Puppet Class: sssd::service::sudo

Defined in:
manifests/service/sudo.pp

Overview

This class sets up the [sudo] section of /etc/sssd.conf.

The class parameters map directly to SSSD configuration. Full documentation of these configuration options can be found in the sssd.conf(5) man page.

Parameters:

  • description (Optional[String]) (defaults to: undef)
  • debug_level (Optional[Sssd::Debuglevel]) (defaults to: undef)
  • debug_timestamps (Boolean) (defaults to: true)
  • debug_microseconds (Boolean) (defaults to: false)
  • sudo_threshold (Integer[1]) (defaults to: 50)
  • sudo_timed (Boolean) (defaults to: false)
  • custom_options (Optional[Hash]) (defaults to: undef)

    If defined, this hash will be used to create the service section instead of the parameters. You must provide all options in the section you want to add. Each entry in the hash will be added as a simple init pair key = value under the section in the sssd.conf file. No error checking will be performed.

Author:



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'manifests/service/sudo.pp', line 25

class sssd::service::sudo (
  Optional[String]            $description        = undef,
  Optional[Sssd::Debuglevel]  $debug_level        = undef,
  Boolean                     $debug_timestamps   = true,
  Boolean                     $debug_microseconds = false,
  Boolean                     $sudo_timed         = false,
  Integer[1]                  $sudo_threshold     = 50,
  Optional[Hash]              $custom_options     = undef

) {
  if $custom_options {
    $_content = epp("${module_name}/service/custom_options.epp", {
        'service_name' => 'sudo',
        'options'      => $custom_options
      })
  } else {
    $_content = template("${module_name}/service/sudo.erb")
  }

  sssd::config::entry { 'puppet_service_sudo':
    content => $_content
  }

  $_override_content = @(END)
    # This is required due to the permissions on /var/lib/sss/db/config.ldb
    # This may be a regression in sssd
    [Service]
    ExecStartPre=-/bin/touch /var/log/sssd/sssd_sudo.log
    ExecStartPre=-/bin/chown sssd:sssd /var/log/sssd/sssd_sudo.log
    User=root
    Group=root
    | END

  systemd::dropin_file { '00_sssd_sudo_user_group.conf':
    unit                    => 'sssd-sudo.service',
    content                 => $_override_content,
    selinux_ignore_defaults => true
  }

  service { 'sssd-sudo.socket':
    enable  => true,
    require => [
      Sssd::Config::Entry['puppet_service_sudo'],
      Systemd::Dropin_file['00_sssd_sudo_user_group.conf']
    ],
    notify  => Class["${module_name}::service"]
  }
}