Merge pull request #36 from fessoga5/master

Add support FreeBSD using map.jinja (Tested on Freebsd10)
This commit is contained in:
Seth House 2014-05-29 21:44:19 -06:00
commit 16e68585c6
3 changed files with 47 additions and 15 deletions

View File

@ -1,3 +1,6 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
include: include:
- users.sudo - users.sudo
@ -126,24 +129,24 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% if 'sudouser' in user and user['sudouser'] %} {% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}: sudoer-{{ name }}:
file.managed: file.managed:
- name: /etc/sudoers.d/{{ name }} - name: {{ users.sudoers_dir }}{{ name }}
- user: root - user: root
- group: root - group: {{ users.root_group }}
- mode: '0440' - mode: '0440'
{% if 'sudo_rules' in user %} {% if 'sudo_rules' in user %}
{% for rule in user['sudo_rules'] %} {% for rule in user['sudo_rules'] %}
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}": "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
cmd.run: cmd.run:
- name: 'visudo -cf - <<<"$rule"' - name: 'visudo -cf - <<<"$rule"'
- shell: /bin/bash - shell: {{ users.visudo_shell }}
- env: - env:
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}" - rule: "{{ name }} {{ rule }}"
- require_in: - require_in:
- file: /etc/sudoers.d/{{ name }} - file: {{ users.sudoers_dir }}{{ name }}
{% endfor %} {% endfor %}
/etc/sudoers.d/{{ name }}: {{ users.sudoers_dir }}{{ name }}:
file.managed: file.managed:
- contents: | - contents: |
{%- for rule in user['sudo_rules'] %} {%- for rule in user['sudo_rules'] %}
@ -154,9 +157,9 @@ sudoer-{{ name }}:
- file: sudoer-{{ name }} - file: sudoer-{{ name }}
{% endif %} {% endif %}
{% else %} {% else %}
/etc/sudoers.d/{{ name }}: {{ users.sudoers_dir }}{{ name }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ name }} - name: {{ users.sudoers_dir }}{{ name }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -174,17 +177,17 @@ sudoer-{{ name }}:
{% else %} {% else %}
user.absent user.absent
{% endif -%} {% endif -%}
/etc/sudoers.d/{{ name }}: {{ users.sudoers_dir }}{{ name }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ name }} - name: {{ users.sudoers_dir }}{{ name }}
{% endfor %} {% endfor %}
{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
{{ user }}: {{ user }}:
user.absent user.absent
/etc/sudoers.d/{{ user }}: {{ users.sudoers_dir }}{{ user }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ user }} - name: {{ users.sudoers_dir }}{{ user }}
{% endfor %} {% endfor %}
{% for group in pillar.get('absent_groups', []) %} {% for group in pillar.get('absent_groups', []) %}

21
users/map.jinja Normal file
View File

@ -0,0 +1,21 @@
# vim: sts=2 ts=2 sw=2 et ai
{% set users = salt['grains.filter_by']({
'Debian': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d/',
'sudoers_file': '/usr/local/etc/sudoers',
'root_group': 'wheel',
'visudo_shell': '/usr/local/bin/bash',
},
'default': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
}, merge=salt['pillar.get']('users:lookup')) %}

View File

@ -1,3 +1,11 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
#Support bash in FreeBSD
bash:
pkg:
- installed
sudo: sudo:
group: group:
- present - present
@ -6,18 +14,18 @@ sudo:
- installed - installed
- require: - require:
- group: sudo - group: sudo
- file: /etc/sudoers.d - file: {{ users.sudoers_dir }}
/etc/sudoers.d: {{ users.sudoers_dir }}:
file: file:
- directory - directory
sudoer-defaults: sudoer-defaults:
file.append: file.append:
- name: /etc/sudoers - name: {{ users.sudoers_file }}
- require: - require:
- pkg: sudo - pkg: sudo
- text: - text:
- Defaults env_reset - Defaults env_reset
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- '#includedir /etc/sudoers.d' - '#includedir {{ users.sudoers_dir }}'