Project

General

Profile

« Previous | Next » 

Revision f1466bda

Added by Trey Dockendorf over 9 years ago

  • Set the puppetrun sudo command to match the user specified using puppetrun_user parameter
  • Only manage the sudo rules if both puppetca and puppetrun are enabled

View differences:

manifests/config.pp
foreman_proxy::settings_file { 'tftp': }
foreman_proxy::settings_file { 'realm': }
if $foreman_proxy::use_sudoersd {
if $foreman_proxy::manage_sudoersd {
file { '/etc/sudoers.d':
ensure => directory,
if $foreman_proxy::puppetca or $foreman_proxy::puppetrun {
if $foreman_proxy::use_sudoersd {
if $foreman_proxy::manage_sudoersd {
file { '/etc/sudoers.d':
ensure => directory,
}
}
}
file { '/etc/sudoers.d/foreman-proxy':
ensure => present,
owner => 'root',
group => 'root',
mode => '0440',
content => "${foreman_proxy::user} ALL = NOPASSWD : ${foreman_proxy::puppetca_cmd} *, ${foreman_proxy::puppetrun_cmd} *
Defaults:${foreman_proxy::user} !requiretty\n",
require => File['/etc/sudoers.d'],
}
} else {
augeas { 'sudo-foreman-proxy':
context => '/files/etc/sudoers',
changes => [
"set spec[user = '${foreman_proxy::user}']/user ${foreman_proxy::user}",
"set spec[user = '${foreman_proxy::user}']/host_group/host ALL",
"set spec[user = '${foreman_proxy::user}']/host_group/command[1] '${foreman_proxy::puppetca_cmd} *'",
"set spec[user = '${foreman_proxy::user}']/host_group/command[2] '${foreman_proxy::puppetrun_cmd} *'",
"set spec[user = '${foreman_proxy::user}']/host_group/command[1]/tag NOPASSWD",
"set Defaults[type = ':${foreman_proxy::user}']/type :${foreman_proxy::user}",
"set Defaults[type = ':${foreman_proxy::user}']/requiretty/negate ''",
],
file { '/etc/sudoers.d/foreman-proxy':
ensure => present,
owner => 'root',
group => 'root',
mode => '0440',
content => template('foreman_proxy/sudo.erb'),
require => File['/etc/sudoers.d'],
}
} else {
augeas { 'sudo-foreman-proxy':
context => '/files/etc/sudoers',
changes => template('foreman_proxy/sudo_augeas.erb'),
}
}
}
}

Also available in: Unified diff