) inherits base_installation {
ensure_packages('ruby-shadow')
user { 'root':
- password => '!'
+ password => '!',
+ purge_ssh_keys => ["/root/.ssh/authorized_keys"],
}
class { 'sudo':
ensure => "present",
groups => $user[groups],
managehome => true,
+ system => !!$user[system],
home => "/home/${user[username]}",
- notify => Exec["remove_password"],
+ notify => Exec["remove_password:${user[username]}:${user[userid]}"],
purge_ssh_keys => true
}
- exec { "remove_password":
+ exec { "remove_password:${user[username]}:${user[userid]}":
command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+ onlyif => "/usr/bin/test -z '${user[password]}'",
refreshonly => true
}
- $user[keys].each |$key| {
- ssh_authorized_key { "${user[username]}@${key[host]}":
- name => "${user[username]}@${key[host]}",
- user => $user[username],
- type => $key[key_type],
- key => $key[key],
+ if has_key($user, "keys") {
+ $user[keys].each |$key| {
+ ssh_authorized_key { "${user[username]}@${key[host]}":
+ name => "${user[username]}@${key[host]}",
+ user => $user[username],
+ type => $key[key_type],
+ key => $key[key],
+ }
+
+ if has_key($key, "root_command") {
+ ssh_authorized_key { "${user[username]}@${key[host]}:root":
+ name => "${user[username]}@${key[host]}:root",
+ user => "root",
+ options => [
+ "command=\"${key[root_command]}\"",
+ "no-port-forwarding",
+ "no-X11-forwarding",
+ "no-pty",
+ ],
+ type => $key[key_type],
+ key => $key[key],
+ }
+ }
}
}
}