zarb-ml/mageia-sysadm/attachments/20110113/b11cf251/attachment-0001.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[780] move the type of access_class to deployment ( as this is tied to our group name )</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd>780</dd>
<dt>Author</dt> <dd>misc</dd>
<dt>Date</dt> <dd>2011-01-13 19:12:32 +0100 (Thu, 13 Jan 2011)</dd>
</dl>

<h3>Log Message</h3>
<pre>move the type of access_class to deployment ( as this is tied to our group name )</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#puppetmanifestsnodespp">puppet/manifests/nodes.pp</a></li>
<li><a href="#puppetmodulespammanifestsinitpp">puppet/modules/pam/manifests/init.pp</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li>puppet/deployment/access_class/</li>
<li>puppet/deployment/access_class/manifests/</li>
<li><a href="#puppetdeploymentaccess_classmanifestsinitpp">puppet/deployment/access_class/manifests/init.pp</a></li>
</ul>

</div>
<div id="patch"><pre>
<a id="puppetdeploymentaccess_classmanifestsinitpp">Added: puppet/deployment/access_class/manifests/init.pp</a>
===================================================================
--- puppet/deployment/access_class/manifests/init.pp	                        (rev 0)
+++ puppet/deployment/access_class/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -0,0 +1,28 @@
+class access_class {
+ 
+  # beware , theses classes are exclusives
+  # if you need multiple group access, you need to define you own class
+  # of access  
+ 
+  # for server where only admins can connect
+  class admin {
+    pam::multiple_ldap_access { &quot;admin&quot;:
+        access_classes =&gt; ['mga-sysadmin']
+    }
+  }
+
+  # for server where people can connect with ssh ( git, svn )
+  class committers {
+    # this is required, as we force the shell to be the restricted one
+    # openssh will detect if the file do not exist and while refuse to log the
+    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+    # so the file must exist
+    # permission to use svn, git, etc must be added separatly
+     
+    include restrictshell::shell
+
+    pam::multiple_ldap_access { &quot;committers&quot;:
+        access_classes =&gt; ['mga-commiters']
+    }
+  }
+}

<a id="puppetmanifestsnodespp">Modified: puppet/manifests/nodes.pp</a>
===================================================================
--- puppet/manifests/nodes.pp	2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/manifests/nodes.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -21,7 +21,7 @@
     include buildsystem::mainnode
     include buildsystem::mgacreatehome
 
-    include pam::committers_access
+    include access_class::committers
     include restrictshell::allow_svn
     include restrictshell::allow_pkgsubmit
     include openssh::ssh_keys_from_ldap

<a id="puppetmodulespammanifestsinitpp">Modified: puppet/modules/pam/manifests/init.pp</a>
===================================================================
--- puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -47,30 +47,4 @@
   define multiple_ldap_access($access_classes) {
     include base
   }
- 
-  # beware , this two classes are exclusives
-  # if you need multiple group access, you need to define you own class
-  # of access  
- 
-  # for server where only admins can connect
-  class admin_access {
-    multiple_ldap_access { &quot;admin_access&quot;:
-        access_classes =&gt; ['mga-sysadmin']
-    }
-  }
-
-  # for server where people can connect with ssh ( git, svn )
-  class committers_access {
-    # this is required, as we force the shell to be the restricted one
-    # openssh will detect if the file do not exist and while refuse to log the
-    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
-    # so the file must exist
-    # permission to use svn, git, etc must be added separatly
-     
-    include restrictshell::shell
-
-    multiple_ldap_access { &quot;committers_access&quot;:
-        access_classes =&gt; ['mga-commiters']
-    }
-  }
 }

</pre></div>

</body>
</html>