1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
import '*'
class accounts {
include users, groups
define admin ($comment = "User", $ensure = "present", $gid, $sshpubkey, $sshpubkey_comment, $uid ) {
$username = $name
file {
"/home/$username/.bashrc":
group => "$username",
mode => "640",
owner => "$username",
path => $kernel ? {
Linux => "/home/$username/.bashrc",
OpenBSD => "/home/$username/.profile"
},
require => User["$username"],
source => "puppet://$server/accounts/$username.bashrc",
}
group {
"$username":
ensure => "present",
gid => "$gid",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username",
}
user {
"$username":
comment => "$comment",
ensure => "$ensure",
gid => "$gid",
groups => "infrastructure",
home => "/home/$username",
managehome => "true",
password => "*",
require => [ Group["$username"], Group["infrastructure"] ],
shell => $kernel ? {
Linux => "/bin/bash",
OpenBSD => "/usr/local/bin/bash"
},
uid => "$uid",
}
}
define ssh_user (
$comment = "User",
$ensure = "present",
$gid,
$groups = "ssh_users",
$shell = "/bin/bash",
$sshpubkey,
$sshpubkey_comment,
$uid
) {
$username = $name
group {
"$username":
ensure => "present",
gid => "$gid",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username",
}
user {
"$username":
ensure => "$ensure",
uid => "$uid",
gid => "$gid",
comment => "$comment",
home => "/home/$username",
shell => "$shell",
groups => "$groups",
password => "*",
managehome => "true",
require => [ Group["$username"], Group["ssh_users"] ]
}
}
}
then you have user defs like:
@admin {
"guy":
comment => "Guy",
gid => "11111",
sshpubkey => 'longstringinsinglequoteshere',
sshpubkey_comment => 'guy@guyssite.com',
uid => "11111";
}
|
Pastie << self Blog
