Added unique switch
This commit is contained in:
commit
a32fb976ec
@ -57,6 +57,10 @@ users:
|
|||||||
ssh_keys:
|
ssh_keys:
|
||||||
privkey: PRIVATEKEY
|
privkey: PRIVATEKEY
|
||||||
pubkey: PUBLICKEY
|
pubkey: PUBLICKEY
|
||||||
|
# you can provide multiple keys, the keyname is taken as filename
|
||||||
|
# make sure your public keys suffix is .pub
|
||||||
|
foobar: PRIVATEKEY
|
||||||
|
foobar.pub: PUBLICKEY
|
||||||
# ... or you can pull them from a different pillar,
|
# ... or you can pull them from a different pillar,
|
||||||
# for example one called "ssh_keys":
|
# for example one called "ssh_keys":
|
||||||
ssh_keys_pillar:
|
ssh_keys_pillar:
|
||||||
@ -125,6 +129,7 @@ users:
|
|||||||
# should be a salt fileserver path either with or without 'salt://'
|
# should be a salt fileserver path either with or without 'salt://'
|
||||||
# if not present, it defaults to 'salt://users/files/user/<username>
|
# if not present, it defaults to 'salt://users/files/user/<username>
|
||||||
source: users/files/default
|
source: users/files/default
|
||||||
|
template: jinja
|
||||||
# You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0
|
# You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0
|
||||||
# it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save
|
# it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save
|
||||||
# execution bit for example.
|
# execution bit for example.
|
||||||
|
@ -120,11 +120,14 @@ users_{{ name }}_user:
|
|||||||
- workphone: {{ user['workphone'] }}
|
- workphone: {{ user['workphone'] }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if 'homephone' in user %}
|
{% if 'homephone' in user %}
|
||||||
- homephone: {{ user['workphone'] }}
|
- homephone: {{ user['homephone'] }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if not user.get('createhome', True) %}
|
{% if not user.get('createhome', True) %}
|
||||||
- createhome: False
|
- createhome: False
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if not user.get('unique', True) %}
|
||||||
|
- unique: False
|
||||||
|
{% endif %}
|
||||||
{% if 'expire' in user -%}
|
{% if 'expire' in user -%}
|
||||||
{% if grains['kernel'].endswith('BSD') and
|
{% if grains['kernel'].endswith('BSD') and
|
||||||
user['expire'] < 157766400 %}
|
user['expire'] < 157766400 %}
|
||||||
@ -179,35 +182,35 @@ user_keydir_{{ name }}:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if 'ssh_keys' in user %}
|
{% if 'ssh_keys' in user %}
|
||||||
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
|
{% for _key in user.ssh_keys.keys() %}
|
||||||
users_user_{{ name }}_private_key:
|
{% if _key == 'privkey' %}
|
||||||
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}
|
||||||
|
{% elif _key == 'pubkey' %}
|
||||||
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}
|
||||||
|
{% else %}
|
||||||
|
{% set key_name = _key %}
|
||||||
|
{% endif %}
|
||||||
|
users_{{ name }}_{{ key_name }}_key:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: {{ home }}/.ssh/{{ key_type }}
|
- name: {{ home }}/.ssh/{{ key_name }}
|
||||||
- user: {{ name }}
|
|
||||||
- group: {{ user_group }}
|
|
||||||
- mode: 600
|
|
||||||
- show_diff: False
|
|
||||||
- contents_pillar: users:{{ name }}:ssh_keys:privkey
|
|
||||||
- require:
|
|
||||||
- user: users_{{ name }}_user
|
|
||||||
{% for group in user.get('groups', []) %}
|
|
||||||
- group: users_{{ name }}_{{ group }}_group
|
|
||||||
{% endfor %}
|
|
||||||
users_user_{{ name }}_public_key:
|
|
||||||
file.managed:
|
|
||||||
- name: {{ home }}/.ssh/{{ key_type }}.pub
|
|
||||||
- user: {{ name }}
|
- user: {{ name }}
|
||||||
- group: {{ user_group }}
|
- group: {{ user_group }}
|
||||||
|
{% if key_name.endswith(".pub") %}
|
||||||
- mode: 644
|
- mode: 644
|
||||||
|
{% else %}
|
||||||
|
- mode: 600
|
||||||
|
{% endif %}
|
||||||
- show_diff: False
|
- show_diff: False
|
||||||
- contents_pillar: users:{{ name }}:ssh_keys:pubkey
|
- contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
|
||||||
- require:
|
- require:
|
||||||
- user: users_{{ name }}_user
|
- user: users_{{ name }}_user
|
||||||
{% for group in user.get('groups', []) %}
|
{% for group in user.get('groups', []) %}
|
||||||
- group: users_{{ name }}_{{ group }}_group
|
- group: users_{{ name }}_{{ group }}_group
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
|
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
|
||||||
users_authorized_keys_{{ name }}:
|
users_authorized_keys_{{ name }}:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -221,8 +224,9 @@ users_authorized_keys_{{ name }}:
|
|||||||
{{ auth }}
|
{{ auth }}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{% else %}
|
{% else %}
|
||||||
|
- contents: |
|
||||||
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}
|
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}
|
||||||
- contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey
|
{{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -466,7 +470,7 @@ users_googleauth-{{ svc }}-{{ name }}:
|
|||||||
{% if 'gitconfig' in user %}
|
{% if 'gitconfig' in user %}
|
||||||
{% for key, value in user['gitconfig'].items() %}
|
{% for key, value in user['gitconfig'].items() %}
|
||||||
users_{{ name }}_user_gitconfig_{{ loop.index0 }}:
|
users_{{ name }}_user_gitconfig_{{ loop.index0 }}:
|
||||||
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %}
|
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}
|
||||||
git.config_set:
|
git.config_set:
|
||||||
{% else %}
|
{% else %}
|
||||||
git.config:
|
git.config:
|
||||||
@ -474,7 +478,7 @@ users_{{ name }}_user_gitconfig_{{ loop.index0 }}:
|
|||||||
- name: {{ key }}
|
- name: {{ key }}
|
||||||
- value: "{{ value }}"
|
- value: "{{ value }}"
|
||||||
- user: {{ name }}
|
- user: {{ name }}
|
||||||
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %}
|
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}
|
||||||
- global: True
|
- global: True
|
||||||
{% else %}
|
{% else %}
|
||||||
- is_global: True
|
- is_global: True
|
||||||
|
@ -9,6 +9,7 @@ include:
|
|||||||
{%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%}
|
{%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%}
|
||||||
{%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%}
|
{%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%}
|
||||||
{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%}
|
{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%}
|
||||||
|
{%- set user_files_template = salt['pillar.get'](('users:' ~ username ~ ':user_files:template'), None) -%}
|
||||||
{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%}
|
{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%}
|
||||||
{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%}
|
{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%}
|
||||||
{%- if user_files.enabled -%}
|
{%- if user_files.enabled -%}
|
||||||
@ -36,6 +37,9 @@ users_userfiles_{{ username }}_recursive:
|
|||||||
- source: {{ file_source }}
|
- source: {{ file_source }}
|
||||||
- user: {{ username }}
|
- user: {{ username }}
|
||||||
- group: {{ user_group }}
|
- group: {{ user_group }}
|
||||||
|
{% if user_files_template -%}
|
||||||
|
- template: {{ user_files_template }}
|
||||||
|
{% endif -%}
|
||||||
- clean: False
|
- clean: False
|
||||||
{% if user_files_file_mode -%}
|
{% if user_files_file_mode -%}
|
||||||
- file_mode: {{ user_files_file_mode }}
|
- file_mode: {{ user_files_file_mode }}
|
||||||
|
Loading…
Reference in New Issue
Block a user