Browse Source

Added unique switch

tags/v0.45.0
Jerzy Drozdz 7 years ago
parent
commit
a32fb976ec
3 changed files with 34 additions and 21 deletions
  1. +5
    -0
      pillar.example
  2. +25
    -21
      users/init.sls
  3. +4
    -0
      users/user_files.sls

+ 5
- 0
pillar.example View File

ssh_keys: ssh_keys:
privkey: PRIVATEKEY privkey: PRIVATEKEY
pubkey: PUBLICKEY pubkey: PUBLICKEY
# you can provide multiple keys, the keyname is taken as filename
# make sure your public keys suffix is .pub
foobar: PRIVATEKEY
foobar.pub: PUBLICKEY
# ... or you can pull them from a different pillar, # ... or you can pull them from a different pillar,
# for example one called "ssh_keys": # for example one called "ssh_keys":
ssh_keys_pillar: ssh_keys_pillar:
# should be a salt fileserver path either with or without 'salt://' # should be a salt fileserver path either with or without 'salt://'
# if not present, it defaults to 'salt://users/files/user/<username> # if not present, it defaults to 'salt://users/files/user/<username>
source: users/files/default source: users/files/default
template: jinja
# You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0 # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0
# it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save
# execution bit for example. # execution bit for example.

+ 25
- 21
users/init.sls View File

- workphone: {{ user['workphone'] }} - workphone: {{ user['workphone'] }}
{% endif %} {% endif %}
{% if 'homephone' in user %} {% if 'homephone' in user %}
- homephone: {{ user['workphone'] }}
- homephone: {{ user['homephone'] }}
{% endif %} {% endif %}
{% if not user.get('createhome', True) %} {% if not user.get('createhome', True) %}
- createhome: False - createhome: False
{% endif %} {% endif %}
{% if not user.get('unique', True) %}
- unique: False
{% endif %}
{% if 'expire' in user -%} {% if 'expire' in user -%}
{% if grains['kernel'].endswith('BSD') and {% if grains['kernel'].endswith('BSD') and
user['expire'] < 157766400 %} user['expire'] < 157766400 %}
{% endif %} {% endif %}


{% if 'ssh_keys' in user %} {% if 'ssh_keys' in user %}
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
users_user_{{ name }}_private_key:
file.managed:
- name: {{ home }}/.ssh/{{ key_type }}
- user: {{ name }}
- group: {{ user_group }}
- mode: 600
- show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:privkey
- require:
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %}
- group: users_{{ name }}_{{ group }}_group
{% endfor %}
users_user_{{ name }}_public_key:
{% for _key in user.ssh_keys.keys() %}
{% if _key == 'privkey' %}
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}
{% elif _key == 'pubkey' %}
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}
{% else %}
{% set key_name = _key %}
{% endif %}
users_{{ name }}_{{ key_name }}_key:
file.managed: file.managed:
- name: {{ home }}/.ssh/{{ key_type }}.pub
- name: {{ home }}/.ssh/{{ key_name }}
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
{% if key_name.endswith(".pub") %}
- mode: 644 - mode: 644
{% else %}
- mode: 600
{% endif %}
- show_diff: False - show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:pubkey
- contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
- require: - require:
- user: users_{{ name }}_user - user: users_{{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
- group: users_{{ name }}_{{ group }}_group - group: users_{{ name }}_{{ group }}_group
{% endfor %} {% endfor %}
{% endfor %}
{% endif %} {% endif %}



{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
users_authorized_keys_{{ name }}: users_authorized_keys_{{ name }}:
file.managed: file.managed:
{{ auth }} {{ auth }}
{% endfor -%} {% endfor -%}
{% else %} {% else %}
- contents: |
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}
- contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey
{{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}
{%- endfor %} {%- endfor %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if 'gitconfig' in user %} {% if 'gitconfig' in user %}
{% for key, value in user['gitconfig'].items() %} {% for key, value in user['gitconfig'].items() %}
users_{{ name }}_user_gitconfig_{{ loop.index0 }}: users_{{ name }}_user_gitconfig_{{ loop.index0 }}:
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %}
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}
git.config_set: git.config_set:
{% else %} {% else %}
git.config: git.config:
- name: {{ key }} - name: {{ key }}
- value: "{{ value }}" - value: "{{ value }}"
- user: {{ name }} - user: {{ name }}
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %}
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}
- global: True - global: True
{% else %} {% else %}
- is_global: True - is_global: True

+ 4
- 0
users/user_files.sls View File

{%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%}
{%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%}
{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%}
{%- set user_files_template = salt['pillar.get'](('users:' ~ username ~ ':user_files:template'), None) -%}
{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} {%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%}
{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} {%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%}
{%- if user_files.enabled -%} {%- if user_files.enabled -%}
- source: {{ file_source }} - source: {{ file_source }}
- user: {{ username }} - user: {{ username }}
- group: {{ user_group }} - group: {{ user_group }}
{% if user_files_template -%}
- template: {{ user_files_template }}
{% endif -%}
- clean: False - clean: False
{% if user_files_file_mode -%} {% if user_files_file_mode -%}
- file_mode: {{ user_files_file_mode }} - file_mode: {{ user_files_file_mode }}

Loading…
Cancel
Save