletions
Unified View Show Diff Stats
  1. +8
    -8
      README.rst
  2. +6
    -0
      pillar.example
  3. +2
    -1
      users/bashrc.sls
  4. +32
    -19
      users/init.sls
  5. +2
    -1
      users/profile.sls
  6. +2
    -1
      users/user_files.sls
  7. +2
    -1
      users/vimrc.sls

+ 8
- 8
README.rst View File

``users`` ``users``
--------- ---------


Configure a user's home directory, group, the user itself, secondary groups,
Configures a user's home directory, group, the user itself, secondary groups,
and associated keys. Also configures sudo access, and absent users. and associated keys. Also configures sudo access, and absent users.


``users.sudo`` ``users.sudo``
``users.bashrc`` ``users.bashrc``
---------------- ----------------


Ensures the bashrc file exists in the users home directory. Set manage_bashrc:
True in pillar per user. Defaults to False
Ensures the bashrc file exists in the users home directory. Sets 'manage_bashrc:
True' in pillar per user. Defaults to False.


``users.profile`` ``users.profile``
---------------- ----------------


Ensures the profile file exists in the users home directory. Set manage_profile:
True in pillar per user. Defaults to False
Ensures the profile file exists in the users home directory. Sets 'manage_profile:
True' in pillar per user. Defaults to False.


``users.vimrc`` ``users.vimrc``
--------------- ---------------


Ensures the vimrc file exists in the users home directory. Set manage_vimrc:
True in pillar per user. Defaults to False
This depends on the vim-formula to be installed
Ensures the vimrc file exists in the users home directory. Sets 'manage_vimrc:
True' in pillar per user. Defaults to False.
This depends on the vim-formula to be installed.


``users.user_files`` ``users.user_files``
--------------- ---------------

+ 6
- 0
pillar.example View File

# WARNING: If 'empty_password' is set to True, the 'password' statement # WARNING: If 'empty_password' is set to True, the 'password' statement
# will be ignored by enabling password-less login for the user. # will be ignored by enabling password-less login for the user.
empty_password: False empty_password: False
system: False
home: /custom/buser home: /custom/buser
homedir_owner: buser homedir_owner: buser
homedir_group: primarygroup homedir_group: primarygroup
user_dir_mode: 750
createhome: True createhome: True
roomnumber: "A-1" roomnumber: "A-1"
workphone: "(555) 555-5555" workphone: "(555) 555-5555"
sudo_defaults: sudo_defaults:
- '!requiretty' - '!requiretty'
shell: /bin/bash shell: /bin/bash
remove_groups: False
prime_group: prime_group:
name: primarygroup name: primarygroup
gid: 500 gid: 500
groups: groups:
- users - users
optional_groups:
- some_groups_that_might
- not_exist_on_all_minions
ssh_key_type: rsa ssh_key_type: rsa
# You can inline the private keys ... # You can inline the private keys ...
ssh_keys: ssh_keys:

+ 2
- 1
users/bashrc.sls View File

- users - users


{% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
{%- set current = salt.user.info(name) -%}
{%- if user == None -%} {%- if user == None -%}
{%- set user = {} -%} {%- set user = {} -%}
{%- endif -%} {%- endif -%}
{%- set home = user.get('home', "/home/%s" % name) -%}
{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}
{%- set manage = user.get('manage_bashrc', False) -%} {%- set manage = user.get('manage_bashrc', False) -%}
{%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- if 'prime_group' in user and 'name' in user['prime_group'] %}
{%- set user_group = user.prime_group.name -%} {%- set user_group = user.prime_group.name -%}

+ 32
- 19
users/init.sls View File

{%- if user == None -%} {%- if user == None -%}
{%- set user = {} -%} {%- set user = {} -%}
{%- endif -%} {%- endif -%}
{%- set home = user.get('home', "/home/%s" % name) -%}
{%- set current = salt.user.info(name) -%}
{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}


{%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- if 'prime_group' in user and 'name' in user['prime_group'] %}
{%- set user_group = user.prime_group.name -%} {%- set user_group = user.prime_group.name -%}
{%- elif 'uid' in user %} {%- elif 'uid' in user %}
- gid: {{ user['uid'] }} - gid: {{ user['uid'] }}
{%- endif %} {%- endif %}
{% if 'system' in user and user['system'] %}
- system: True
{% endif %}
user.present: user.present:
- name: {{ name }} - name: {{ name }}
- home: {{ home }} - home: {{ home }}
- shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }}
- shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }}
{% if 'uid' in user -%} {% if 'uid' in user -%}
- uid: {{ user['uid'] }} - uid: {{ user['uid'] }}
{% endif -%} {% endif -%}
{% for group in user.get('groups', []) -%} {% for group in user.get('groups', []) -%}
- {{ group }} - {{ group }}
{% endfor %} {% endfor %}
{% if 'optional_groups' in user %}
- optional_groups:
{% for optional_group in user['optional_groups'] -%}
- {{optional_group}}
{% endfor %}
{% endif %}
- require: - require:
- group: {{ user_group }} - group: {{ user_group }}
{% for group in user.get('groups', []) -%} {% for group in user.get('groups', []) -%}
'ssh_config' in user %} 'ssh_config' in user %}
user_keydir_{{ name }}: user_keydir_{{ name }}:
file.directory: file.directory:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
- name: {{ home }}/.ssh
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- makedirs: True - makedirs: True
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
users_user_{{ name }}_private_key: users_user_{{ name }}_private_key:
file.managed: file.managed:
- name: {{ user.get('home',
'/home/{0}'.format(name)) }}/.ssh/{{ key_type }}
- name: {{ home }}/.ssh/{{ key_type }}
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 600 - mode: 600
{% endfor %} {% endfor %}
users_user_{{ name }}_public_key: users_user_{{ name }}_public_key:
file.managed: file.managed:
- name: {{ user.get('home',
'/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub
- name: {{ home }}/.ssh/{{ key_type }}.pub
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 644 - mode: 644
{{ auth }} {{ auth }}
{% endfor -%} {% endfor -%}
{% else %} {% else %}
- contents: |
{%- for key_name, pillar_name in user['ssh_auth_pillar'].iteritems() %}
{{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}
- contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey
{%- endfor %} {%- endfor %}
{% endif %} {% endif %}
{% endif %} {% endif %}
- user: {{ name }} - user: {{ name }}
- name: {{ auth }} - name: {{ auth }}
- require: - require:
- file: users_{{ name }}_user
- file: user_keydir_{{ name }}
- user: users_{{ name }}_user - user: users_{{ name }}_user
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% for key_name, pillar_name in user['ssh_keys_pillar'].items() %} {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}
user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key: user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:
file.managed: file.managed:
- name: {{ user.get('home',
'/home/{0}'.format(name)) }}/.ssh/{{ key_name }}
- name: {{ home }}/.ssh/{{ key_name }}
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 600 - mode: 600
{% endfor %} {% endfor %}
user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key: user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:
file.managed: file.managed:
- name: {{ user.get('home',
'/home/{0}'.format(name)) }}/.ssh/{{ key_name }}.pub
- name: {{ home }}/.ssh/{{ key_name }}.pub
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 644 - mode: 644


users_sudoer-{{ name }}: users_sudoer-{{ name }}:
file.managed: file.managed:
- replace: False
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
- user: root - user: root
- group: {{ users.root_group }} - group: {{ users.root_group }}


users_{{ users.sudoers_dir }}/{{ name }}: users_{{ users.sudoers_dir }}/{{ name }}:
file.managed: file.managed:
- replace: True
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
- contents: | - contents: |
{%- if 'sudo_defaults' in user %} {%- if 'sudo_defaults' in user %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'sudo_rules' in user %} {%- if 'sudo_rules' in user %}
########################################################################
# File managed by Salt (users-formula).
# Your changes will be overwritten.
########################################################################
#
{%- for rule in user['sudo_rules'] %} {%- for rule in user['sudo_rules'] %}
{{ name }} {{ rule }} {{ name }} {{ rule }}
{%- endfor %} {%- endfor %}
- require: - require:
- file: users_sudoer-defaults - file: users_sudoer-defaults
- file: users_sudoer-{{ name }} - file: users_sudoer-{{ name }}
cmd.wait:
cmd.wait:
- name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 ) - name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 )
- watch:
- file: {{ users.sudoers_dir }}/{{ name }}
- watch:
- file: {{ users.sudoers_dir }}/{{ name }}
{% endif %} {% endif %}
{% else %} {% else %}
users_{{ users.sudoers_dir }}/{{ name }}: users_{{ users.sudoers_dir }}/{{ name }}:


{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
users_absent_user_2_{{ user }}: users_absent_user_2_{{ user }}:
user.absent
user.absent:
- name: {{ name }}
users_2_{{ users.sudoers_dir }}/{{ user }}: users_2_{{ users.sudoers_dir }}/{{ user }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}/{{ user }} - name: {{ users.sudoers_dir }}/{{ user }}

+ 2
- 1
users/profile.sls View File

- users - users


{% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
{%- set current = salt.user.info(name) -%}
{%- if user == None -%} {%- if user == None -%}
{%- set user = {} -%} {%- set user = {} -%}
{%- endif -%} {%- endif -%}
{%- set home = user.get('home', "/home/%s" % name) -%}
{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}
{%- set manage = user.get('manage_profile', False) -%} {%- set manage = user.get('manage_profile', False) -%}
{%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- if 'prime_group' in user and 'name' in user['prime_group'] %}
{%- set user_group = user.prime_group.name -%} {%- set user_group = user.prime_group.name -%}

+ 2
- 1
users/user_files.sls View File



{% set userfile_dirs = salt['cp.list_master_dirs'](prefix='users/files/user/') -%} {% set userfile_dirs = salt['cp.list_master_dirs'](prefix='users/files/user/') -%}
{%- for username, user in salt['pillar.get']('users', {}).items() if (user.absent is not defined or not user.absent) -%} {%- for username, user in salt['pillar.get']('users', {}).items() if (user.absent is not defined or not user.absent) -%}
{%- set current = salt.user.info(username) -%}
{%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%}
{%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%}
{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), '/home/' ~ username ) -%}
{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%}
{%- if user_files.enabled -%} {%- if user_files.enabled -%}


{%- if user_files.source is defined -%} {%- if user_files.source is defined -%}

+ 2
- 1
users/vimrc.sls View File

- vim - vim


{% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
{%- set current = salt.user.info(name) -%}
{%- if user == None -%} {%- if user == None -%}
{%- set user = {} -%} {%- set user = {} -%}
{%- endif -%} {%- endif -%}
{%- set home = user.get('home', "/home/%s" % name) -%}
{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}
{%- set manage = user.get('manage_vimrc', False) -%} {%- set manage = user.get('manage_vimrc', False) -%}
{%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- if 'prime_group' in user and 'name' in user['prime_group'] %}
{%- set user_group = user.prime_group.name -%} {%- set user_group = user.prime_group.name -%}

Write Preview
Loading…
Cancel
Save