Saltstack Official Users Formula
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.

137 líneas
3.2KB

  1. include:
  2. - users.sudo
  3. {% for name, user in pillar.get('users', {}).items() %}
  4. {% if user == None %}
  5. {% set user = {} %}
  6. {% endif %}
  7. {% set home = user.get('home', "/home/%s" % name) %}
  8. {% for group in user.get('groups', []) %}
  9. {{ group }}_group:
  10. group:
  11. - name: {{ group }}
  12. - present
  13. {% endfor %}
  14. {{ name }}_user:
  15. file.directory:
  16. - name: {{ home }}
  17. - user: {{ name }}
  18. - group: {{ name }}
  19. - mode: 0755
  20. - require:
  21. - user: {{ name }}
  22. - group: {{ name }}
  23. group.present:
  24. - name: {{ name }}
  25. {% if 'uid' in user -%}
  26. - gid: {{ user['uid'] }}
  27. {% endif %}
  28. user.present:
  29. - name: {{ name }}
  30. - home: {{ home }}
  31. - shell: {{ user.get('shell', '/bin/bash') }}
  32. {% if 'uid' in user -%}
  33. - uid: {{ user['uid'] }}
  34. {% endif %}
  35. - gid_from_name: True
  36. {% if 'fullname' in user %}
  37. - fullname: {{ user['fullname'] }}
  38. {% endif %}
  39. - groups:
  40. - {{ name }}
  41. {% for group in user.get('groups', []) %}
  42. - {{ group }}
  43. {% endfor %}
  44. - require:
  45. - group: {{ name }}
  46. {% for group in user.get('groups', []) %}
  47. - group: {{ group }}
  48. {% endfor %}
  49. user_keydir_{{ name }}:
  50. file.directory:
  51. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
  52. - user: {{ name }}
  53. - group: {{ name }}
  54. - makedirs: True
  55. - mode: 744
  56. - require:
  57. - user: {{ name }}
  58. - group: {{ name }}
  59. {% for group in user.get('groups', []) %}
  60. - group: {{ group }}
  61. {% endfor %}
  62. {% if 'privkey' in user %}
  63. user_{{ name }}_private_key:
  64. file.managed:
  65. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
  66. - user: {{ name }}
  67. - group: {{ name }}
  68. - mode: 600
  69. - source: salt://keys/{{ user['privkey'] }}
  70. - require:
  71. - user: {{ name }}_user
  72. {% for group in user.get('groups', []) %}
  73. - group: {{ group }}_group
  74. {% endfor %}
  75. user_{{ name }}_public_key:
  76. file.managed:
  77. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub
  78. - user: {{ name }}
  79. - group: {{ name }}
  80. - mode: 644
  81. - source: salt://keys/{{ user['privkey'] }}.pub
  82. - require:
  83. - user: {{ name }}_user
  84. {% for group in user.get('groups', []) %}
  85. - group: {{ group }}_group
  86. {% endfor %}
  87. {% endif %}
  88. {% if 'ssh_auth' in user %}
  89. {% for auth in user['ssh_auth'] %}
  90. ssh_auth_{{ name }}_{{ loop.index0 }}:
  91. ssh_auth.present:
  92. - user: {{ name }}
  93. - name: {{ auth }}
  94. - require:
  95. - file: {{ name }}_user
  96. - user: {{ name }}_user
  97. {% endfor %}
  98. {% endif %}
  99. {% if 'sudouser' in user and user['sudouser'] %}
  100. sudoer-{{ name }}:
  101. file.managed:
  102. - name: /etc/sudoers.d/{{ name }}
  103. - user: root
  104. - group: root
  105. - mode: '0440'
  106. /etc/sudoers.d/{{ name }}:
  107. file.append:
  108. - text:
  109. - "{{ name }} ALL=(ALL) NOPASSWD: ALL"
  110. - require:
  111. - file: sudoer-defaults
  112. - file: sudoer-{{ name }}
  113. {% else %}
  114. /etc/sudoers.d/{{ name }}:
  115. file.absent:
  116. - name: /etc/sudoers.d/{{ name }}
  117. {% endif %}
  118. {% endfor %}
  119. {% for user in pillar.get('absent_users', []) %}
  120. {{ user }}:
  121. user.absent
  122. /etc/sudoers.d/{{ user }}:
  123. file.absent:
  124. - name: /etc/sudoers.d/{{ user }}
  125. {% endfor %}