Puppet Class: sudo

Inherits:
sudo::params
Defined in:
manifests/init.pp

Overview

Class: sudo

This module manages sudo

Parameters:

[*ensure*]
  Ensure if present or absent.
  Default: present

[*package*]
  Name of the package.
  Only set this, if your platform is not supported or you know,
  what you're doing.
  Default: auto-set, platform specific

[*package_ensure*]
  Allows you to ensure a particular version of a package
  Default: present / lastest for RHEL < 5.5

[*package_source*]
  Where to find the package.  Only set this on AIX (required) and
  Solaris (required) or if your platform is not supported or you
  know, what you're doing.

  The default for aix is the perzl sudo package. For solaris 10 we
  use the official www.sudo.ws binary package.

  Default: AIX: perzl.org
           Solaris: www.sudo.ws

[*package_admin_file*]
  Where to find a Solaris 10 package admin file for
  an unattended installation. We do not supply a default file, so
  this has to be staged separately

  Only set this on Solaris 10 (required)
  Default: /var/sadm/install/admin/puppet

[*purge*]
  Whether or not to purge sudoers.d directory
  Default: true

[*purge_ignore*]
  Files to exclude from purging in sudoers.d directory
  Default: undef

[*config_file*]
  Main configuration file.
  Only set this, if your platform is not supported or you know,
  what you're doing.
  Default: auto-set, platform specific

[*config_file_replace*]
  Replace configuration file with that one delivered with this module
  Default: true

[*config_dir*]
  Main configuration directory
  Only set this, if your platform is not supported or you know,
  what you're doing.
  Default: auto-set, platform specific

[*source*]
  Alternate source file location
  Only set this, if your platform is not supported or you know,
  what you're doing.
  Default: auto-set, platform specific

[*ldap_enable*]
  Enable ldap support on the package
  Default: false

Actions:

Installs sudo package and checks the state of sudoers file and
sudoers.d directory.

Requires:

Nothing

Sample Usage:

class { 'sudo': }
Remember: No empty lines between comments and class definition

Parameters:

  • enable (Any) (defaults to: true)
  • package_default (Any) (defaults to: $sudo::params::package)
  • package_ldap (Any) (defaults to: $sudo::params::package_ldap)
  • package_ensure (Any) (defaults to: $sudo::params::package_ensure)
  • package_source (Any) (defaults to: $sudo::params::package_source)
  • package_admin_file (Any) (defaults to: $sudo::params::package_admin_file)
  • purge (Any) (defaults to: true)
  • purge_ignore (Any) (defaults to: undef)
  • config_file (Any) (defaults to: $sudo::params::config_file)
  • config_file_replace (Any) (defaults to: true)
  • config_dir (Any) (defaults to: $sudo::params::config_dir)
  • source (Any) (defaults to: $sudo::params::source)
  • ldap_enable (Any) (defaults to: false) 


84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'manifests/init.pp', line 84

class sudo(
  $enable              = true,
  $package_default     = $sudo::params::package,
  $package_ldap        = $sudo::params::package_ldap,
  $package_ensure      = $sudo::params::package_ensure,
  $package_source      = $sudo::params::package_source,
  $package_admin_file  = $sudo::params::package_admin_file,
  $purge               = true,
  $purge_ignore        = undef,
  $config_file         = $sudo::params::config_file,
  $config_file_replace = true,
  $config_dir          = $sudo::params::config_dir,
  $source              = $sudo::params::source,
  $ldap_enable         = false,
) inherits sudo::params {


  validate_bool($enable)
  case $enable {
    true: {
      $dir_ensure  = 'directory'
      $file_ensure = 'present'
    }
    false: {
      $dir_ensure  = 'absent'
      $file_ensure = 'absent'
    }
    default: { fail('no $enable is set') }
  }

  validate_bool($ldap_enable)
  case $ldap_enable {
    true: {
      if $package_ldap == undef {
        fail('on your os ldap support for sudo is not yet supported')
      }
      $package = $package_ldap
    }
    false: {
      $package = $package_default
    }
    default: { fail('no $ldap_enable is set') }
  }


  class { '::sudo::package':
    package            => $package,
    package_ensure     => $package_ensure,
    package_source     => $package_source,
    package_admin_file => $package_admin_file,
    ldap_enable        => $ldap_enable,
  }

  file { $config_file:
    ensure  => $file_ensure,
    owner   => 'root',
    group   => $sudo::params::config_file_group,
    mode    => '0440',
    replace => $config_file_replace,
    source  => $source,
    require => Class['sudo::package'],
  }

  file { $config_dir:
    ensure  => $dir_ensure,
    owner   => 'root',
    group   => $sudo::params::config_file_group,
    mode    => '0550',
    recurse => $purge,
    purge   => $purge,
    ignore  => $purge_ignore,
    require => Class['sudo::package'],
  }

  if $config_file_replace == false and $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' {
    augeas { 'includedirsudoers':
      changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'],
      incl    => $config_file,
      lens    => 'Sudoers.lns',
    }
  }

  # Load the Hiera based sudoer configuration (if enabled and present)
  #
  # NOTE: We must use 'include' here to avoid circular dependencies with
  #     sudo::conf
  #
  # NOTE: There is no way to detect the existence of hiera. This automatic
  #   functionality is therefore made exclusive to Puppet 3+ (hiera is embedded)
  #   in order to preserve backwards compatibility.
  #
  #   http://projects.puppetlabs.com/issues/12345
  #
  if (versioncmp($::puppetversion, '3') != -1) {
    include '::sudo::configs'
  }

  anchor { 'sudo::begin': } ->
  Class['sudo::package']    ->
  anchor { 'sudo::end': }
}