Puppet Class: psick::bolt::node

Defined in:
manifests/bolt/node.pp

Summary

Manages bolt configurations on target nodes

Overview

Parameters:

  • ensure (Variant[Boolean,String]) (defaults to: pick($psick::bolt::ensure, 'present'))
  • user_password (Optional[String]) (defaults to: undef)
  • user_home (Optional[String]) (defaults to: undef)
  • create_ssh_user (Boolean) (defaults to: true)
  • configure_sudo (Boolean) (defaults to: true)
  • sudo_template (String) (defaults to: 'psick/bolt/user/sudo.erb')
  • manage_host_key (Boolean) (defaults to: $psick::bolt::manage_host_key)
  • manage_ssh_dir (Boolean) (defaults to: true)
  • manage (Boolean) (defaults to: $psick::manage)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'manifests/bolt/node.pp', line 3

class psick::bolt::node (
  Variant[Boolean,String] $ensure          = pick($psick::bolt::ensure, 'present'),
  Optional[String]        $user_password   = undef,
  Optional[String]        $user_home       = undef,
  Boolean                 $create_ssh_user = true,
  Boolean                 $configure_sudo  = true,
  String                  $sudo_template   = 'psick/bolt/user/sudo.erb',

  Boolean                 $manage_host_key = $psick::bolt::manage_host_key,
  Boolean                 $manage_ssh_dir  = true,

  Boolean            $manage               = $psick::manage,
  Boolean            $noop_manage          = $psick::noop_manage,
  Boolean            $noop_value           = $psick::noop_value,
) {
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }

    $dir_ensure = ::tp::ensure2dir($ensure)

    include psick::bolt

    $user_home_dir = $user_home ? {
      undef   => $psick::bolt::ssh_user ? {
        'root'    => '/root',
        default => "/home/${psick::bolt::ssh_user}",
      },
      default => $user_home
    }

    if $create_ssh_user {
      user { $psick::bolt::ssh_user:
        ensure     => $ensure,
        comment    => 'Puppet managed user for bolt access',
        managehome => true,
        shell      => '/bin/bash',
        home       => $user_home_dir,
        password   => $user_password,
      }

      if $manage_ssh_dir {
        file { "${user_home_dir}/.ssh" :
          ensure  => $dir_ensure,
          mode    => '0700',
          owner   => $psick::bolt::ssh_user,
          group   => $psick::bolt::ssh_group,
          require => User[$psick::bolt::ssh_user],
        }
      }
    }

    if $configure_sudo {
      file { "/etc/sudoers.d/${psick::bolt::ssh_user}" :
        ensure  => file,
        mode    => '0440',
        owner   => 'root',
        group   => 'root',
        content => template($sudo_template),
      }
    }

    if $psick::bolt::keyshare_method == 'storeconfigs' {
      if $manage_host_key {
        @@sshkey { "bolt_${facts['networking']['fqdn']}_rsa":
          ensure       => $ensure,
          host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
          type         => 'ssh-rsa',
          key          => $facts['ssh']['rsa']['key'],
          tag          => "bolt_node_${psick::bolt::master}_rsa",
        }
      }
      # Authorize master host bolt user ssh key for remote connection
      Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>>
    }
    if $psick::bolt::keyshare_method == 'static' {
      ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::master}":
        ensure  => $ensure,
        key     => $psick::bolt::bolt_user_pub_key,
        user    => $psick::bolt::ssh_user,
        type    => $psick::bolt::ssh_key_type,
        options => $psick::bolt::ssh_auth_key_options,
      }
    }
  }
}