Commit d7da2949 authored by Francesco Gionghi's avatar Francesco Gionghi
Browse files

create user, fsperm and sudo service

parents
In ~osmap.yaml~ there are datas regarding an entire OS (ubuntu, Fedora ec..)
In ~osfingermap.yaml~ it's possible to specify data about a specifc version of an os (ubuntu 18.04/20.04).
* SSSD
~sssd~ apply ~sssd.config~, ~sssd.join~, ~sssd.package~
* SSSD.package
It will install ~realmd~ and ~sssd~ as said in ~osmpap.yaml>config.packages~.
* SSSD.join
It will run the ~realm join~ command with its parameter
* SSSD.config
It will transfer the krb5 and sssd config files
* SSSD.reset
It will:
- run ~realm leave~
- delete the config files
- delete ~/var/lib/sss/~ files
- stop sssd service
- delete ~sss~ string from /etc/nsswitch.conf
{#- Get the `tplroot` from `tpldir` #}
{%- set fbkusersroot = slspath.split('/')[0] %}
{%- from fbkusersroot ~ "/map.jinja" import fbkusers with context %}
{% if pillar.fbkusers is defined %}
{% for user in fbkusers.items() %}
{{ user }}-group:
group.present:
- name: {{ user }}
{{ user }}-user:
user.present:
- name: {{ user }}
- shell: /bin/bash
- gid: {{ user }}
{% endfor %}
{% else %}
fbkusers-pillar-not-defined:
test.nop
{% endif %}
\ No newline at end of file
include:
- .createuser
\ No newline at end of file
fbkusers: {}
\ No newline at end of file
Cmnd_Alias {% filter upper %}{{ service | replace('-', '')}}{% endfilter %}CMD = {{ servicecmd }} stop {{ service }}, {{ servicecmd }} start {{ service }}, {{ servicecmd }} restart {{ service }}, {{ servicecmd }} status {{ service }}, {{ servicecmd }} enable {{ service }}, {{ servicecmd }} disable {{ service }}
\ No newline at end of file
{{ user }} ALL = NOPASSWD: {% filter upper %}{{ service | replace('-', '')}}{% endfilter %}CMD
\ No newline at end of file
{#- Get the `tplroot` from `tpldir` #}
{%- set fbkusersroot = slspath.split('/')[0] %}
{%- from fbkusersroot ~ "/map.jinja" import fbkusers with context %}
{% if pillar.fbkusers is defined %}
{% for user, options in fbkusers.items() %}
{% if options["fsperm"] %}
{% for dir in options["fsperm"] %}
{{ dir }}-{{ user }}:
acl.present:
- name: {{ dir }}
- acl_type: user
- acl_name: {{ user }}
- perms: rwx
- recurse: True
{% endif %}
{% endfor %}
include:
- .fsperm
\ No newline at end of file
include:
- .createuser
- .fsperm
- .sudoservice
\ No newline at end of file
# -*- coding: utf-8 -*-
# vim: ft=jinja
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{#- Start imports as #}
{%- import_yaml tplroot ~ "/defaults.yaml" as default_settings %}
{%- import_yaml tplroot ~ "/osarchmap.yaml" as osarchmap %}
{%- import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %}
{%- import_yaml tplroot ~ "/osmap.yaml" as osmap %}
{%- import_yaml tplroot ~ "/osfingermap.yaml" as osfingermap %}
{#- Retrieve the config dict only once #}
{%- set _config = salt['config.get'](tplroot, default={}) %}
{%- set defaults = salt['grains.filter_by'](
default_settings,
default=tplroot,
merge=salt['grains.filter_by'](
osarchmap,
grain='osarch',
merge=salt['grains.filter_by'](
osfamilymap,
grain='os_family',
merge=salt['grains.filter_by'](
osmap,
grain='os',
merge=salt['grains.filter_by'](
osfingermap,
grain='osfinger',
merge=salt['grains.filter_by'](
_config,
default='lookup'
)
)
)
)
)
)
%}
{%- set config = salt['grains.filter_by'](
{'defaults': defaults},
default='defaults',
merge=_config
)
%}
{%- set fbkusers = config %}
---
amd64:
arch: amd64
x86_64:
arch: amd64
386:
arch: 386
arm64:
arch: arm64
armv6l:
arch: armv6l
armv7l:
arch: armv7l
ppc64le:
arch: ppc64le
s390x:
arch: s390x
\ No newline at end of file
Debian: {}
RedHat: {}
Suse: {}
Gentoo: {}
Arch: {}
Alpine: {}
FreeBSD: {}
OpenBSD: {}
Solaris: {}
Windows: {}
MacOS: {}
\ No newline at end of file
Debian-10: {}
Debian-9: {}
Debian-8: {}
# os: Ubuntu
Ubuntu-18.04: {}
Ubuntu-20.04: {}
Ubuntu-16.04: {}
# os: Fedora
Fedora-31: {}
Fedora-30: {}
# os: CentOS
CentOS Linux-8: {}
CentOS Linux-7: {}
CentOS-6: {}
# os: Amazon
Amazon Linux-2: {}
Amazon Linux AMI-2018: {}
# os: SUSE
Leap-15: {}
# os: FreeBSD
FreeBSD-12: {}
# os: Windows
Windows-8.1: {}
# os: Gentoo
Gentoo-2: {}
\ No newline at end of file
# os_family: Debian
Ubuntu:
systemctl: /usr/bin/systemctl
# os_family: RedHat
Fedora: {}
CentOS: {}
Amazon: {}
# os_family: Suse
SUSE: {}
openSUSE: {}
# os_family: Gentoo
Funtoo: {}
# os_family: Arch
Manjaro: {}
# os_family: Solaris
SmartOS: {}
include:
- .sudoservice
\ No newline at end of file
{#- Get the `tplroot` from `tpldir` #}
{%- set fbkusersroot = slspath.split('/')[0] %}
{%- from fbkusersroot ~ "/map.jinja" import fbkusers with context %}
{% if pillar.fbkusers is defined %}
{% for user, options in fbkusers.items() %}
{% if options["sudoservice"] %}
{% for service in options["sudoservice"] %}
/etc/sudoers.d/{{ user }}-{{ service }}-alias:
file.managed:
- name: /etc/sudoers.d/alias-{{ service }}
- source: salt://fbkusers/files/sudo.systemctl
- template: jinja
- defaults:
user: {{ user }}
service: {{ service }}
servicecmd: {{ fbkusers['systemctl'] }}
/etc/sudoers.d/{{ user }}-{{ service }}:
file.managed:
- source: salt://fbkusers/files/sudo.user
- template: jinja
- defaults:
user: {{ user }}
service: {{ service }}
servicecmd: {{ fbkusers['systemctl'] }}
{% endif %}
{% endfor %}
fbkusers:
shelluser:
fsperm:
- /etc/apache2/
- /etc/tomcat8/
- /var/lib/tomcat8/
- /etc/mysql/
- /data/
sudoservice:
- apache2
- tomcat8
sudocmd:
- /usr/sbin/a2dismod
- /usr/sbin/a2enmod
- /usr/sbin/a2dissite
- /usr/sbin/a2ensite
groups:
- www-data
- tomcat8
- adm
tomygroup:
- www-data
sshkey:
- ssh-dss AAAAB3NzaC1kc3MAAACBAPPNE
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment