aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/base_installation/manifests/users.pp60
1 files changed, 31 insertions, 29 deletions
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index aff19bb..34df4bd 100644
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -21,45 +21,47 @@ class base_installation::users (
21 contain "sudo" 21 contain "sudo"
22 22
23 $users.each |$user| { 23 $users.each |$user| {
24 user { "${user[username]}:${user[userid]}": 24 if ($user["username"] != "root") {
25 name => $user[username], 25 user { "${user[username]}:${user[userid]}":
26 uid => $user[userid], 26 name => $user[username],
27 ensure => "present", 27 uid => $user[userid],
28 groups => $user[groups], 28 ensure => "present",
29 managehome => true, 29 groups => $user[groups],
30 system => !!$user[system], 30 managehome => true,
31 home => "/home/${user[username]}", 31 system => !!$user[system],
32 notify => Exec["remove_password:${user[username]}:${user[userid]}"], 32 home => "/home/${user[username]}",
33 purge_ssh_keys => true 33 notify => Exec["remove_password:${user[username]}:${user[userid]}"],
34 } 34 purge_ssh_keys => true
35 }
35 36
36 exec { "remove_password:${user[username]}:${user[userid]}": 37 exec { "remove_password:${user[username]}:${user[userid]}":
37 command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", 38 command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
38 onlyif => "/usr/bin/test -z '${user[password]}'", 39 onlyif => "/usr/bin/test -z '${user[password]}'",
39 refreshonly => true 40 refreshonly => true
41 }
40 } 42 }
41 43
42 if has_key($user, "keys") { 44 if has_key($user, "keys") {
43 $user[keys].each |$key| { 45 $user[keys].each |$key| {
44 ssh_authorized_key { "${user[username]}@${key[host]}": 46 if has_key($key, "command") {
45 name => "${user[username]}@${key[host]}", 47 ssh_authorized_key { "${user[username]}@${key[host]}":
46 user => $user[username], 48 name => "${user[username]}@${key[host]}",
47 type => $key[key_type], 49 user => $user[username],
48 key => $key[key], 50 type => $key[key_type],
49 } 51 key => $key[key],
50
51 if has_key($key, "root_command") {
52 ssh_authorized_key { "${user[username]}@${key[host]}:root":
53 name => "${user[username]}@${key[host]}:root",
54 user => "root",
55 options => [ 52 options => [
56 "command=\"${key[root_command]}\"", 53 "command=\"${key[command]}\"",
57 "no-port-forwarding", 54 "no-port-forwarding",
58 "no-X11-forwarding", 55 "no-X11-forwarding",
59 "no-pty", 56 "no-pty",
60 ], 57 ],
61 type => $key[key_type], 58 }
62 key => $key[key], 59 } else {
60 ssh_authorized_key { "${user[username]}@${key[host]}":
61 name => "${user[username]}@${key[host]}",
62 user => $user[username],
63 type => $key[key_type],
64 key => $key[key],
63 } 65 }
64 } 66 }
65 } 67 }