Просмотр исходного кода
Merge branch 'master' of https://github.com/saltstack-formulas/users-formula
lookup-fix-3
Karsten Kosmala
8 лет назад
7 измененных файлов: 54 добавлений и 31 удалений
+ 8
- 8
README.rst
Просмотреть файл
| @@ -19,7 +19,7 @@ Available states | |||
| ``users`` | |||
| --------- | |||
| Configure a user's home directory, group, the user itself, secondary groups, | |||
| Configures a user's home directory, group, the user itself, secondary groups, | |||
| and associated keys. Also configures sudo access, and absent users. | |||
| ``users.sudo`` | |||
| @@ -31,21 +31,21 @@ is configured. | |||
| ``users.bashrc`` | |||
| ---------------- | |||
| Ensures the bashrc file exists in the users home directory. Set manage_bashrc: | |||
| True in pillar per user. Defaults to False | |||
| Ensures the bashrc file exists in the users home directory. Sets 'manage_bashrc: | |||
| True' in pillar per user. Defaults to False. | |||
| ``users.profile`` | |||
| ---------------- | |||
| Ensures the profile file exists in the users home directory. Set manage_profile: | |||
| True in pillar per user. Defaults to False | |||
| Ensures the profile file exists in the users home directory. Sets 'manage_profile: | |||
| True' in pillar per user. Defaults to False. | |||
| ``users.vimrc`` | |||
| --------------- | |||
| Ensures the vimrc file exists in the users home directory. Set manage_vimrc: | |||
| True in pillar per user. Defaults to False | |||
| This depends on the vim-formula to be installed | |||
| Ensures the vimrc file exists in the users home directory. Sets 'manage_vimrc: | |||
| True' in pillar per user. Defaults to False. | |||
| This depends on the vim-formula to be installed. | |||
| ``users.user_files`` | |||
| --------------- | |||
+ 6
- 0
pillar.example
Просмотреть файл
| @@ -11,9 +11,11 @@ users: | |||
| # WARNING: If 'empty_password' is set to True, the 'password' statement | |||
| # will be ignored by enabling password-less login for the user. | |||
| empty_password: False | |||
| system: False | |||
| home: /custom/buser | |||
| homedir_owner: buser | |||
| homedir_group: primarygroup | |||
| user_dir_mode: 750 | |||
| createhome: True | |||
| roomnumber: "A-1" | |||
| workphone: "(555) 555-5555" | |||
| @@ -36,11 +38,15 @@ users: | |||
| sudo_defaults: | |||
| - '!requiretty' | |||
| shell: /bin/bash | |||
| remove_groups: False | |||
| prime_group: | |||
| name: primarygroup | |||
| gid: 500 | |||
| groups: | |||
| - users | |||
| optional_groups: | |||
| - some_groups_that_might | |||
| - not_exist_on_all_minions | |||
| ssh_key_type: rsa | |||
| # You can inline the private keys ... | |||
| ssh_keys: | |||
+ 2
- 1
users/bashrc.sls
Просмотреть файл
| @@ -3,10 +3,11 @@ include: | |||
| - users | |||
| {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} | |||
| {%- set current = salt.user.info(name) -%} | |||
| {%- if user == None -%} | |||
| {%- set user = {} -%} | |||
| {%- endif -%} | |||
| {%- set home = user.get('home', "/home/%s" % name) -%} | |||
| {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} | |||
| {%- set manage = user.get('manage_bashrc', False) -%} | |||
| {%- if 'prime_group' in user and 'name' in user['prime_group'] %} | |||
| {%- set user_group = user.prime_group.name -%} | |||
+ 32
- 19
users/init.sls
Просмотреть файл
| @@ -38,7 +38,8 @@ include: | |||
| {%- if user == None -%} | |||
| {%- set user = {} -%} | |||
| {%- endif -%} | |||
| {%- set home = user.get('home', "/home/%s" % name) -%} | |||
| {%- set current = salt.user.info(name) -%} | |||
| {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} | |||
| {%- if 'prime_group' in user and 'name' in user['prime_group'] %} | |||
| {%- set user_group = user.prime_group.name -%} | |||
| @@ -73,10 +74,13 @@ users_{{ name }}_user: | |||
| {%- elif 'uid' in user %} | |||
| - gid: {{ user['uid'] }} | |||
| {%- endif %} | |||
| {% if 'system' in user and user['system'] %} | |||
| - system: True | |||
| {% endif %} | |||
| user.present: | |||
| - name: {{ name }} | |||
| - home: {{ home }} | |||
| - shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }} | |||
| - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }} | |||
| {% if 'uid' in user -%} | |||
| - uid: {{ user['uid'] }} | |||
| {% endif -%} | |||
| @@ -131,6 +135,12 @@ users_{{ name }}_user: | |||
| {% for group in user.get('groups', []) -%} | |||
| - {{ group }} | |||
| {% endfor %} | |||
| {% if 'optional_groups' in user %} | |||
| - optional_groups: | |||
| {% for optional_group in user['optional_groups'] -%} | |||
| - {{optional_group}} | |||
| {% endfor %} | |||
| {% endif %} | |||
| - require: | |||
| - group: {{ user_group }} | |||
| {% for group in user.get('groups', []) -%} | |||
| @@ -146,7 +156,7 @@ users_{{ name }}_user: | |||
| 'ssh_config' in user %} | |||
| user_keydir_{{ name }}: | |||
| file.directory: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh | |||
| - name: {{ home }}/.ssh | |||
| - user: {{ name }} | |||
| - group: {{ user_group }} | |||
| - makedirs: True | |||
| @@ -163,8 +173,7 @@ user_keydir_{{ name }}: | |||
| {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} | |||
| users_user_{{ name }}_private_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', | |||
| '/home/{0}'.format(name)) }}/.ssh/{{ key_type }} | |||
| - name: {{ home }}/.ssh/{{ key_type }} | |||
| - user: {{ name }} | |||
| - group: {{ user_group }} | |||
| - mode: 600 | |||
| @@ -177,8 +186,7 @@ users_user_{{ name }}_private_key: | |||
| {% endfor %} | |||
| users_user_{{ name }}_public_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', | |||
| '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub | |||
| - name: {{ home }}/.ssh/{{ key_type }}.pub | |||
| - user: {{ name }} | |||
| - group: {{ user_group }} | |||
| - mode: 644 | |||
| @@ -204,9 +212,8 @@ users_authorized_keys_{{ name }}: | |||
| {{ auth }} | |||
| {% endfor -%} | |||
| {% else %} | |||
| - contents: | | |||
| {%- for key_name, pillar_name in user['ssh_auth_pillar'].iteritems() %} | |||
| {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} | |||
| {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} | |||
| - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey | |||
| {%- endfor %} | |||
| {% endif %} | |||
| {% endif %} | |||
| @@ -218,7 +225,7 @@ users_ssh_auth_{{ name }}_{{ loop.index0 }}: | |||
| - user: {{ name }} | |||
| - name: {{ auth }} | |||
| - require: | |||
| - file: users_{{ name }}_user | |||
| - file: user_keydir_{{ name }} | |||
| - user: users_{{ name }}_user | |||
| {% endfor %} | |||
| {% endif %} | |||
| @@ -227,8 +234,7 @@ users_ssh_auth_{{ name }}_{{ loop.index0 }}: | |||
| {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %} | |||
| user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', | |||
| '/home/{0}'.format(name)) }}/.ssh/{{ key_name }} | |||
| - name: {{ home }}/.ssh/{{ key_name }} | |||
| - user: {{ name }} | |||
| - group: {{ user_group }} | |||
| - mode: 600 | |||
| @@ -241,8 +247,7 @@ user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key: | |||
| {% endfor %} | |||
| user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', | |||
| '/home/{0}'.format(name)) }}/.ssh/{{ key_name }}.pub | |||
| - name: {{ home }}/.ssh/{{ key_name }}.pub | |||
| - user: {{ name }} | |||
| - group: {{ user_group }} | |||
| - mode: 644 | |||
| @@ -336,6 +341,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}: | |||
| users_sudoer-{{ name }}: | |||
| file.managed: | |||
| - replace: False | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| - user: root | |||
| - group: {{ users.root_group }} | |||
| @@ -374,6 +380,7 @@ users_sudoer-{{ name }}: | |||
| users_{{ users.sudoers_dir }}/{{ name }}: | |||
| file.managed: | |||
| - replace: True | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| - contents: | | |||
| {%- if 'sudo_defaults' in user %} | |||
| @@ -382,6 +389,11 @@ users_{{ users.sudoers_dir }}/{{ name }}: | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {%- if 'sudo_rules' in user %} | |||
| ######################################################################## | |||
| # File managed by Salt (users-formula). | |||
| # Your changes will be overwritten. | |||
| ######################################################################## | |||
| # | |||
| {%- for rule in user['sudo_rules'] %} | |||
| {{ name }} {{ rule }} | |||
| {%- endfor %} | |||
| @@ -389,10 +401,10 @@ users_{{ users.sudoers_dir }}/{{ name }}: | |||
| - require: | |||
| - file: users_sudoer-defaults | |||
| - file: users_sudoer-{{ name }} | |||
| cmd.wait: | |||
| cmd.wait: | |||
| - name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 ) | |||
| - watch: | |||
| - file: {{ users.sudoers_dir }}/{{ name }} | |||
| - watch: | |||
| - file: {{ users.sudoers_dir }}/{{ name }} | |||
| {% endif %} | |||
| {% else %} | |||
| users_{{ users.sudoers_dir }}/{{ name }}: | |||
| @@ -466,7 +478,8 @@ users_{{ users.sudoers_dir }}/{{ name }}: | |||
| {% for user in pillar.get('absent_users', []) %} | |||
| users_absent_user_2_{{ user }}: | |||
| user.absent | |||
| user.absent: | |||
| - name: {{ name }} | |||
| users_2_{{ users.sudoers_dir }}/{{ user }}: | |||
| file.absent: | |||
| - name: {{ users.sudoers_dir }}/{{ user }} | |||
+ 2
- 1
users/profile.sls
Просмотреть файл
| @@ -3,10 +3,11 @@ include: | |||
| - users | |||
| {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} | |||
| {%- set current = salt.user.info(name) -%} | |||
| {%- if user == None -%} | |||
| {%- set user = {} -%} | |||
| {%- endif -%} | |||
| {%- set home = user.get('home', "/home/%s" % name) -%} | |||
| {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} | |||
| {%- set manage = user.get('manage_profile', False) -%} | |||
| {%- if 'prime_group' in user and 'name' in user['prime_group'] %} | |||
| {%- set user_group = user.prime_group.name -%} | |||
+ 2
- 1
users/user_files.sls
Просмотреть файл
| @@ -5,9 +5,10 @@ include: | |||
| {% set userfile_dirs = salt['cp.list_master_dirs'](prefix='users/files/user/') -%} | |||
| {%- for username, user in salt['pillar.get']('users', {}).items() if (user.absent is not defined or not user.absent) -%} | |||
| {%- set current = salt.user.info(username) -%} | |||
| {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} | |||
| {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} | |||
| {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), '/home/' ~ username ) -%} | |||
| {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} | |||
| {%- if user_files.enabled -%} | |||
| {%- if user_files.source is defined -%} | |||
+ 2
- 1
users/vimrc.sls
Просмотреть файл
| @@ -4,10 +4,11 @@ include: | |||
| - vim | |||
| {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} | |||
| {%- set current = salt.user.info(name) -%} | |||
| {%- if user == None -%} | |||
| {%- set user = {} -%} | |||
| {%- endif -%} | |||
| {%- set home = user.get('home', "/home/%s" % name) -%} | |||
| {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} | |||
| {%- set manage = user.get('manage_vimrc', False) -%} | |||
| {%- if 'prime_group' in user and 'name' in user['prime_group'] %} | |||
| {%- set user_group = user.prime_group.name -%} | |||
Загрузка…