class user {
define manage(
+ $password,
$ensure = present,
$uid = 'absent',
$gid = 'uid',
$homedir_mode = '0750',
$comment = 'absent',
$homedir = 'absent',
- $password = 'absent',
$shell = 'absent',
$sshkey = 'absent',
$sshkey_options = [],
$ticket = false,
$refresh_keys = false) {
- if $password != 'absent' {
-
- $real_groups = $groups ? {
- '' => [ "$title", ],
- default => $groups,
- }
+ $real_groups = $groups ? {
+ '' => [ "$title", ],
+ default => $groups,
+ }
- $real_homedir = $homedir ? {
- 'absent' => "/home/$name",
- default => $homedir,
- }
+ $real_homedir = $homedir ? {
+ 'absent' => "/home/$name",
+ default => $homedir,
+ }
- $real_name_comment = $comment ? {
- 'absent' => $name,
- default => $comment,
- }
+ $real_name_comment = $comment ? {
+ 'absent' => $name,
+ default => $comment,
+ }
- $real_sshkey_type = $sshkey_type ? {
- 'absent' => "ssh-rsa",
- default => $sshkey_type,
- }
+ $real_sshkey_type = $sshkey_type ? {
+ 'absent' => "ssh-rsa",
+ default => $sshkey_type,
+ }
- $real_shell = $shell ? {
- 'absent' => $operatingsystem ? {
- openbsd => "/usr/local/bin/bash",
- default => "/bin/bash",
- },
- default => $shell,
- }
+ $real_shell = $shell ? {
+ 'absent' => $operatingsystem ? {
+ openbsd => "/usr/local/bin/bash",
+ default => "/bin/bash",
+ },
+ default => $shell,
+ }
- if $managehome == true {
- if $ensure == 'absent' {
- file{"$real_homedir":
- ensure => absent,
- purge => true,
- force => true,
- recurse => true,
- }
- } else {
- file{"$real_homedir":
- ensure => directory,
- require => User[$name],
- owner => $name, mode => $homedir_mode;
- }
- case $gid {
- 'absent','uid': {
- File[$real_homedir]{
- group => $name,
- }
- }
- default: {
- File[$real_homedir]{
- group => $gid,
- }
- }
- }
- }
- } else {
- if $managehome != false {
- if !defined(File[$managehome]) {
- file { $managehome:
- ensure => present,
- owner => $name,
- mode => $homedir_mode,
- require => User[$name],
+ if $managehome == true {
+ if $ensure == 'absent' {
+ file{"$real_homedir":
+ ensure => absent,
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+ } else {
+ file{"$real_homedir":
+ ensure => directory,
+ require => User[$name],
+ owner => $name, mode => $homedir_mode;
+ }
+ case $gid {
+ 'absent','uid': {
+ File[$real_homedir]{
+ group => $name,
+ }
+ }
+ default: {
+ File[$real_homedir]{
+ group => $gid,
+ }
+ }
}
+ }
+ } else {
+ if $managehome != false {
+ if !defined(File[$managehome]) {
+ file { $managehome:
+ ensure => present,
+ owner => $name,
+ mode => $homedir_mode,
+ require => User[$name],
}
+ }
- case $gid {
- 'absent','uid': {
- File[$managehome] {
- group => $name,
- }
+ case $gid {
+ 'absent','uid': {
+ File[$managehome] {
+ group => $name,
}
- default: {
- File[$managehome] {
- group => $gid,
- }
+ }
+ default: {
+ File[$managehome] {
+ group => $gid,
}
}
+ }
- file{ "$real_homedir":
- ensure => $managehome,
- require => File[$managehome],
- }
+ file{ "$real_homedir":
+ ensure => $managehome,
+ require => File[$managehome],
}
}
+ }
- if $uid != 'absent' {
- $real_uid = $uid
- } else {
- $real_uid = false
- }
+ if $uid != 'absent' {
+ $real_uid = $uid
+ } else {
+ $real_uid = false
+ }
- if $gid != 'absent' {
- if $gid == 'uid' {
- if $uid != 'absent' {
- $real_gid = $uid
- } else {
- $real_gid = false
- }
+ if $gid != 'absent' {
+ if $gid == 'uid' {
+ if $uid != 'absent' {
+ $real_gid = $uid
} else {
- $real_gid = $gid
+ $real_gid = false
}
} else {
- $real_gid = false
+ $real_gid = $gid
}
+ } else {
+ $real_gid = false
+ }
- # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html
- user { "$title":
- ensure => $ensure,
- allowdupe => false,
- comment => "$real_name_comment",
- home => $real_homedir,
- managehome => $managehome,
- shell => $real_shell,
- groups => $real_groups,
- membership => $membership,
- password => $password,
- uid => $real_uid ? { false => undef, default => $real_uid },
- gid => $real_gid ? { false => undef, default => $real_gid },
- }
+ # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html
+ user { "$title":
+ ensure => $ensure,
+ allowdupe => false,
+ comment => "$real_name_comment",
+ home => $real_homedir,
+ managehome => $managehome,
+ shell => $real_shell,
+ groups => $real_groups,
+ membership => $membership,
+ password => $password,
+ uid => $real_uid ? { false => undef, default => $real_uid },
+ gid => $real_gid ? { false => undef, default => $real_gid },
+ }
- if $refresh_keys == true {
- cron { "gpg-refresh-keys-${title}":
- command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1",
- user => $title,
- hour => "*/1",
- minute => "0",
- ensure => present,
- require => User[$title],
- }
+ if $refresh_keys == true {
+ cron { "gpg-refresh-keys-${title}":
+ command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1",
+ user => $title,
+ hour => "*/1",
+ minute => "0",
+ ensure => present,
+ require => User[$title],
}
+ }
- # lots of bugs preventing a good implementation for ssh keys
- # http://projects.reductivelabs.com/issues/1409
- # http://projects.reductivelabs.com/issues/2004
- # http://projects.reductivelabs.com/issues/2020
- # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
- if $sshkey != 'absent' {
- ssh_authorized_key { "$title":
- ensure => $ensure,
- key => $sshkey,
- user => $title,
- options => $sshkey_options,
- type => $real_sshkey_type,
- target => "$real_homedir/.ssh/authorized_keys",
- require => User["$title"],
- }
+ # lots of bugs preventing a good implementation for ssh keys
+ # http://projects.reductivelabs.com/issues/1409
+ # http://projects.reductivelabs.com/issues/2004
+ # http://projects.reductivelabs.com/issues/2020
+ # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
+ if $sshkey != 'absent' {
+ ssh_authorized_key { "$title":
+ ensure => $ensure,
+ key => $sshkey,
+ user => $title,
+ options => $sshkey_options,
+ type => $real_sshkey_type,
+ target => "$real_homedir/.ssh/authorized_keys",
+ require => User["$title"],
}
}
}
projects / puppet-user.git / commitdiff