3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# File 'manifests/bolt/node.pp', line 3
class psick::bolt::node (
Variant[Boolean,String] $ensure = pick($::psick::bolt::ensure, 'present'),
Optional[String] $user_password = undef,
Optional[String] $user_home = undef,
Boolean $create_ssh_user = true,
Boolean $configure_sudo = true,
String $sudo_template = 'psick/bolt/user/sudo.erb',
) {
$dir_ensure = ::tp::ensure2dir($ensure)
include ::psick::bolt
$user_home_dir = $user_home ? {
undef => $::psick::bolt::ssh_user ? {
root => '/root',
default => "/home/${::psick::bolt::ssh_user}",
},
default => $user_home
}
if $create_ssh_user {
user { $::psick::bolt::ssh_user:
ensure => $ensure,
comment => 'Puppet managed user for bolt access',
managehome => true,
shell => '/bin/bash',
home => $user_home_dir,
password => $user_password,
}
file { "${user_home_dir}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
owner => $::psick::bolt::ssh_user,
group => $::psick::bolt::ssh_user,
require => User[$::psick::bolt::ssh_user],
}
}
if $configure_sudo {
file { "/etc/sudoers.d/${::psick::bolt::ssh_user}" :
ensure => file,
mode => '0440',
owner => 'root',
group => 'root',
content => template($sudo_template),
}
}
if $::psick::bolt::keyshare_method == 'storeconfigs' {
@@sshkey { "bolt_${::fqdn}_rsa":
ensure => $ensure,
host_aliases => [ $::fqdn, $::hostname, $::ipaddress ],
type => 'ssh-rsa',
key => $::sshrsakey,
tag => "bolt_node_${::psick::bolt::master}_rsa"
}
# Authorize master host bolt user ssh key for remote connection
Ssh_authorized_key <<| tag == "bolt_master_${::psick::bolt::master}_${::psick::bolt::bolt_user}" |>>
}
if $::psick::bolt::keyshare_method == 'static' {
ssh_authorized_key { "bolt_user_${::psick::bolt::ssh_user}_rsa-${::psick::bolt::bolt_user_pub_key}":
ensure => $ensure,
key => $::psick::bolt::bolt_user_pub_key,
user => $::psick::bolt::ssh_user,
type => 'rsa',
}
}
}
|