Saltstack Official Users Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

11 роки тому
11 роки тому
10 роки тому
10 роки тому
8 роки тому
6 роки тому
7 роки тому
11 роки тому
9 роки тому
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
  1. users-formula:
  2. lookup: # override the defauls in map.jinja
  3. root_group: root
  4. users:
  5. ## Minimal required pillar values
  6. auser:
  7. fullname: A User
  8. ## Full list of pillar values
  9. buser:
  10. fullname: B User
  11. password: $6$w.............
  12. enforce_password: True
  13. # WARNING: If 'empty_password' is set to True, the 'password' statement
  14. # will be ignored by enabling password-less login for the user.
  15. empty_password: False
  16. hash_password: False
  17. system: False
  18. home: /custom/buser
  19. homedir_owner: buser
  20. homedir_group: primarygroup
  21. user_dir_mode: 750
  22. createhome: True
  23. roomnumber: "A-1"
  24. workphone: "(555) 555-5555"
  25. homephone: "(555) 555-5551"
  26. manage_vimrc: False
  27. manage_bashrc: False
  28. manage_profile: False
  29. expire: 16426
  30. # Disables user management except sudo rules.
  31. # Useful for setting sudo rules for system accounts created by package instalation
  32. sudoonly: False
  33. sudouser: True
  34. # sudo_rules doesn't need the username as a prefix for the rule
  35. # this is added automatically by the formula.
  36. # ----------------------------------------------------------------------
  37. # In case your sudo_rules have a colon please have in mind to not leave
  38. # spaces around it. For example:
  39. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  40. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  41. sudo_rules:
  42. - ALL=(root) /usr/bin/find
  43. - ALL=(otheruser) /usr/bin/script.sh
  44. sudo_defaults:
  45. - '!requiretty'
  46. shell: /bin/bash
  47. remove_groups: False
  48. prime_group:
  49. name: primarygroup
  50. gid: 500
  51. groups:
  52. - users
  53. optional_groups:
  54. - some_groups_that_might
  55. - not_exist_on_all_minions
  56. ssh_key_type: rsa
  57. # You can inline the private keys ...
  58. ssh_keys:
  59. privkey: PRIVATEKEY
  60. pubkey: PUBLICKEY
  61. # or you can provide path to key on Salt fileserver
  62. privkey: salt://path_to_PRIVATEKEY
  63. pubkey: salt://path_to_PUBLICKEY
  64. # you can provide multiple keys, the keyname is taken as filename
  65. # make sure your public keys suffix is .pub
  66. foobar: PRIVATEKEY
  67. foobar.pub: PUBLICKEY
  68. # ... or you can pull them from a different pillar,
  69. # for example one called "ssh_keys":
  70. ssh_keys_pillar:
  71. id_rsa: "ssh_keys"
  72. another_key_pair: "ssh_keys"
  73. ssh_auth:
  74. - PUBLICKEY
  75. ssh_auth.absent:
  76. - PUBLICKEY_TO_BE_REMOVED
  77. # Generates an authorized_keys file for the user
  78. # with the given keys
  79. ssh_auth_file:
  80. - PUBLICKEY
  81. # ... or you can pull them from a different pillar similar to ssh_keys_pillar
  82. ssh_auth_pillar:
  83. id_rsa: "ssh_keys"
  84. # If you prefer to keep public keys as files rather
  85. # than inline in pillar, this works.
  86. ssh_auth_sources:
  87. - salt://keys/buser.id_rsa.pub
  88. ssh_auth_sources.absent:
  89. - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED
  90. # Manage the ~/.ssh/config file
  91. ssh_known_hosts:
  92. importanthost:
  93. fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
  94. ssh_known_hosts.absent:
  95. - notimportanthost
  96. ssh_config:
  97. all:
  98. hostname: "*"
  99. options:
  100. - "StrictHostKeyChecking no"
  101. - "UserKnownHostsFile=/dev/null"
  102. importanthost:
  103. hostname: "needcheck.example.com"
  104. options:
  105. - "StrictHostKeyChecking yes"
  106. # Using gitconfig without Git installed will result in an error
  107. # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
  108. # This state module now requires git 1.6.5 (released 10 October 2009) or newer.
  109. gitconfig:
  110. user.name: B User
  111. user.email: buser@example.com
  112. "url.https://.insteadOf": "git://"
  113. google_2fa: True
  114. google_auth:
  115. ssh: |
  116. SOMEGAUTHHASHVAL
  117. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  118. " RATE_LIMIT 3 30 1415800560
  119. " DISALLOW_REUSE 47193352
  120. " TOTP_AUTH
  121. 11111111
  122. 22222222
  123. 33333333
  124. 44444444
  125. 55555555
  126. # unique: True allows user to have non unique uid
  127. unique: False
  128. uid: 1001
  129. user_files:
  130. enabled: True
  131. # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
  132. # should be a salt fileserver path either with or without 'salt://'
  133. # if not present, it defaults to 'salt://users/files/user/<username>
  134. source: users/files/default
  135. template: jinja
  136. # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0
  137. # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save
  138. # execution bit for example.
  139. file_mode: keep
  140. sym_mode: 640
  141. exclude_pat: "*.gitignore"
  142. ## Absent user
  143. cuser:
  144. absent: True
  145. purge: True
  146. force: True
  147. ## Old syntax of absent_users still supported
  148. absent_users:
  149. - donald
  150. - bad_guy