diff options
Diffstat (limited to 'modules/buildsystem')
| -rw-r--r-- | modules/buildsystem/manifests/init.pp | 40 | ||||
| -rw-r--r-- | modules/buildsystem/manifests/sshuser.pp | 36 |
2 files changed, 36 insertions, 40 deletions
diff --git a/modules/buildsystem/manifests/init.pp b/modules/buildsystem/manifests/init.pp index b70fab7a..af88d4ef 100644 --- a/modules/buildsystem/manifests/init.pp +++ b/modules/buildsystem/manifests/init.pp @@ -1,44 +1,4 @@ class buildsystem { - # $groups: array of secondary groups (only local groups, no ldap) - define sshuser($homedir, $comment, $groups = []) { - group {"$title": - ensure => present, - } - - user {"$title": - ensure => present, - comment => $comment, - managehome => true, - home => $homedir, - gid => $title, - groups => $groups, - shell => "/bin/bash", - notify => Exec["unlock$title"], - require => Group[$title], - } - - # set password to * to unlock the account but forbid login through login - exec { "unlock$title": - command => "usermod -p '*' $title", - refreshonly => true, - } - - file { $homedir: - ensure => "directory", - owner => $title, - group => $title, - require => User[$title], - } - - file { "$homedir/.ssh": - ensure => "directory", - mode => 600, - owner => $title, - group => $title, - require => File[$homedir], - } - } - # A script to copy on valstar the 2010.1 rpms built on jonund class sync20101 inherits base { $build_login = $buildsystem::iurt::user::login diff --git a/modules/buildsystem/manifests/sshuser.pp b/modules/buildsystem/manifests/sshuser.pp new file mode 100644 index 00000000..0a1cd176 --- /dev/null +++ b/modules/buildsystem/manifests/sshuser.pp @@ -0,0 +1,36 @@ +# $groups: array of secondary groups (only local groups, no ldap) +define buildsystem::sshuser($homedir, $comment, $groups = []) { + group { $name: } + + user { $name: + comment => $comment, + managehome => true, + home => $homedir, + gid => $name, + groups => $groups, + shell => '/bin/bash', + notify => Exec["unlock $name"], + require => Group[$title], + } + + # set password to * to unlock the account but forbid login through login + exec { "unlock $name": + command => "usermod -p '*' $name", + refreshonly => true, + } + + file { $homedir: + ensure => directory, + owner => $name, + group => $name, + require => User[$name], + } + + file { "$homedir/.ssh": + ensure => directory, + mode => '0600', + owner => $name, + group => $name, + require => File[$homedir], + } +} |