Defined Type: mcollective::user
- Defined in:
- manifests/user.pp
Overview
Define - mcollective::user
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# File 'manifests/user.pp', line 2
define mcollective::user(
$username = $name,
$callerid = $name,
$group = $name,
$homedir = "/home/${name}",
$certificate = undef,
$private_key = undef,
# duplication of $ssl_ca_cert, $ssl_server_public, $connector,
# $middleware_ssl, $middleware_hosts, and $securityprovider parameters to
# allow for spec testing. These are otherwise considered private.
$ssl_ca_cert = undef,
$ssl_server_public = undef,
$middleware_hosts = undef,
$middleware_ssl = undef,
$securityprovider = undef,
$connector = undef,
$ssl_ciphers = undef,
) {
if !defined(Class['::mcollective']) {
fail('You must include `::mcollective` before calling `::mcollective::user`')
}
$_middleware_ssl = pick_default($middleware_ssl, $::mcollective::middleware_ssl)
$_ssl_ca_cert = pick_default($ssl_ca_cert, $::mcollective::ssl_ca_cert)
$_ssl_server_public = pick_default($ssl_server_public, $::mcollective::ssl_server_public)
$_middleware_hosts = pick_default($middleware_hosts, $::mcollective::middleware_hosts)
$_securityprovider = pick_default($securityprovider, $::mcollective::securityprovider)
$_connector = pick_default($connector, $::mcollective::connector)
$_ssl_ciphers = pick_default($ssl_ciphers, $::mcollective::ssl_ciphers)
file { [
"${homedir}/.mcollective.d",
"${homedir}/.mcollective.d/credentials",
"${homedir}/.mcollective.d/credentials/certs",
"${homedir}/.mcollective.d/credentials/private_keys",
]:
ensure => 'directory',
owner => $username,
group => $group,
}
datacat { "mcollective::user ${username}":
path => "${homedir}/.mcollective",
collects => [ 'mcollective::user', 'mcollective::client' ],
owner => $username,
group => $group,
mode => '0400',
template => 'mcollective/settings.cfg.erb',
}
if $_middleware_ssl or $_securityprovider == 'ssl' {
file { "${homedir}/.mcollective.d/credentials/certs/ca.pem":
source => $_ssl_ca_cert,
owner => $username,
group => $group,
mode => '0444',
}
file { "${homedir}/.mcollective.d/credentials/certs/server_public.pem":
source => $_ssl_server_public,
owner => $username,
group => $group,
mode => '0444',
}
$private_path = "${homedir}/.mcollective.d/credentials/private_keys/${callerid}.pem"
file { $private_path:
source => $private_key,
owner => $username,
group => $group,
mode => '0400',
}
}
if $_securityprovider == 'ssl' {
file { "${homedir}/.mcollective.d/credentials/certs/${callerid}.pem":
source => $certificate,
owner => $username,
group => $group,
mode => '0444',
}
mcollective::user::setting { "${username}:plugin.ssl_client_public":
setting => 'plugin.ssl_client_public',
username => $username,
value => "${homedir}/.mcollective.d/credentials/certs/${callerid}.pem",
order => '60',
}
mcollective::user::setting { "${username}:plugin.ssl_client_private":
setting => 'plugin.ssl_client_private',
username => $username,
value => "${homedir}/.mcollective.d/credentials/private_keys/${callerid}.pem",
order => '60',
}
mcollective::user::setting { "${username}:plugin.ssl_server_public":
setting => 'plugin.ssl_server_public',
username => $username,
value => "${homedir}/.mcollective.d/credentials/certs/server_public.pem",
order => '60',
}
}
# This is specific to connector, but refers to the user's certs
if $_connector in [ 'activemq', 'rabbitmq' ] {
$pool_size = size(flatten([$_middleware_hosts]))
$hosts = range( '1', $pool_size )
$connectors = prefix( $hosts, "${username}_" )
mcollective::user::connector { $connectors:
username => $username,
callerid => $callerid,
homedir => $homedir,
connector => $_connector,
middleware_ssl => $_middleware_ssl,
ssl_ciphers => $_ssl_ciphers,
order => '60',
}
}
}
|