salt
/
users-formula
bifurqué depuis ExternalMirrors/users-formula
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Versions 0 Activité
Saltstack Official Users Formula
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
291 Révisions
2 Branches
Aborescence: 9f6fc4f4b9
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '9f6fc4f4b9'
${ noResults }
users-formula/pillar.example

pillar.example 4.9KB
Brut Vue normale Historique

(Re-)enable pillar users-formula:lookup
il y a 7 ans
Add example data to pillar.
il y a 11 ans
New format of user.absent support introduced. Old format still supported.
il y a 10 ans
Add example data to pillar.
il y a 11 ans
New format of user.absent support introduced. Old format still supported.
il y a 10 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
New format of user.absent support introduced. Old format still supported.
il y a 10 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
Update pillar.example
il y a 10 ans
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt.
il y a 9 ans
Adds 'empty_password' statement for states.user.present
il y a 9 ans
Add support for hash_password
il y a 8 ans
Add missing keys in pillar.example (found in init.sls)
il y a 9 ans
Add home to pillar.example
il y a 10 ans
add pillar data
il y a 8 ans
Add missing keys in pillar.example (found in init.sls)
il y a 9 ans
Add 'createhome' option for 'user.present' state
il y a 10 ans
Added ability to specify room number, home phone, and work phone as per https://docs.saltstack.com/en/develop/ref/states/all/salt.states.user.html
il y a 9 ans
Enable/disable bashrc/vimrc per user Made both states configurable per user in pillar data Had to drop extend, for this otherwise the extend would be empty if manage is False
il y a 9 ans
Add support for .profile file
il y a 9 ans
Add support for setting user expire
il y a 10 ans
Added short docs for options
il y a 6 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
Add sudo_rules syntax examples for rules with colons
il y a 9 ans
Add support for setting user expire
il y a 10 ans
Fix incorrect sudo_rules example
il y a 10 ans
possibility to define user-specific Defaults
il y a 9 ans
fixing example for sudo defaults for specific user
il y a 9 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
Add missing keys in pillar.example (found in init.sls)
il y a 9 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
yaml mistype had the prime group and ssh keys values as another dict. fixed.
il y a 10 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
Add example pillar data for optional_groups
il y a 8 ans
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
il y a 10 ans
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
il y a 9 ans
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
il y a 10 ans
yaml mistype had the prime group and ssh keys values as another dict. fixed.
il y a 10 ans
Fix docs
il y a 6 ans
adjust file permissions of public ssh-keys
il y a 7 ans
provide pillar example
il y a 7 ans
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
il y a 9 ans
Add example data to pillar.
il y a 11 ans
Fix ssh_auth.names in example pillar
il y a 10 ans
added option to remove ssh public keys from auth (ssh_auth.absent)
il y a 10 ans
Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys.
il y a 9 ans
Added ability to provide pillar path for ssh_auth.
il y a 9 ans
Added option to source ssh public keys from files.
il y a 9 ans
Add support for ssh_auth_sources.absent Fixes: 150
il y a 7 ans
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
il y a 9 ans
Add possibility to manage ssh's known_hosts file.
il y a 9 ans
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
il y a 9 ans
Added option to source ssh public keys from files.
il y a 9 ans
Resolve `git.config` error where minion does not have Git installed #115
il y a 8 ans
Add possibility to manage the user's global git configuration.
il y a 9 ans
fix gitconfig url insteadOf example Previous example would result in quote escaping problem
il y a 8 ans
Add possibility to manage the user's global git configuration.
il y a 9 ans
readd 2fa pam enforcement
il y a 9 ans
google auth example pillar config add; forgotten gauth state file add
il y a 9 ans
Added short docs for options
il y a 6 ans
update pillar.example to include uid in an attempt to save others from digging into the source (to confirm this detail)
il y a 9 ans
Update pillar.example Quick example of absent users
il y a 11 ans
Added feature to allow syncing arbitrary sets of files per user.
il y a 9 ans
Add 'template' support to 'user_files' (#159) * Add support for 'template' in 'user_files' * Fix-up wrong nesting level for template value * Small quality improvement for push upstream. * Consistency improvement for variable name
il y a 7 ans
Add ability to specify mode for files and symlinks in user_files
il y a 7 ans
[users/users_files] add exclude_pat to user files (closes #178)
il y a 6 ans
Added feature to allow syncing arbitrary sets of files per user.
il y a 9 ans
New format of user.absent support introduced. Old format still supported.
il y a 10 ans
Update pillar.example Quick example of absent users
il y a 11 ans
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. users-formula:

  2.   lookup:  # override the defauls in map.jinja

  3.     root_group: root

  4. 

  5. users:

  6.   ## Minimal required pillar values

  7.   auser:

  8.     fullname: A User

  9. 

  10.   ## Full list of pillar values

  11.   buser:

  12.     fullname: B User

  13.     password: $6$w.............

  14.     enforce_password: True

  15.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  16.     # will be ignored by enabling password-less login for the user.

  17.     empty_password: False

  18.     hash_password: False

  19.     system: False

  20.     home: /custom/buser

  21.     homedir_owner: buser

  22.     homedir_group: primarygroup

  23.     user_dir_mode: 750

  24.     createhome: True

  25.     roomnumber: "A-1"

  26.     workphone: "(555) 555-5555"

  27.     homephone: "(555) 555-5551"

  28.     manage_vimrc: False

  29.     manage_bashrc: False

  30.     manage_profile: False

  31.     expire: 16426

  32.     # Disables user management except sudo rules.

  33.     # Useful for setting sudo rules for system accounts created by package instalation

  34.     sudoonly: False

  35.     sudouser: True

  36.     # sudo_rules doesn't need the username as a prefix for the rule

  37.     # this is added automatically by the formula.

  38.     # ----------------------------------------------------------------------

  39.     # In case your sudo_rules have a colon please have in mind to not leave

  40.     # spaces around it. For example:

  41.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  42.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  43.     sudo_rules:

  44.       - ALL=(root) /usr/bin/find

  45.       - ALL=(otheruser) /usr/bin/script.sh

  46.     sudo_defaults:

  47.       - '!requiretty'

  48.     shell: /bin/bash

  49.     remove_groups: False

  50.     prime_group:

  51.       name: primarygroup

  52.       gid: 500

  53.     groups:

  54.       - users

  55.     optional_groups:

  56.       - some_groups_that_might

  57.       - not_exist_on_all_minions

  58.     ssh_key_type: rsa

  59.     # You can inline the private keys ...

  60.     ssh_keys:

  61.       privkey: PRIVATEKEY

  62.       pubkey: PUBLICKEY

  63.       # or you can provide path to key on Salt fileserver

  64.       privkey: salt://path_to_PRIVATEKEY

  65.       pubkey: salt://path_to_PUBLICKEY

  66.       # you can provide multiple keys, the keyname is taken as filename

  67.       # make sure your public keys suffix is .pub

  68.       foobar: PRIVATEKEY

  69.       foobar.pub: PUBLICKEY

  70.     # ... or you can pull them from a different pillar,

  71.     # for example one called "ssh_keys":

  72.     ssh_keys_pillar:

  73.       id_rsa: "ssh_keys"

  74.       another_key_pair: "ssh_keys"

  75.     ssh_auth:

  76.       - PUBLICKEY

  77.     ssh_auth.absent:

  78.       - PUBLICKEY_TO_BE_REMOVED

  79.     # Generates an authorized_keys file for the user

  80.     # with the given keys

  81.     ssh_auth_file:

  82.       - PUBLICKEY

  83.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  84.     ssh_auth_pillar:

  85.       id_rsa: "ssh_keys"

  86.     # If you prefer to keep public keys as files rather

  87.     # than inline in pillar, this works.

  88.     ssh_auth_sources:

  89.       - salt://keys/buser.id_rsa.pub

  90.     ssh_auth_sources.absent:

  91.       - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED

  92.     # Manage the ~/.ssh/config file

  93.     ssh_known_hosts:

  94.       importanthost:

  95.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  96.     ssh_known_hosts.absent:

  97.       - notimportanthost

  98.     ssh_config:

  99.       all:

  100.         hostname: "*"

  101.         options:

  102.           - "StrictHostKeyChecking no"

  103.           - "UserKnownHostsFile=/dev/null"

  104.       importanthost:

  105.         hostname: "needcheck.example.com"

  106.         options:

  107.           - "StrictHostKeyChecking yes"

  108. 

  109.     # Using gitconfig without Git installed will result in an error

  110.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  111.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  112.     gitconfig:

  113.       user.name: B User

  114.       user.email: buser@example.com

  115.       "url.https://.insteadOf": "git://"

  116. 

  117.     google_2fa: True

  118.     google_auth:

  119.       ssh: |

  120.         SOMEGAUTHHASHVAL

  121.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  122.         " RATE_LIMIT 3 30 1415800560

  123.         " DISALLOW_REUSE 47193352

  124.         " TOTP_AUTH

  125.         11111111

  126.         22222222

  127.         33333333

  128.         44444444

  129.         55555555

  130.     # unique: True allows user to have non unique uid

  131.     unique: False

  132.     uid: 1001

  133. 

  134.     user_files:

  135.       enabled: True

  136.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  137.       # should be a salt fileserver path either with or without 'salt://'

  138.       # if not present, it defaults to 'salt://users/files/user/<username>

  139.       source: users/files/default

  140.       template: jinja

  141.       # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0

  142.       # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save

  143.       # execution bit for example.

  144.       file_mode: keep

  145.       sym_mode: 640

  146.       exclude_pat: "*.gitignore"

  147. 

  148.   ## Absent user

  149.   cuser:

  150.     absent: True

  151.     purge: True

  152.     force: True

  153. 

  154. 

  155. ## Old syntax of absent_users still supported

  156. absent_users:

  157.   - donald

  158.   - bad_guy