1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
import '*'
class accounts {
include users, groups
define admin (
$cell_number,
$cell_provider,
$comment = "$name",
$ensure_d = "present",
$gid,
$sshpubkey,
$sshpubkey_comment,
$uid
) {
$ensure = extlookup("user_${name}", "$ensure_d")
$username = $name
@@nagios_contact {
"$sshpubkey_comment":
alias => "$comment",
contact_name => "$name",
email => "${cell_number}@${cell_provider}",
ensure => "$ensure",
host_notification_commands => "notify-host-by-email",
host_notification_options => "d,r",
host_notification_period => "24x7",
notify => Exec["nagios-reload"],
require => File["/etc/nagios3/nagios.puppet.d/contacts.cfg"],
service_notification_commands => "notify-service-by-email",
service_notification_options => "w,c,r",
service_notification_period => "24x7",
target => "/etc/nagios3/nagios.puppet.d/contacts.cfg",
}
file {
"/home/$username/.bashrc":
group => "$username",
mode => "640",
owner => "$username",
path => $kernel ? {
Linux => "/home/$username/.bashrc",
OpenBSD => "/home/$username/.profile"
},
require => User["$username"],
source => "puppet://$server/accounts/$username.bashrc";
[ "/home/$username/working", "/home/$username/scratch",
"/home/$username/img", "/home/$username/rrd" ]:
ensure => "directory",
group => "$username",
mode => "640",
owner => "$username",
require => User["$username"];
}
group {
"$username":
ensure => "$ensure",
gid => "$gid",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username",
}
user {
"$username":
comment => "$comment",
ensure => "$ensure",
gid => "$gid",
groups => "infrastructure",
home => "/home/$username",
managehome => "true",
password => "*",
require => [ Group["$username"], Group["infrastructure"] ],
shell => $kernel ? {
Linux => "/bin/bash",
OpenBSD => "/usr/local/bin/bash"
},
uid => "$uid",
}
}
define ssh_user (
$comment = "User",
$ensure_d = "present",
$gid,
$groups = "ssh_users",
$shell = "/bin/bash",
$sshpubkey,
$sshpubkey_comment,
$uid
) {
$ensure = extlookup("user_${name}", "$ensure_d")
$username = $name
group {
"$username":
ensure => "$ensure",
gid => "$gid",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username",
}
user {
"$username":
ensure => "$ensure",
uid => "$uid",
gid => "$gid",
comment => "$comment",
home => "/home/$username",
shell => "$shell",
groups => "$groups",
password => "*",
managehome => "true",
require => [ Group["$username"], Group["ssh_users"] ]
}
}
}
|
Pastie << self Blog
