start of sudoers formula

This commit is contained in:
Kenneth Wilke 2013-08-20 16:32:58 -05:00
parent d9f1a84b78
commit 8eb95cfcda
4 changed files with 100 additions and 0 deletions

28
pillar.example Normal file
View File

@ -0,0 +1,28 @@
sudoers:
users:
johndoe: 'ALL=(ALL) ALL'
groups:
sudo: 'ALL=(ALL) NOPASSWD: ALL'
defaults:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
aliases:
hosts:
- WEBSERVERS:
- www1
- www2
- www3
users:
- ADMINS:
- millert
- dowdy
- mikef
commands:
- PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
#include: /etc/sudoers.d

43
sudoers/files/sudoers Normal file
View File

@ -0,0 +1,43 @@
{% set sudoers = pillar.get('sudoers', {}) %}
{% set defaults = sudoers.get('defaults', []) %}
{% set aliases = sudoers.get('aliases', {}) %}
{% set host_aliases = aliases.get('host', []) %}
{% set user_aliases = aliases.get('user', []) %}
{% set cmnd_aliases = aliases.get('commands', []) %}
{% set runas_aliases = aliases.get('runas', []) %}
{% set users = sudoers.get('users', {}) %}
{% set groups = sudoers.get('groups', {}) %}
{% set includedir = sudoers.get('includedir', None) %}
#
# This file is managed by salt
#
{% for default in defaults -%}
Defaults {{ default }}
{%- endfor %}
# Host alias specification
{% for default in defaults -%}
Defaults {{ default }}
{%- endfor %}
# User alias specification
{{ user_aliases }}
# Cmnd alias specification
{{ cmnd_aliases }}
# Runas alias specification
{{ runas_aliases }}
# User privilege specification
{{ users }}
# Group privilege specification
{{ groups }}
{% if includes %}
includedir {{ includedir }}
{% else %}
#includedir /etc/sudoers.d
{% endif %}

15
sudoers/init.sls Normal file
View File

@ -0,0 +1,15 @@
{% from "sudoers/package-map.jinja" import pkgs with context %}
sudo:
pkg.installed:
- name: {{ pkg.sudo }}
/etc/sudoers
file.managed:
- user: root
- group: root
- mode: 440
- template: jinja
- source: salt://sudoers/files/sudoers
- require:
- pkg: sudo

14
sudoers/package-map.jinja Normal file
View File

@ -0,0 +1,14 @@
{% set package_table = {
'Debian': {'sudo': 'sudo'},
'Ubuntu': {'sudo': 'sudo'},
'CentOS': {'sudo': 'sudo'},
'Fedora': {'sudo': 'sudo'},
'RedHat': {'sudo': 'sudo'},
'Gentoo': {'sudo': 'app-admin/sudo'}
} %}
{% if 'package_table' in pillar %}
{% set pkgs = pillar['package_table'] %}
{% elif grains['os'] in package_table %}
{% set pkgs = package_table[grains['os']] %}
{% endif %}