Name: puppet-sudo
Owner: Mirantis Inc.
Description: Puppet module for configuring sudo
Created: 2015-05-15 04:47:37.0
Updated: 2015-07-27 20:09:04.0
Pushed: 2015-05-29 00:18:15.0
Homepage: null
Size: 139
Language: Augeas
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Manage sudo configuration via Puppet
This module will purge your current sudo config
If this is not what you're expecting, set purge
and/or config_file_replace
to false
class { 'sudo': }
class { 'sudo':
config_file_replace => false,
}
class { 'sudo':
purge => false,
config_file_replace => false,
}
class { 'sudo': }
sudo::conf { 'web':
source => 'puppet:///files/etc/sudoers.d/web',
}
sudo::conf { 'admins':
priority => 10,
content => "%admins ALL=(ALL) NOPASSWD: ALL",
}
sudo::conf { 'joe':
priority => 60,
source => 'puppet:///files/etc/sudoers.d/users/joe',
}
A hiera hash may be used to assemble the sudoers configuration. Hash merging is also enabled, which supports layering the configuration settings.
Examples using:
rarchy:
"%{environment}"
"defaults"
Load the module via Puppet Code or your ENC.
include sudo
After Installing Hiera:
sudo
and sudo::configs
modules via Puppet Code or your ENC.include sudo
include sudo::configs
These defaults will apply to all systems.
::configs:
'web':
'source' : 'puppet:///files/etc/sudoers.d/web'
'admins':
'content' : "%admins ALL=(ALL) NOPASSWD: ALL"
'priority' : 10
'joe':
'priority' : 60
'source' : 'puppet:///files/etc/sudoers.d/users/joe'
This will only apply to the production environment. In this example we are:
::configs:
'admins':
'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
'priority' : 10
'joe':
'ensure' : 'absent'
'source' : 'puppet:///files/etc/sudoers.d/users/joe'
If you have Hiera version >= 1.2.0 and enable Hiera Deeper Merging you may conditionally override any setting.
In this example we are:
::configs:
'admins':
'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
'joe':
'ensure' : 'absent'
In some edge cases, the automatically generated sudoers file name is insufficient. For example, when an application generates a sudoers file with a fixed file name, using this class with the purge option enabled will always delete the custom file and adding it manually will generate a file with the right content, but the wrong name. To solve this, you can use the `sudo_file_name
` option to manually set the desired file name.
::conf { "foreman-proxy":
ensure => "present",
source => "puppet:///modules/sudo/foreman-proxy",
sudo_file_name => "foreman-proxy",
| Parameter | Type | Default | Description | | :————– | :—— |:———– | :———- | | enable | boolean | true | Set this to remove or purge all sudoers configs | | package | string | OS specific | Set package name (for unsupported platforms) | | package_ensure | string | present | latest, absent, or a specific package version | | package_source | string | OS specific | Set package source (for unsupported platforms) | | purge | boolean | true | Purge unmanaged files from config_dir | | purge_ignore | string | undef | Files excluded from purging in config_dir | | config_file | string | OS specific | Set config_file (for unsupported platforms) | | config_file_replace | boolean | true | Replace config file with module config file | | config_dir | string | OS specific | Set config_dir (for unsupported platforms) | | source | string | OS specific | Set source (for unsupported platforms) |
| Parameter | Type | Default | Description | | :————– | :—– |:———– | :———- | | ensure | string | present | present or absent | | priority | number | 10 | file name prefix | | content | string | undef | content of configuration snippet | | source | string | undef | source of configuration snippet | | sudo_config_dir | string | OS Specific | configuration snippet directory (for unsupported platforms) | | sudo_file_name | string | undef | custom file name for sudo file in sudoers directory |