Name: puppet-sudo
Owner: Inuits
Description: Install sudo through puppet on Debian-, RedHat- and SUSE-based distributions (and some more)
Created: 2018-02-23 14:14:04.0
Updated: 2018-02-23 14:14:06.0
Pushed: 2018-02-23 14:15:33.0
Size: 285
Language: HTML
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
https://github.com/saz/puppet-sudo
Manage sudo configuration via Puppet
Some family and some specific os are supported by this module
This module will purge your current sudo config
If this is not what you're expecting, set purge
and/or config_file_replace
to false
class { 'sudo': }
class { 'sudo':
config_file_replace => false,
}
class { 'sudo':
purge => false,
config_file_replace => false,
}
Sudo do not always include by default the support for LDAP. On Debian and Ubuntu a special package sudo-ldap will be used. On Gentoo there is also the needing to include puppet portage module by Gentoo. If not present, only a notification will be shown.
class { 'sudo':
ldap_enable => true,
}
class { 'sudo': }
sudo::conf { 'web':
source => 'puppet:///files/etc/sudoers.d/web',
}
sudo::conf { 'admins':
priority => 10,
content => "%admins ALL=(ALL) NOPASSWD: ALL",
}
sudo::conf { 'joe':
priority => 60,
source => 'puppet:///files/etc/sudoers.d/users/joe',
}
A hiera hash may be used to assemble the sudoers configuration. Hash merging is also enabled, which supports layering the configuration settings.
Examples using:
rarchy:
"%{environment}"
"defaults"
Load the module via Puppet Code or your ENC.
include sudo
After Installing Hiera:
sudo
and sudo::configs
modules via Puppet Code or your ENC.include sudo
include sudo::configs
These defaults will apply to all systems.
::configs:
'web':
'source' : 'puppet:///files/etc/sudoers.d/web'
'admins':
'content' : "%admins ALL=(ALL) NOPASSWD: ALL"
'priority' : 10
'joe':
'priority' : 60
'source' : 'puppet:///files/etc/sudoers.d/users/joe'
This will only apply to the production environment. In this example we are:
::configs:
'admins':
'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
'priority' : 10
'joe':
'ensure' : 'absent'
'source' : 'puppet:///files/etc/sudoers.d/users/joe'
'bill':
'template' : "mymodule/bill.erb"
If you have Hiera version >= 1.2.0 and enable Hiera Deeper Merging you may conditionally override any setting.
In this example we are:
::configs:
'admins':
'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
'joe':
'ensure' : 'absent'
'bill':
'template' : "mymodule/bill.erb"
In some edge cases, the automatically generated sudoers file name is insufficient. For example, when an application generates a sudoers file with a fixed file name, using this class with the purge option enabled will always delete the custom file and adding it manually will generate a file with the right content, but the wrong name. To solve this, you can use the `sudo_file_name
` option to manually set the desired file name.
::conf { "foreman-proxy":
ensure => "present",
source => "puppet:///modules/sudo/foreman-proxy",
sudo_file_name => "foreman-proxy",
| Parameter | Type | Default | Description | | :————– | :—— |:———– | :———- | | enable | boolean | true | Set this to remove or purge all sudoers configs | | package | string | OS specific | Set package name (for unsupported platforms) | | package_ensure | string | present | latest, absent, or a specific package version | | package_source | string | OS specific | Set package source (for unsupported platforms) | | purge | boolean | true | Purge unmanaged files from config_dir | | purge_ignore | string | undef | Files excluded from purging in config_dir | | config_file | string | OS specific | Set config_file (for unsupported platforms) | | config_file_replace | boolean | true | Replace config file with module config file | | includedirsudoers | boolean | OS specific | Add #includedir /etc/sudoers.d with augeas | | config_dir | string | OS specific | Set config_dir (for unsupported platforms) | | content | string | OS specific | Alternate content file location | | ldap_enable | boolean | false | Add support to LDAP |
| Parameter | Type | Default | Description | | :————– | :—– |:———– | :———- | | ensure | string | present | present or absent | | priority | number | 10 | file name prefix | | content | string | undef | content of configuration snippet | | source | string | undef | source of configuration snippet | | template | string | undef | template of configuration snippet | | sudo_config_dir | string | OS Specific | configuration snippet directory (for unsupported platforms) | | sudo_file_name | string | undef | custom file name for sudo file in sudoers directory |