3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# File 'manifests/ansible/user.pp', line 3
class psick::ansible::user (
Variant[Boolean,String] $ensure = pick($::psick::ansible::ensure, 'present'),
Optional[String] $password = undef,
Boolean $configure_sudo = true,
Boolean $run_ssh_keygen = true,
Boolean $manage = $::psick::manage,
Boolean $noop_manage = $::psick::noop_manage,
Boolean $noop_value = $::psick::noop_value,
) {
if $manage {
if $noop_manage {
noop($noop_value)
}
include ::psick::ansible
user { $::psick::ansible::user_name:
ensure => $ensure,
comment => 'Puppet managed ansible user',
managehome => true,
shell => '/bin/bash',
home => "/home/${::psick::ansible::user_name}",
password => $password,
}
$dir_ensure = ::tp::ensure2dir($ensure)
file { "/home/${::psick::ansible::user_name}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
owner => $::psick::ansible::user_name,
group => $::psick::ansible::user_name,
require => User[$::psick::ansible::user_name],
}
if $run_ssh_keygen and $::psick::ansible::is_master {
psick::openssh::keygen { $::psick::ansible::user_name:
require => File["/home/${::psick::ansible::user_name}/.ssh"],
}
psick::puppet::set_external_fact { 'ansible_user_key.sh':
template => 'psick/ansible/ansible_user_key.sh.erb',
mode => '0755',
}
}
if $configure_sudo {
file { "/etc/sudoers.d/${::psick::ansible::user_name}" :
ensure => file,
mode => '0440',
owner => 'root',
group => 'root',
content => "${::psick::ansible::user_name} ALL = NOPASSWD : ALL\n",
}
}
}
}
|