[Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name )

Thu Jan 13 19:12:32 CET 2011

Revision: 780
+Author:   misc
+Date:     2011-01-13 19:12:32 +0100 (Thu, 13 Jan 2011)
+Log Message:
+-----------
+move the type of access_class to deployment ( as this is tied to our group name )
+
+Modified Paths:
+--------------
+    puppet/manifests/nodes.pp
+    puppet/modules/pam/manifests/init.pp
+
+Added Paths:
+-----------
+    puppet/deployment/access_class/
+    puppet/deployment/access_class/manifests/
+    puppet/deployment/access_class/manifests/init.pp
+
+Added: puppet/deployment/access_class/manifests/init.pp
+===================================================================
+--- puppet/deployment/access_class/manifests/init.pp	                        (rev 0)
++++ puppet/deployment/access_class/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
+@@ -0,0 +1,28 @@
++class access_class {
++ 
++  # beware , theses classes are exclusives
++  # if you need multiple group access, you need to define you own class
++  # of access  
++ 
++  # for server where only admins can connect
++  class admin {
++    pam::multiple_ldap_access { "admin":
++        access_classes => ['mga-sysadmin']
++    }
++  }
++
++  # for server where people can connect with ssh ( git, svn )
++  class committers {
++    # this is required, as we force the shell to be the restricted one
++    # openssh will detect if the file do not exist and while refuse to log the
++    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
++    # so the file must exist
++    # permission to use svn, git, etc must be added separatly
++     
++    include restrictshell::shell
++
++    pam::multiple_ldap_access { "committers":
++        access_classes => ['mga-commiters']
++    }
++  }
++}
+
+Modified: puppet/manifests/nodes.pp
+===================================================================
+--- puppet/manifests/nodes.pp	2011-01-13 18:12:31 UTC (rev 779)
++++ puppet/manifests/nodes.pp	2011-01-13 18:12:32 UTC (rev 780)
+@@ -21,7 +21,7 @@
+     include buildsystem::mainnode
+     include buildsystem::mgacreatehome
+ 
+-    include pam::committers_access
++    include access_class::committers
+     include restrictshell::allow_svn
+     include restrictshell::allow_pkgsubmit
+     include openssh::ssh_keys_from_ldap
+
+Modified: puppet/modules/pam/manifests/init.pp
+===================================================================
+--- puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:31 UTC (rev 779)
++++ puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
+@@ -47,30 +47,4 @@
+   define multiple_ldap_access($access_classes) {
+     include base
+   }
+- 
+-  # beware , this two classes are exclusives
+-  # if you need multiple group access, you need to define you own class
+-  # of access  
+- 
+-  # for server where only admins can connect
+-  class admin_access {
+-    multiple_ldap_access { "admin_access":
+-        access_classes => ['mga-sysadmin']
+-    }
+-  }
+-
+-  # for server where people can connect with ssh ( git, svn )
+-  class committers_access {
+-    # this is required, as we force the shell to be the restricted one
+-    # openssh will detect if the file do not exist and while refuse to log the
+-    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+-    # so the file must exist
+-    # permission to use svn, git, etc must be added separatly
+-     
+-    include restrictshell::shell
+-
+-    multiple_ldap_access { "committers_access":
+-        access_classes => ['mga-commiters']
+-    }
+-  }
+ }
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20110113/b11cf251/attachment-0001.html>
+