diff options
-rw-r--r-- | modules/base_installation/manifests/users.pp | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp index aff19bb..34df4bd 100644 --- a/modules/base_installation/manifests/users.pp +++ b/modules/base_installation/manifests/users.pp | |||
@@ -21,45 +21,47 @@ class base_installation::users ( | |||
21 | contain "sudo" | 21 | contain "sudo" |
22 | 22 | ||
23 | $users.each |$user| { | 23 | $users.each |$user| { |
24 | user { "${user[username]}:${user[userid]}": | 24 | if ($user["username"] != "root") { |
25 | name => $user[username], | 25 | user { "${user[username]}:${user[userid]}": |
26 | uid => $user[userid], | 26 | name => $user[username], |
27 | ensure => "present", | 27 | uid => $user[userid], |
28 | groups => $user[groups], | 28 | ensure => "present", |
29 | managehome => true, | 29 | groups => $user[groups], |
30 | system => !!$user[system], | 30 | managehome => true, |
31 | home => "/home/${user[username]}", | 31 | system => !!$user[system], |
32 | notify => Exec["remove_password:${user[username]}:${user[userid]}"], | 32 | home => "/home/${user[username]}", |
33 | purge_ssh_keys => true | 33 | notify => Exec["remove_password:${user[username]}:${user[userid]}"], |
34 | } | 34 | purge_ssh_keys => true |
35 | } | ||
35 | 36 | ||
36 | exec { "remove_password:${user[username]}:${user[userid]}": | 37 | exec { "remove_password:${user[username]}:${user[userid]}": |
37 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", | 38 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", |
38 | onlyif => "/usr/bin/test -z '${user[password]}'", | 39 | onlyif => "/usr/bin/test -z '${user[password]}'", |
39 | refreshonly => true | 40 | refreshonly => true |
41 | } | ||
40 | } | 42 | } |
41 | 43 | ||
42 | if has_key($user, "keys") { | 44 | if has_key($user, "keys") { |
43 | $user[keys].each |$key| { | 45 | $user[keys].each |$key| { |
44 | ssh_authorized_key { "${user[username]}@${key[host]}": | 46 | if has_key($key, "command") { |
45 | name => "${user[username]}@${key[host]}", | 47 | ssh_authorized_key { "${user[username]}@${key[host]}": |
46 | user => $user[username], | 48 | name => "${user[username]}@${key[host]}", |
47 | type => $key[key_type], | 49 | user => $user[username], |
48 | key => $key[key], | 50 | type => $key[key_type], |
49 | } | 51 | key => $key[key], |
50 | |||
51 | if has_key($key, "root_command") { | ||
52 | ssh_authorized_key { "${user[username]}@${key[host]}:root": | ||
53 | name => "${user[username]}@${key[host]}:root", | ||
54 | user => "root", | ||
55 | options => [ | 52 | options => [ |
56 | "command=\"${key[root_command]}\"", | 53 | "command=\"${key[command]}\"", |
57 | "no-port-forwarding", | 54 | "no-port-forwarding", |
58 | "no-X11-forwarding", | 55 | "no-X11-forwarding", |
59 | "no-pty", | 56 | "no-pty", |
60 | ], | 57 | ], |
61 | type => $key[key_type], | 58 | } |
62 | key => $key[key], | 59 | } else { |
60 | ssh_authorized_key { "${user[username]}@${key[host]}": | ||
61 | name => "${user[username]}@${key[host]}", | ||
62 | user => $user[username], | ||
63 | type => $key[key_type], | ||
64 | key => $key[key], | ||
63 | } | 65 | } |
64 | } | 66 | } |
65 | } | 67 | } |