From 34328aff1cbb626d4e76893415e205054211c871 Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 4 Oct 2016 20:53:01 +0200 Subject: [PATCH 01/56] add support for multiple private and public keys --- users/init.sls | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/users/init.sls b/users/init.sls index b8dbf9a..099a8f0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -170,35 +170,44 @@ user_keydir_{{ name }}: {% endif %} {% if 'ssh_keys' in user %} - {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} -users_user_{{ name }}_private_key: + {% for _key in user.ssh_keys.keys() %} + {% if _key == 'privkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %} + {% elif _key == 'pubkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %} + {% else %} + {% set key_name = _key %} + {% endif %} +users_{{ name }}_{{ key_name }}_private_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }} + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 600 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:privkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_user_{{ name }}_public_key: +users_{{ name }}_{{ key_name }}_public_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }}.pub + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 644 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:pubkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} + {% endfor %} {% endif %} + {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} users_authorized_keys_{{ name }}: file.managed: From 33287f650f9b3e6961b6edfb7fdf7d154f377995 Mon Sep 17 00:00:00 2001 From: Hatifnatt Date: Thu, 23 Mar 2017 12:19:06 +0300 Subject: [PATCH 02/56] Add ability to specify mode for files and symlinks in user_files --- pillar.example | 5 +++++ users/user_files.sls | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/pillar.example b/pillar.example index 256303a..c9f1cbe 100644 --- a/pillar.example +++ b/pillar.example @@ -119,6 +119,11 @@ users: # should be a salt fileserver path either with or without 'salt://' # if not present, it defaults to 'salt://users/files/user/ source: users/files/default + # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0 + # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save + # execution bit for example. + file_mode: keep + sym_mode: 640 ## Absent user cuser: diff --git a/users/user_files.sls b/users/user_files.sls index 461628b..dc654fe 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -9,6 +9,8 @@ include: {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} +{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} +{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} {%- if user_files.enabled -%} {%- if user_files.source is defined -%} @@ -35,6 +37,12 @@ users_userfiles_{{ username }}_recursive: - user: {{ username }} - group: {{ user_group }} - clean: False + {% if user_files_file_mode -%} + - file_mode: {{ user_files_file_mode }} + {% endif -%} + {% if user_files_sym_mode -%} + - sym_mode: {{ user_files_sym_mode }} + {% endif -%} - include_empty: True - keep_symlinks: True - require: From c98aa35392419d5c3089620e398a8b190dd030a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=A4mer?= Date: Sat, 8 Apr 2017 16:45:17 +0200 Subject: [PATCH 03/56] provide pillar example --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index 220badc..6f65d95 100644 --- a/pillar.example +++ b/pillar.example @@ -50,6 +50,9 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY + # you can provide multiple keys, the keyname is takes as filename + foobar: PRIVATEKEY + foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, # for example one called "ssh_keys": ssh_keys_pillar: From 694fd0de6ddbc5dee0b688f15c0d1d1d0c15c178 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 18 Apr 2017 19:57:18 +0200 Subject: [PATCH 04/56] added feature to create groups and set their gid --- users/init.sls | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/users/init.sls b/users/init.sls index a4f6cba..6bd2c1c 100644 --- a/users/init.sls +++ b/users/init.sls @@ -4,6 +4,16 @@ {% set used_googleauth = [] %} {% set used_user_files = [] %} +{% for group, setting in salt['pillar.get']('groups', {}).iteritems() %} +users_group_{{ setting.get('state', "present") }}_{{ group }}: + group.{{ setting.get('state', "present") }}: + - name: {{ group }} + {%- if setting.get('gid') %} + - gid: {{setting.get('gid') }} + {%- endif %} + - system: {{ setting.get('system',"False") }} +{% endfor %} + {%- for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} {%- if user == None -%} From e4860322834a5f21cadf470a1ebafa3991a6cc17 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 25 Apr 2017 19:29:00 +0200 Subject: [PATCH 05/56] not more need for homedir, if not needed --- users/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/init.sls b/users/init.sls index 6bd2c1c..c8e5136 100644 --- a/users/init.sls +++ b/users/init.sls @@ -89,7 +89,9 @@ users_{{ name }}_user: {% endif %} user.present: - name: {{ name }} + {% if user.get('createhome', True) -%} - home: {{ home }} + {% endif -%} - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }} {% if 'uid' in user -%} - uid: {{ user['uid'] }} From 3f2dc49ad8ce874807c9a95f13f3addc847aedb0 Mon Sep 17 00:00:00 2001 From: Damien Tardy-Panis Date: Wed, 17 Feb 2016 10:25:45 +0100 Subject: [PATCH 06/56] fix gitconfig url insteadOf example Previous example would result in quote escaping problem --- pillar.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 256303a..b11aaf4 100644 --- a/pillar.example +++ b/pillar.example @@ -96,7 +96,7 @@ users: gitconfig: user.name: B User user.email: buser@example.com - url."https://".insteadOf: "git://" + "url.https://.insteadOf": "git://" google_2fa: True google_auth: From 4042641c0957408f686f0255f227dd598277b49c Mon Sep 17 00:00:00 2001 From: Damien Tardy-Panis Date: Tue, 26 Apr 2016 14:26:09 +0200 Subject: [PATCH 07/56] Add support for jinja code in bashrc files. --- users/bashrc.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/bashrc.sls b/users/bashrc.sls index 4d4ca4d..a4fa3f9 100644 --- a/users/bashrc.sls +++ b/users/bashrc.sls @@ -21,7 +21,8 @@ users_{{ name }}_user_bashrc: - user: {{ name }} - group: {{ user_group }} - mode: 644 - - source: + - template: jinja + - source: - salt://users/files/bashrc/{{ name }}/bashrc - salt://users/files/bashrc/bashrc {% endif %} From e9ef94096766f62f221e2617f62ff1364a76b14f Mon Sep 17 00:00:00 2001 From: Gareth Howell Date: Mon, 5 Jun 2017 14:41:53 +0100 Subject: [PATCH 08/56] Added Solaris --- users/map.jinja | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/users/map.jinja b/users/map.jinja index f81acc4..abbe399 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -33,6 +33,17 @@ 'sudo_package': 'sudo', 'googleauth_package': 'pam_google_authenticator', }, + 'Solaris': { + 'sudoers_dir': '/opt/local/etc/sudoers.d', + 'sudoers_file': '/opt/local/etc/sudoers', + 'googleauth_dir': '/opt/local/etc/google_authenticator.d', + 'root_group': 'root', + 'shell': '/bin/bash', + 'visudo_shell': '/bin/bash', + 'bash_package': 'bash', + 'sudo_package': 'sudo', + 'googleauth_package': 'libpam-google-authenticator', + }, 'default': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', From 29d7176040128e38b5caa9eabfb3b9bc4f2f0b9a Mon Sep 17 00:00:00 2001 From: Ashok Raja Date: Mon, 12 Jun 2017 16:50:12 +0530 Subject: [PATCH 09/56] Add support for ssh_auth_sources.absent Fixes: 150 --- pillar.example | 2 ++ users/init.sls | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/pillar.example b/pillar.example index b11aaf4..14e25e8 100644 --- a/pillar.example +++ b/pillar.example @@ -73,6 +73,8 @@ users: # than inline in pillar, this works. ssh_auth_sources: - salt://keys/buser.id_rsa.pub + ssh_auth_sources.absent: + - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED # Manage the ~/.ssh/config file ssh_known_hosts: importanthost: diff --git a/users/init.sls b/users/init.sls index a4f6cba..152e859 100644 --- a/users/init.sls +++ b/users/init.sls @@ -278,6 +278,18 @@ users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: {% endfor %} {% endif %} +{% if 'ssh_auth_sources.absent' in user %} +{% for pubkey_file in user['ssh_auth_sources.absent'] %} +users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: + ssh_auth.absent: + - user: {{ name }} + - source: {{ pubkey_file }} + - require: + - file: users_{{ name }}_user + - user: users_{{ name }}_user +{% endfor %} +{% endif %} + {% if 'ssh_auth.absent' in user %} {% for auth in user['ssh_auth.absent'] %} users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}: From 7c67d72ef05b01b865c04ecc9c2b4c2f6302f24f Mon Sep 17 00:00:00 2001 From: Toby Brain Date: Thu, 22 Sep 2016 10:02:24 +1000 Subject: [PATCH 10/56] Add ability to use templated user files --- users/profile.sls | 1 + users/vimrc.sls | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/users/profile.sls b/users/profile.sls index 55ac8e2..3c30d8c 100644 --- a/users/profile.sls +++ b/users/profile.sls @@ -21,6 +21,7 @@ users_{{ name }}_user_profile: - user: {{ name }} - group: {{ user_group }} - mode: 644 + - template: jinja - source: - salt://users/files/profile/{{ name }}/profile - salt://users/files/profile/profile diff --git a/users/vimrc.sls b/users/vimrc.sls index 5404738..f4d008a 100644 --- a/users/vimrc.sls +++ b/users/vimrc.sls @@ -22,7 +22,8 @@ users_{{ name }}_user_vimrc: - user: {{ name }} - group: {{ user_group }} - mode: 644 - - source: + - template: jinja + - source: - salt://users/files/vimrc/{{ name }}/vimrc - salt://users/files/vimrc/vimrc {% endif %} From 9c6e829e1e0029699ab32d21a165a8f4464b4eec Mon Sep 17 00:00:00 2001 From: Ashok Raja Date: Fri, 16 Jun 2017 13:18:18 +0530 Subject: [PATCH 11/56] Replace periods in username with underscores Fixing the conflict and sending a new pull request Fixes #118 Duplicate of #120 --- users/init.sls | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/users/init.sls b/users/init.sls index 152e859..3d31967 100644 --- a/users/init.sls +++ b/users/init.sls @@ -354,12 +354,13 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}: {% endfor %} {% endif %} +{% set sudoers_d_filename = name|replace('.','_') %} {% if 'sudouser' in user and user['sudouser'] %} users_sudoer-{{ name }}: file.managed: - replace: False - - name: {{ users.sudoers_dir }}/{{ name }} + - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }} - user: root - group: {{ users.root_group }} - mode: '0440' @@ -398,7 +399,7 @@ users_sudoer-{{ name }}: users_{{ users.sudoers_dir }}/{{ name }}: file.managed: - replace: True - - name: {{ users.sudoers_dir }}/{{ name }} + - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }} - contents: | {%- if 'sudo_defaults' in user %} {%- for entry in user['sudo_defaults'] %} @@ -419,14 +420,14 @@ users_{{ users.sudoers_dir }}/{{ name }}: - file: users_sudoer-defaults - file: users_sudoer-{{ name }} cmd.wait: - - name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 ) + - name: visudo -cf {{ users.sudoers_dir }}/{{ sudoers_d_filename }} || ( rm -rvf {{ users.sudoers_dir }}/{{ sudoers_d_filename }}; exit 1 ) - watch: - - file: {{ users.sudoers_dir }}/{{ name }} + - file: {{ users.sudoers_dir }}/{{ sudoers_d_filename }} {% endif %} {% else %} -users_{{ users.sudoers_dir }}/{{ name }}: +users_{{ users.sudoers_dir }}/{{ sudoers_d_filename }}: file.absent: - - name: {{ users.sudoers_dir }}/{{ name }} + - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }} {% endif %} {%- if 'google_auth' in user %} From 8f4bbf58f1605a68c1a6d2ab9d22f6c59cf69158 Mon Sep 17 00:00:00 2001 From: Ashok Raja R Date: Fri, 7 Jul 2017 22:51:48 +0530 Subject: [PATCH 12/56] Fixing Conflicting ID Fixing my previous change which errors in a particular scenario. Error: Conflicting ID 'users_ssh_auth_source_username_0' when keys are added and removed simultaneously. --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 3d31967..0f3cd70 100644 --- a/users/init.sls +++ b/users/init.sls @@ -280,7 +280,7 @@ users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: {% if 'ssh_auth_sources.absent' in user %} {% for pubkey_file in user['ssh_auth_sources.absent'] %} -users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: +users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}: ssh_auth.absent: - user: {{ name }} - source: {{ pubkey_file }} From 23c5df213046ba29af544ad5c690f75d3737c158 Mon Sep 17 00:00:00 2001 From: Silvio Kunaschk Date: Sun, 9 Jul 2017 16:06:17 +0200 Subject: [PATCH 13/56] fixed insertion of multiple authorized keys via ssh_auth_pillar --- users/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 3d31967..0e5d413 100644 --- a/users/init.sls +++ b/users/init.sls @@ -217,8 +217,9 @@ users_authorized_keys_{{ name }}: {{ auth }} {% endfor -%} {% else %} + - contents: | {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} - - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey + {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} {%- endfor %} {% endif %} {% endif %} From 3320299e70aefff06bc0cb68f7e12f4c95b46a31 Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Tue, 4 Jul 2017 23:46:43 +0200 Subject: [PATCH 14/56] (Re-)enable pillar users-formula:lookup --- pillar.example | 4 ++++ users/map.jinja | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 14e25e8..c1520b7 100644 --- a/pillar.example +++ b/pillar.example @@ -1,3 +1,7 @@ +users-formula: + lookup: # override the defauls in map.jinja + root_group: root + users: ## Minimal required pillar values auser: diff --git a/users/map.jinja b/users/map.jinja index f81acc4..289f966 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -44,4 +44,4 @@ 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', }, -}, merge=salt['pillar.get']('users:lookup')) %} +}, merge=salt['pillar.get']('users-formula:lookup')) %} From 17cbdc44a6b868f47d55f5bd23b2e5cf501874d0 Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Wed, 12 Jul 2017 16:56:57 +0200 Subject: [PATCH 15/56] Added users-formula to README.rst --- README.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.rst b/README.rst index 543a712..47d0464 100644 --- a/README.rst +++ b/README.rst @@ -51,3 +51,19 @@ This depends on the vim-formula to be installed. --------------- Permits the abitrary management of files. See pillar.example for configuration details. + +Overriding default values +========================= + +In order to separate actual user account definitions from configuration the pillar `users-formula` was introduced: + +```yaml +users: + myuser: + # stuff + +users-formula: + lookup: + root_group: toor + shell: '/bin/zsh' +``` From 886f6afc18caf2553c038b0533f09c221bf9833a Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Wed, 12 Jul 2017 16:58:53 +0200 Subject: [PATCH 16/56] fixed code block in README.rst --- README.rst | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.rst b/README.rst index 47d0464..346780e 100644 --- a/README.rst +++ b/README.rst @@ -57,13 +57,12 @@ Overriding default values In order to separate actual user account definitions from configuration the pillar `users-formula` was introduced: -```yaml -users: - myuser: - # stuff +.. code-bock:: yaml + users: + myuser: + # stuff -users-formula: - lookup: - root_group: toor - shell: '/bin/zsh' -``` + users-formula: + lookup: + root_group: toor + shell: '/bin/zsh' From 0b705e327ece676ef8c6edb1f44106dbd221fedb Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Wed, 12 Jul 2017 17:00:13 +0200 Subject: [PATCH 17/56] fixed code block in README.rst --- README.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/README.rst b/README.rst index 346780e..d7b17f5 100644 --- a/README.rst +++ b/README.rst @@ -58,6 +58,7 @@ Overriding default values In order to separate actual user account definitions from configuration the pillar `users-formula` was introduced: .. code-bock:: yaml + users: myuser: # stuff From f005617cd12fa2cb051e3072bde160a95c899763 Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Wed, 12 Jul 2017 17:03:31 +0200 Subject: [PATCH 18/56] fixed code block in README.rst --- README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index d7b17f5..43e32fd 100644 --- a/README.rst +++ b/README.rst @@ -55,9 +55,9 @@ Permits the abitrary management of files. See pillar.example for configuration d Overriding default values ========================= -In order to separate actual user account definitions from configuration the pillar `users-formula` was introduced: +In order to separate actual user account definitions from configuration the pillar ``users-formula`` was introduced: -.. code-bock:: yaml +.. code-block:: yaml users: myuser: From 48416398e3d4e68b9c164c055bb434773bda71bd Mon Sep 17 00:00:00 2001 From: Hatifnatt Date: Thu, 27 Jul 2017 04:29:47 +0300 Subject: [PATCH 19/56] Change False to None in user_files to be closer to Salt default values. --- users/user_files.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/users/user_files.sls b/users/user_files.sls index dc654fe..eb01202 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -9,8 +9,8 @@ include: {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} -{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} -{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} +{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), None) -%} +{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), None) -%} {%- if user_files.enabled -%} {%- if user_files.source is defined -%} @@ -37,10 +37,10 @@ users_userfiles_{{ username }}_recursive: - user: {{ username }} - group: {{ user_group }} - clean: False - {% if user_files_file_mode -%} + {% if user_files_file_mode is not None -%} - file_mode: {{ user_files_file_mode }} {% endif -%} - {% if user_files_sym_mode -%} + {% if user_files_sym_mode is not None -%} - sym_mode: {{ user_files_sym_mode }} {% endif -%} - include_empty: True From 335bc3109575c361999edf2cced44356a943703e Mon Sep 17 00:00:00 2001 From: Hatifnatt Date: Thu, 27 Jul 2017 16:27:44 +0300 Subject: [PATCH 20/56] 'None' works in an unexpected way. Reverting back to 'False'. This reverts commit 48416398e3d4e68b9c164c055bb434773bda71bd. --- users/user_files.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/users/user_files.sls b/users/user_files.sls index eb01202..dc654fe 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -9,8 +9,8 @@ include: {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} -{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), None) -%} -{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), None) -%} +{%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} +{%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} {%- if user_files.enabled -%} {%- if user_files.source is defined -%} @@ -37,10 +37,10 @@ users_userfiles_{{ username }}_recursive: - user: {{ username }} - group: {{ user_group }} - clean: False - {% if user_files_file_mode is not None -%} + {% if user_files_file_mode -%} - file_mode: {{ user_files_file_mode }} {% endif -%} - {% if user_files_sym_mode is not None -%} + {% if user_files_sym_mode -%} - sym_mode: {{ user_files_sym_mode }} {% endif -%} - include_empty: True From 72ef35fdfa38bc0d930c5ab64bc8e101953fdc7d Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Mon, 7 Aug 2017 00:14:53 +0200 Subject: [PATCH 21/56] Added sudoonly switch. Usage implies setting sudouser to True --- users/init.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/init.sls b/users/init.sls index 0f3cd70..488e533 100644 --- a/users/init.sls +++ b/users/init.sls @@ -9,6 +9,9 @@ {%- if user == None -%} {%- set user = {} -%} {%- endif -%} +{%- if 'sudoonly' in user and user['sudoonly'] %} +{%- set _dummy=user.update({'sudouser': True}) %} +{%- endif %} {%- if 'sudouser' in user and user['sudouser'] %} {%- do used_sudo.append(1) %} {%- endif %} @@ -47,6 +50,7 @@ include: {%- set user_group = name -%} {%- endif %} +{%- if not ( 'sudoonly' in user and user['sudoonly'] ) %} {% for group in user.get('groups', []) %} users_{{ name }}_{{ group }}_group: group.present: @@ -353,6 +357,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}: - name: {{ host }} {% endfor %} {% endif %} +{% endif %} {% set sudoers_d_filename = name|replace('.','_') %} {% if 'sudouser' in user and user['sudouser'] %} From 4da9b00e75bed2ef5a7a371e62620df5934493aa Mon Sep 17 00:00:00 2001 From: Jerry van Leeuwen Date: Thu, 21 Sep 2017 20:30:29 -0700 Subject: [PATCH 22/56] Add 'template' support to 'user_files' (#159) * Add support for 'template' in 'user_files' * Fix-up wrong nesting level for template value * Small quality improvement for push upstream. * Consistency improvement for variable name --- pillar.example | 1 + users/user_files.sls | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index db93f1f..95de009 100644 --- a/pillar.example +++ b/pillar.example @@ -125,6 +125,7 @@ users: # should be a salt fileserver path either with or without 'salt://' # if not present, it defaults to 'salt://users/files/user/ source: users/files/default + template: jinja # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0 # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save # execution bit for example. diff --git a/users/user_files.sls b/users/user_files.sls index dc654fe..874f0c2 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -9,6 +9,7 @@ include: {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} +{%- set user_files_template = salt['pillar.get'](('users:' ~ username ~ ':user_files:template'), None) -%} {%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} {%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} {%- if user_files.enabled -%} @@ -36,6 +37,9 @@ users_userfiles_{{ username }}_recursive: - source: {{ file_source }} - user: {{ username }} - group: {{ user_group }} + {%- if user_files_template is not None -%} + - template: {{ user_files_template }} + {%- endif -%} - clean: False {% if user_files_file_mode -%} - file_mode: {{ user_files_file_mode }} From 6993e2398fd1d9a92cc9618428e6a1a203c4d68d Mon Sep 17 00:00:00 2001 From: Jerry van Leeuwen Date: Fri, 22 Sep 2017 15:01:25 -0700 Subject: [PATCH 23/56] Broken conditional and lack of line spacing --- users/user_files.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/user_files.sls b/users/user_files.sls index 874f0c2..af81e96 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -37,9 +37,9 @@ users_userfiles_{{ username }}_recursive: - source: {{ file_source }} - user: {{ username }} - group: {{ user_group }} - {%- if user_files_template is not None -%} + {% if user_files_template -%} - template: {{ user_files_template }} - {%- endif -%} + {% endif -%} - clean: False {% if user_files_file_mode -%} - file_mode: {{ user_files_file_mode }} From ac1f334a43178744734b9961f6c690dd9fea9730 Mon Sep 17 00:00:00 2001 From: Silvio Kunaschk Date: Sun, 24 Sep 2017 12:16:43 +0200 Subject: [PATCH 24/56] corrected saltversioninfo check expression --- users/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/init.sls b/users/init.sls index f910ea3..9b6f1ac 100644 --- a/users/init.sls +++ b/users/init.sls @@ -462,7 +462,7 @@ users_googleauth-{{ svc }}-{{ name }}: {% if 'gitconfig' in user %} {% for key, value in user['gitconfig'].items() %} users_{{ name }}_user_gitconfig_{{ loop.index0 }}: - {% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} + {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} git.config_set: {% else %} git.config: @@ -470,7 +470,7 @@ users_{{ name }}_user_gitconfig_{{ loop.index0 }}: - name: {{ key }} - value: "{{ value }}" - user: {{ name }} - {% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} + {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} - global: True {% else %} - is_global: True From c78516f8e0db042e3c09a5cc39e3a31113ad882c Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 26 Sep 2017 14:49:45 +0200 Subject: [PATCH 25/56] i don't know what made me do this, maybe brainlag --- users/init.sls | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/users/init.sls b/users/init.sls index 099a8f0..a1bb4a0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -178,7 +178,7 @@ user_keydir_{{ name }}: {% else %} {% set key_name = _key %} {% endif %} -users_{{ name }}_{{ key_name }}_private_key: +users_{{ name }}_{{ key_name }}_key: file.managed: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} @@ -191,19 +191,6 @@ users_{{ name }}_{{ key_name }}_private_key: {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_{{ name }}_{{ key_name }}_public_key: - file.managed: - - name: {{ home }}/.ssh/{{ key_name }} - - user: {{ name }} - - group: {{ user_group }} - - mode: 644 - - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - - require: - - user: users_{{ name }}_user - {% for group in user.get('groups', []) %} - - group: users_{{ name }}_{{ group }}_group - {% endfor %} {% endfor %} {% endif %} From d8d20176295f88489a50d8b5091582ac4e5006ab Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Thu, 28 Sep 2017 08:22:25 +0200 Subject: [PATCH 26/56] adjust file permissions of public ssh-keys --- pillar.example | 3 ++- users/init.sls | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 6f65d95..b0024d2 100644 --- a/pillar.example +++ b/pillar.example @@ -50,7 +50,8 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY - # you can provide multiple keys, the keyname is takes as filename + # you can provide multiple keys, the keyname is taken as filename + # make sure your public keys suffix is .pub foobar: PRIVATEKEY foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, diff --git a/users/init.sls b/users/init.sls index a1bb4a0..96d733e 100644 --- a/users/init.sls +++ b/users/init.sls @@ -183,7 +183,11 @@ users_{{ name }}_{{ key_name }}_key: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} + {% if key_name.endswith(".pub") %} + - mode: 644 + {% else %} - mode: 600 + {% endif %} - show_diff: False - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: From fdc5ceae2c074c0b381eed5fe456f72d83771d91 Mon Sep 17 00:00:00 2001 From: Karsten Kosmala Date: Sun, 3 Dec 2017 14:46:52 +0100 Subject: [PATCH 27/56] Use correct pillar to set users homephone --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index a33d206..0206ba3 100644 --- a/users/init.sls +++ b/users/init.sls @@ -116,7 +116,7 @@ users_{{ name }}_user: - workphone: {{ user['workphone'] }} {% endif %} {% if 'homephone' in user %} - - homephone: {{ user['workphone'] }} + - homephone: {{ user['homephone'] }} {% endif %} {% if not user.get('createhome', True) %} - createhome: False From 1dfef1130362b7c45c32f64fc7fe9b565743dd07 Mon Sep 17 00:00:00 2001 From: Konstantin Nikolaev Date: Wed, 14 Feb 2018 13:08:09 +0700 Subject: [PATCH 28/56] Support "salt://path_to_keyname" ssh_key definition in users."user name".ssh_keys."privkey|pubkey" pillar data --- users/init.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/init.sls b/users/init.sls index 0206ba3..8297317 100644 --- a/users/init.sls +++ b/users/init.sls @@ -194,7 +194,12 @@ users_{{ name }}_{{ key_name }}_key: - mode: 600 {% endif %} - show_diff: False + {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %} + {%- if 'salt://' in key_value[:7] %} + - source: {{ key_value }} + {%- else %} - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} + {%- endif %} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} From 1c8e6c7c30d2815a12bf870c675b78f535fd791c Mon Sep 17 00:00:00 2001 From: Konstantin Nikolaev Date: Wed, 14 Feb 2018 13:12:58 +0700 Subject: [PATCH 29/56] Fix docs --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index df81335..f3b20b9 100644 --- a/pillar.example +++ b/pillar.example @@ -57,6 +57,9 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY + # or you can provide path to key on Salt fileserver + privkey: salt://path_to_PRIVATEKEY + pubkey: salt://path_to_PUBLICKEY # you can provide multiple keys, the keyname is taken as filename # make sure your public keys suffix is .pub foobar: PRIVATEKEY From 43c4707d2a62defb4829571903314409fe7c41d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= Date: Fri, 23 Feb 2018 15:51:34 +0100 Subject: [PATCH 30/56] Do not try to run git config when git is not available The state will not fail gracefully, instead you will get an error like this one: ID: users_rhertzog_user_gitconfig_0 Function: git.config_set Name: alias.br Result: False Comment: State 'git.config_set' was not found in SLS 'users' Reason: 'git' __virtual__ returned False Changes: And since pillar data can't be (easily) tuned according to minion's status, we really need this check here. My tests with Salt 2017.7.3 have shown that cmd.has_exec() is reliable for this, contrary the what the comment was implying. --- users/init.sls | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/users/init.sls b/users/init.sls index 0206ba3..aa9adf4 100644 --- a/users/init.sls +++ b/users/init.sls @@ -446,10 +446,6 @@ users_googleauth-{{ svc }}-{{ name }}: {%- endfor %} {%- endif %} -# -# if not salt['cmd.has_exec']('git') -# fails even if git is installed -# # this doesn't work (Salt bug), therefore need to run state.apply twice #include: # - users @@ -460,6 +456,7 @@ users_googleauth-{{ svc }}-{{ name }}: # - sls: users # {% if 'gitconfig' in user %} +{% if salt['cmd.has_exec']('git') %} {% for key, value in user['gitconfig'].items() %} users_{{ name }}_user_gitconfig_{{ loop.index0 }}: {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} @@ -477,6 +474,7 @@ users_{{ name }}_user_gitconfig_{{ loop.index0 }}: {% endif %} {% endfor %} {% endif %} +{% endif %} {% endfor %} From ad10ec4d94db5b808cb37065f2c73958bcc8c1b6 Mon Sep 17 00:00:00 2001 From: noelmcloughlin Date: Fri, 16 Mar 2018 23:32:46 +0000 Subject: [PATCH 31/56] corrected users handling on Darwin --- users/map.jinja | 16 ++++++++++++++++ users/sudo.sls | 1 + 2 files changed, 17 insertions(+) diff --git a/users/map.jinja b/users/map.jinja index 5b365ac..fcc573b 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -1,5 +1,16 @@ # vim: sts=2 ts=2 sw=2 et ai + {% set users = salt['grains.filter_by']({ + 'MacOS': { + 'sudoers_dir': '/etc/sudoers.d', + 'sudoers_file': '/etc/sudoers', + 'googleauth_dir': '/etc/google_authenticator.d', + 'shell': '/bin/bash', + 'visudo_shell': '/bin/bash', + 'bash_package': 'bash', + 'sudo_package': 'sudo', + 'googleauth_package': 'google-authenticator-libpam', + }, 'Debian': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', @@ -56,3 +67,8 @@ 'googleauth_package': 'libpam-google-authenticator', }, }, merge=salt['pillar.get']('users-formula:lookup')) %} + +{% if grains.os == 'MacOS' %} + {% set group = salt['cmd.run']("stat -f '%Sg' /dev/console") %} + {% do users.update({'root_group': group,}) %} +{% endif %} diff --git a/users/sudo.sls b/users/sudo.sls index 092d004..e87acbb 100644 --- a/users/sudo.sls +++ b/users/sudo.sls @@ -11,6 +11,7 @@ users_sudo-package: - name: {{ users.sudo_package }} - require: - file: {{ users.sudoers_dir }} + - unless: test "`uname`" = "Darwin" users_{{ users.sudoers_dir }}: file.directory: From c8922bfdb52dab167f1b4e7bcfe43da2a2641c9f Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Fri, 23 Mar 2018 13:42:11 +0100 Subject: [PATCH 32/56] [init] add makedirs to home directory creation --- users/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/users/init.sls b/users/init.sls index 0206ba3..8600d61 100644 --- a/users/init.sls +++ b/users/init.sls @@ -63,6 +63,7 @@ users_{{ name }}_user: - user: {{ user.get('homedir_owner', name) }} - group: {{ user.get('homedir_group', user_group) }} - mode: {{ user.get('user_dir_mode', '0750') }} + - makedirs: True - require: - user: users_{{ name }}_user - group: {{ user_group }} From ad2ddd0265c9e087f7f397e64dff854791ca11f2 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Thu, 14 Jun 2018 20:12:13 +0200 Subject: [PATCH 33/56] Added short docs for options --- pillar.example | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index df81335..262ed33 100644 --- a/pillar.example +++ b/pillar.example @@ -29,6 +29,9 @@ users: manage_bashrc: False manage_profile: False expire: 16426 + # Disables user management except sudo rules. + # Useful for setting sudo rules for system accounts created by package instalation + sudoonly: False sudouser: True # sudo_rules doesn't need the username as a prefix for the rule # this is added automatically by the formula. @@ -121,6 +124,8 @@ users: 33333333 44444444 55555555 + # unique: True allows user to have non unique uid + unique: False uid: 1001 user_files: From f7dfd1f47b6c85dfa51fbec43746e8b8a0e04d82 Mon Sep 17 00:00:00 2001 From: N Date: Tue, 12 Jun 2018 18:02:57 +0100 Subject: [PATCH 34/56] Dont force vim-formula on users --- README.rst | 2 +- pillar.example | 1 + users/defaults.yaml | 6 ++++++ users/map.jinja | 20 ++++++++++++-------- users/vimrc.sls | 5 +++++ 5 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 users/defaults.yaml diff --git a/README.rst b/README.rst index 43e32fd..39f9cf7 100644 --- a/README.rst +++ b/README.rst @@ -45,7 +45,7 @@ True' in pillar per user. Defaults to False. Ensures the vimrc file exists in the users home directory. Sets 'manage_vimrc: True' in pillar per user. Defaults to False. -This depends on the vim-formula to be installed. +This depends on the vim-formula being available and pillar `users:use_vim_formula: True`. ``users.user_files`` --------------- diff --git a/pillar.example b/pillar.example index df81335..80d28dd 100644 --- a/pillar.example +++ b/pillar.example @@ -1,4 +1,5 @@ users-formula: + use_vim_formula: True lookup: # override the defauls in map.jinja root_group: root diff --git a/users/defaults.yaml b/users/defaults.yaml new file mode 100644 index 0000000..b23d0fb --- /dev/null +++ b/users/defaults.yaml @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml + +users-formula: + use_vim_formula: False + diff --git a/users/map.jinja b/users/map.jinja index fcc573b..c5b3507 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -1,6 +1,8 @@ # vim: sts=2 ts=2 sw=2 et ai -{% set users = salt['grains.filter_by']({ +{% set users = salt['grains.filter_by']( + defaults, + merge=salt['grains.filter_by']({ 'MacOS': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', @@ -10,7 +12,7 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'google-authenticator-libpam', - }, + }, 'Debian': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', @@ -21,7 +23,7 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', - }, + }, 'Gentoo': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', @@ -32,7 +34,7 @@ 'bash_package': 'app-shells/bash', 'sudo_package': 'app-admin/sudo', 'googleauth_package': 'libpam-google-authenticator', - }, + }, 'FreeBSD': { 'sudoers_dir': '/usr/local/etc/sudoers.d', 'sudoers_file': '/usr/local/etc/sudoers', @@ -43,7 +45,7 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'pam_google_authenticator', - }, + }, 'Solaris': { 'sudoers_dir': '/opt/local/etc/sudoers.d', 'sudoers_file': '/opt/local/etc/sudoers', @@ -54,7 +56,7 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', - }, + }, 'default': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', @@ -65,8 +67,10 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', - }, -}, merge=salt['pillar.get']('users-formula:lookup')) %} + }, + }, merge=salt['pillar.get']('users-formula:lookup')), + base='users', +) %} {% if grains.os == 'MacOS' %} {% set group = salt['cmd.run']("stat -f '%Sg' /dev/console") %} diff --git a/users/vimrc.sls b/users/vimrc.sls index f4d008a..d8a378d 100644 --- a/users/vimrc.sls +++ b/users/vimrc.sls @@ -1,4 +1,7 @@ {% from "users/map.jinja" import users with context %} + +{% if users.use_vim_formula %} + include: - users - vim @@ -28,3 +31,5 @@ users_{{ name }}_user_vimrc: - salt://users/files/vimrc/vimrc {% endif %} {% endfor %} + +{% endif %} From c062a34603a3ff35e805c51c93a74d762fca6358 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Thu, 21 Jun 2018 17:01:01 +0200 Subject: [PATCH 35/56] [users/users_files] add exclude_pat to user files (closes #178) --- pillar.example | 1 + users/user_files.sls | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index df81335..9bcb9ea 100644 --- a/pillar.example +++ b/pillar.example @@ -135,6 +135,7 @@ users: # execution bit for example. file_mode: keep sym_mode: 640 + exclude_pat: "*.gitignore" ## Absent user cuser: diff --git a/users/user_files.sls b/users/user_files.sls index af81e96..5fd3fb2 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -12,6 +12,7 @@ include: {%- set user_files_template = salt['pillar.get'](('users:' ~ username ~ ':user_files:template'), None) -%} {%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} {%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} +{%- set user_files_exclude_pat = salt['pillar.get'](('users:' ~ username ~ ':user_files:exclude_pat'), False) -%} {%- if user_files.enabled -%} {%- if user_files.source is defined -%} @@ -47,6 +48,9 @@ users_userfiles_{{ username }}_recursive: {% if user_files_sym_mode -%} - sym_mode: {{ user_files_sym_mode }} {% endif -%} + {% if user_files_exclude_pat -%} + - exclude_pat: {{ user_files_exclude_pat }} + {% endif -%} - include_empty: True - keep_symlinks: True - require: From d528e16c5cee269a4f759c67140d02fe25a0bdd7 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Thu, 21 Jun 2018 18:22:24 +0200 Subject: [PATCH 36/56] [users/users_files] use quotes for exclude_pat --- users/user_files.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/user_files.sls b/users/user_files.sls index 5fd3fb2..c66ca40 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -49,7 +49,7 @@ users_userfiles_{{ username }}_recursive: - sym_mode: {{ user_files_sym_mode }} {% endif -%} {% if user_files_exclude_pat -%} - - exclude_pat: {{ user_files_exclude_pat }} + - exclude_pat: "{{ user_files_exclude_pat }}" {% endif -%} - include_empty: True - keep_symlinks: True From 52ba531d63fdfad3fdd0bf0a49d2e4936a07aca7 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Tue, 10 Jul 2018 15:51:10 +0200 Subject: [PATCH 37/56] [users] add a prereq for createhome to handle the case of an absent subfolder Fixes #181 --- users/init.sls | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/users/init.sls b/users/init.sls index 015790a..4b790a8 100644 --- a/users/init.sls +++ b/users/init.sls @@ -60,6 +60,16 @@ users_{{ name }}_{{ group }}_group: {% endif %} {% endfor %} +{# in case home subfolder doesn't exist, create it before the user exists #} +{% if user.get('createhome', True) %} +users_{{ name }}_user_prereq: + file.directory: + - name: {{ home }} + - makedirs: True + - prereq: + - user: users_{{ name }}_user +{%- endif %} + users_{{ name }}_user: {% if user.get('createhome', True) %} file.directory: From 944e9044193c104aa265d86d924e9b55da41d370 Mon Sep 17 00:00:00 2001 From: Philippe Pepiot Date: Tue, 17 Jul 2018 18:03:04 +0200 Subject: [PATCH 38/56] Fix default behavior of copying /etc/skel when creating home directory Since https://github.com/saltstack-formulas/users-formula/pull/182 the home directory was created by salt which prevent "adduser" behavior to copy /etc/skel in newly created directory. Ensure the parent directory of the home dir is existing instead. --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 4b790a8..62c94df 100644 --- a/users/init.sls +++ b/users/init.sls @@ -64,7 +64,7 @@ users_{{ name }}_{{ group }}_group: {% if user.get('createhome', True) %} users_{{ name }}_user_prereq: file.directory: - - name: {{ home }} + - name: {{ salt['file.dirname'](home) }} - makedirs: True - prereq: - user: users_{{ name }}_user From 197d6ee56157c7f1c980fde1fc9ae8ea6d6c3f53 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sun, 22 Jul 2018 17:12:05 +0200 Subject: [PATCH 39/56] add import defaults.yaml --- users/map.jinja | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/map.jinja b/users/map.jinja index c5b3507..3349b3b 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -1,5 +1,9 @@ # vim: sts=2 ts=2 sw=2 et ai +{# import defaults.yaml as defaults #} +{% import_yaml 'users/defaults.yaml' as defaults %} + +{# set Os-family specific settings #} {% set users = salt['grains.filter_by']( defaults, merge=salt['grains.filter_by']({ From ed02fbc678dbfbe59c0494eae8cc3ad8ef3cdd6d Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Fri, 24 Aug 2018 15:22:00 +0200 Subject: [PATCH 40/56] fix iteritems --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 8f41527..3f50158 100644 --- a/users/init.sls +++ b/users/init.sls @@ -4,7 +4,7 @@ {% set used_googleauth = [] %} {% set used_user_files = [] %} -{% for group, setting in salt['pillar.get']('groups', {}).iteritems() %} +{% for group, setting in salt['pillar.get']('groups', {}).items() %} users_group_{{ setting.get('state', "present") }}_{{ group }}: group.{{ setting.get('state', "present") }}: - name: {{ group }} From 8e33bb8aa94985ee52ffc9806a25e2adb74506ca Mon Sep 17 00:00:00 2001 From: Damien Tardy-Panis Date: Wed, 17 Feb 2016 11:35:29 +0100 Subject: [PATCH 41/56] Add possibility to remove user's git config keys --- pillar.example | 4 ++++ users/init.sls | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 9b0471e..aff4c26 100644 --- a/pillar.example +++ b/pillar.example @@ -115,6 +115,10 @@ users: user.email: buser@example.com "url.https://.insteadOf": "git://" + gitconfig.absent: + - push.default + - color\..+ + google_2fa: True google_auth: ssh: | diff --git a/users/init.sls b/users/init.sls index 3f50158..4e019b9 100644 --- a/users/init.sls +++ b/users/init.sls @@ -491,8 +491,9 @@ users_googleauth-{{ svc }}-{{ name }}: # - require_in: # - sls: users # -{% if 'gitconfig' in user %} {% if salt['cmd.has_exec']('git') %} + +{% if 'gitconfig' in user %} {% for key, value in user['gitconfig'].items() %} users_{{ name }}_user_gitconfig_{{ loop.index0 }}: {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} @@ -510,6 +511,18 @@ users_{{ name }}_user_gitconfig_{{ loop.index0 }}: {% endif %} {% endfor %} {% endif %} + +{% if 'gitconfig.absent' in user and grains['saltversioninfo'] >= [2015, 8, 0, 0] %} +{% for key in user.get('gitconfig.absent') %} +users_{{ name }}_user_gitconfig_absent_{{ key }}: + git.config_unset: + - name: '{{ key }}' + - user: {{ name }} + - global: True + - all: True +{% endfor %} +{% endif %} + {% endif %} {% endfor %} From 4bc00d4d62b37a957cb415a6d1343f4e49c68dd5 Mon Sep 17 00:00:00 2001 From: Heinz Wiesinger Date: Tue, 13 Dec 2016 14:58:28 +0100 Subject: [PATCH 42/56] Replace "hash_hostname" with "hash_known_hosts". The former is deprecated since Carbon. --- users/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/init.sls b/users/init.sls index 3f50158..4fd8c90 100644 --- a/users/init.sls +++ b/users/init.sls @@ -375,8 +375,8 @@ users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}: {% if 'enc' in host %} - enc: {{ host['enc'] }} {% endif -%} - {% if 'hash_hostname' in host %} - - hash_hostname: {{ host['hash_hostname'] }} + {% if 'hash_known_hosts' in host %} + - hash_known_hosts: {{ host['hash_known_hosts'] }} {% endif -%} {% endfor %} {% endif %} From 3b911cc9cb015e984ef012e2eb02467c17333a31 Mon Sep 17 00:00:00 2001 From: Sean Molenaar Date: Fri, 17 Nov 2017 14:30:00 +0100 Subject: [PATCH 43/56] Add default setting for ssh known hosts fingerprint hash type --- users/init.sls | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/init.sls b/users/init.sls index 4fd8c90..e5cc820 100644 --- a/users/init.sls +++ b/users/init.sls @@ -378,6 +378,12 @@ users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}: {% if 'hash_known_hosts' in host %} - hash_known_hosts: {{ host['hash_known_hosts'] }} {% endif -%} + {% if 'timeout' in host %} + - timeout: {{ host['timeout'] }} + {% endif -%} + {% if 'fingerprint_hash_type' in host %} + - fingerprint_hash_type: {{ host['fingerprint_hash_type'] }} + {% endif -%} {% endfor %} {% endif %} From 49a337184d33ae497b29937820cf0aeb0483d2b8 Mon Sep 17 00:00:00 2001 From: Heinz Wiesinger Date: Thu, 6 Sep 2018 11:31:34 +0200 Subject: [PATCH 44/56] Add pillar examples for ssh_known_hosts config. --- pillar.example | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pillar.example b/pillar.example index 9b0471e..e94a47e 100644 --- a/pillar.example +++ b/pillar.example @@ -93,7 +93,13 @@ users: # Manage the ~/.ssh/config file ssh_known_hosts: importanthost: + port: 22 fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 + key: PUBLICKEY + enc: ssh-rsa + hash_known_hosts: True + timeout: 5 + fingerprint_hash_type: sha256 ssh_known_hosts.absent: - notimportanthost ssh_config: From b89b62d35c8a40f1b84eb1611f9d7f453defbb85 Mon Sep 17 00:00:00 2001 From: N Date: Wed, 3 Oct 2018 16:35:06 +0100 Subject: [PATCH 45/56] Allow state to update the gid --- pillar.example | 2 ++ users/defaults.yaml | 3 +++ users/init.sls | 3 +++ 3 files changed, 8 insertions(+) diff --git a/pillar.example b/pillar.example index 5f0095d..abd7b50 100644 --- a/pillar.example +++ b/pillar.example @@ -9,6 +9,7 @@ users: fullname: A User ## Full list of pillar values + allow_gid_change: False buser: fullname: B User password: $6$w............. @@ -27,6 +28,7 @@ users: workphone: "(555) 555-5555" homephone: "(555) 555-5551" manage_vimrc: False + allow_gid_change: True manage_bashrc: False manage_profile: False expire: 16426 diff --git a/users/defaults.yaml b/users/defaults.yaml index b23d0fb..09a0dd9 100644 --- a/users/defaults.yaml +++ b/users/defaults.yaml @@ -4,3 +4,6 @@ users-formula: use_vim_formula: False +users: + allow_gid_change: True + diff --git a/users/init.sls b/users/init.sls index 33c9448..4ceca7f 100644 --- a/users/init.sls +++ b/users/init.sls @@ -151,6 +151,9 @@ users_{{ name }}_user: {% if not user.get('unique', True) %} - unique: False {% endif %} + {%- if grains['saltversioninfo'] >= [2018, 3, 1] %} + - allow_gid_change: {{ users.allow_gid_change if 'allow_gid_change' not in user else user['allow_gid_change'] }} + {%- endif %} {% if 'expire' in user -%} {% if grains['kernel'].endswith('BSD') and user['expire'] < 157766400 %} From ae2a63e8994e50c1448bdb46bfeaaa1d424c6d9b Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Tue, 6 Nov 2018 18:04:15 +0100 Subject: [PATCH 46/56] [users/init] use dir_mode in addition to mode To get it to work with RHEL7 with salt 2018.x --- users/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/users/init.sls b/users/init.sls index 4ceca7f..9c474b4 100644 --- a/users/init.sls +++ b/users/init.sls @@ -199,6 +199,7 @@ user_keydir_{{ name }}: - group: {{ user_group }} - makedirs: True - mode: 700 + - dir_mode: 700 - require: - user: {{ name }} - group: {{ user_group }} From 0ad7d0764e4b63778fff2fe36b4c80665fc0e766 Mon Sep 17 00:00:00 2001 From: Michael Zabriskie Date: Fri, 4 Jan 2019 10:56:49 -0700 Subject: [PATCH 47/56] support password expiration --- users/init.sls | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/users/init.sls b/users/init.sls index 9c474b4..844cfd8 100644 --- a/users/init.sls +++ b/users/init.sls @@ -167,6 +167,18 @@ users_{{ name }}_user: - expire: {{ user['expire'] }} {% endif %} {% endif -%} + {% if 'mindays' in user %} + - mindays: {{ user.get('mindays', None) }} + {% endif %} + {% if 'maxdays' in user %} + - maxdays: {{ user.get('maxdays', None) }} + {% endif %} + {% if 'inactdays' in user %} + - inactdays: {{ user.get('inactdays', None) }} + {% endif %} + {% if 'warndays' in user %} + - warndays: {{ user.get('warndays', None) }} + {% endif %} - remove_groups: {{ user.get('remove_groups', 'False') }} - groups: - {{ user_group }} From 6ed440b66a7bf8285598b0c3702c76db7391a842 Mon Sep 17 00:00:00 2001 From: Jessy Date: Mon, 14 Jan 2019 14:48:04 +0100 Subject: [PATCH 48/56] reworked "createhome" (variable, passwd entry & issue #164) --- users/init.sls | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/users/init.sls b/users/init.sls index 844cfd8..ee06d21 100644 --- a/users/init.sls +++ b/users/init.sls @@ -53,6 +53,7 @@ include: {%- endif -%} {%- set current = salt.user.info(name) -%} {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} +{%- set createhome = user.get('createhome', True) -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} @@ -71,7 +72,7 @@ users_{{ name }}_{{ group }}_group: {% endfor %} {# in case home subfolder doesn't exist, create it before the user exists #} -{% if user.get('createhome', True) %} +{% if createhome -%} users_{{ name }}_user_prereq: file.directory: - name: {{ salt['file.dirname'](home) }} @@ -81,7 +82,7 @@ users_{{ name }}_user_prereq: {%- endif %} users_{{ name }}_user: - {% if user.get('createhome', True) %} + {% if createhome -%} file.directory: - name: {{ home }} - user: {{ user.get('homedir_owner', name) }} @@ -104,9 +105,7 @@ users_{{ name }}_user: {% endif %} user.present: - name: {{ name }} - {% if user.get('createhome', True) -%} - home: {{ home }} - {% endif -%} - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }} {% if 'uid' in user -%} - uid: {{ user['uid'] }} @@ -145,7 +144,7 @@ users_{{ name }}_user: {% if 'homephone' in user %} - homephone: {{ user['homephone'] }} {% endif %} - {% if not user.get('createhome', True) %} + {% if not createhome -%} - createhome: False {% endif %} {% if not user.get('unique', True) %} @@ -325,7 +324,9 @@ users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: - user: {{ name }} - source: {{ pubkey_file }} - require: + {% if createhome -%} - file: users_{{ name }}_user + {% endif -%} - user: users_{{ name }}_user {% endfor %} {% endif %} @@ -337,7 +338,9 @@ users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}: - user: {{ name }} - source: {{ pubkey_file }} - require: + {% if createhome -%} - file: users_{{ name }}_user + {% endif -%} - user: users_{{ name }}_user {% endfor %} {% endif %} @@ -349,7 +352,9 @@ users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}: - user: {{ name }} - name: {{ auth }} - require: + {% if createhome -%} - file: users_{{ name }}_user + {% endif -%} - user: users_{{ name }}_user {% endfor %} {% endif %} From fd25c3e4a444dd8133e14011b6309d8a7ccb13a9 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 17 Jan 2019 13:32:08 +0100 Subject: [PATCH 49/56] incorporated change suggestions --- users/defaults.yaml | 1 + users/init.sls | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/users/defaults.yaml b/users/defaults.yaml index 09a0dd9..2b69c19 100644 --- a/users/defaults.yaml +++ b/users/defaults.yaml @@ -6,4 +6,5 @@ users-formula: users: allow_gid_change: True + createhome: True diff --git a/users/init.sls b/users/init.sls index ee06d21..696ccbd 100644 --- a/users/init.sls +++ b/users/init.sls @@ -53,7 +53,7 @@ include: {%- endif -%} {%- set current = salt.user.info(name) -%} {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} -{%- set createhome = user.get('createhome', True) -%} +{%- set createhome = user.get('createhome') -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} @@ -144,9 +144,7 @@ users_{{ name }}_user: {% if 'homephone' in user %} - homephone: {{ user['homephone'] }} {% endif %} - {% if not createhome -%} - - createhome: False - {% endif %} + - createhome: {{ createhome }} {% if not user.get('unique', True) %} - unique: False {% endif %} From 634deacc73081f282736707af22fb53cfee30cbe Mon Sep 17 00:00:00 2001 From: Jessy Date: Thu, 17 Jan 2019 13:36:01 +0100 Subject: [PATCH 50/56] incorporated change suggestions --- users/defaults.yaml | 1 + users/init.sls | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/users/defaults.yaml b/users/defaults.yaml index 09a0dd9..2b69c19 100644 --- a/users/defaults.yaml +++ b/users/defaults.yaml @@ -6,4 +6,5 @@ users-formula: users: allow_gid_change: True + createhome: True diff --git a/users/init.sls b/users/init.sls index ee06d21..696ccbd 100644 --- a/users/init.sls +++ b/users/init.sls @@ -53,7 +53,7 @@ include: {%- endif -%} {%- set current = salt.user.info(name) -%} {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} -{%- set createhome = user.get('createhome', True) -%} +{%- set createhome = user.get('createhome') -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} @@ -144,9 +144,7 @@ users_{{ name }}_user: {% if 'homephone' in user %} - homephone: {{ user['homephone'] }} {% endif %} - {% if not createhome -%} - - createhome: False - {% endif %} + - createhome: {{ createhome }} {% if not user.get('unique', True) %} - unique: False {% endif %} From d0e46154532cc6e1f88e45389623bca5e4827a8a Mon Sep 17 00:00:00 2001 From: Lukas Resch Date: Fri, 22 Feb 2019 10:15:55 +0100 Subject: [PATCH 51/56] added OpenBSD data --- users/map.jinja | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/users/map.jinja b/users/map.jinja index 3349b3b..e366f72 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -50,6 +50,17 @@ 'sudo_package': 'sudo', 'googleauth_package': 'pam_google_authenticator', }, + 'OpenBSD': { + 'sudoers_dir': '/etc/sudoers.d', + 'sudoers_file': '/etc/sudoers', + 'googleauth_dir': '/etc/google_authenticator.d', + 'root_group': 'wheel', + 'shell': '/bin/csh', + 'visudo_shell': '/usr/local/bin/bash', + 'bash_package': 'bash', + 'sudo_package': 'sudo', + 'googleauth_package': 'pam_google_authenticator', + }, 'Solaris': { 'sudoers_dir': '/opt/local/etc/sudoers.d', 'sudoers_file': '/opt/local/etc/sudoers', From 7845013a39ce3620dd639bb3af1da3d05d562a15 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Mar 2019 11:53:59 +0100 Subject: [PATCH 52/56] groups: support `absent` like for users. Also remove warning for passing unknown arguments on group.absent --- users/init.sls | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/users/init.sls b/users/init.sls index 696ccbd..8804b6c 100644 --- a/users/init.sls +++ b/users/init.sls @@ -5,13 +5,17 @@ {% set used_user_files = [] %} {% for group, setting in salt['pillar.get']('groups', {}).items() %} -users_group_{{ setting.get('state', "present") }}_{{ group }}: - group.{{ setting.get('state', "present") }}: +{% if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %} +users_group_absent_{{ group }}: + group.absent: - name: {{ group }} - {%- if setting.get('gid') %} - - gid: {{setting.get('gid') }} - {%- endif %} +{% else %} +users_group_present_{{ group }}: + group.present: + - name: {{ group }} + - gid: {{ setting.get('gid') }} - system: {{ setting.get('system',"False") }} +{% endif %} {% endfor %} {%- for name, user in pillar.get('users', {}).items() From b69bef3cd1af3a6fe3cc71d1885d7150ebfb3055 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Mar 2019 11:55:56 +0100 Subject: [PATCH 53/56] group: add pillar example --- pillar.example | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pillar.example b/pillar.example index abd7b50..424f602 100644 --- a/pillar.example +++ b/pillar.example @@ -169,3 +169,10 @@ users: absent_users: - donald - bad_guy + +groups: + badguys: + absent: True + niceguys: + gid: 4242 + system: False From def8f53932cf9aa500bc334d635792e94cac2bbc Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Mar 2019 11:58:57 +0100 Subject: [PATCH 54/56] group: add support for members members, addusers, delusers, and in pillar examples --- pillar.example | 7 +++++++ users/init.sls | 3 +++ 2 files changed, 10 insertions(+) diff --git a/pillar.example b/pillar.example index 424f602..467e8dd 100644 --- a/pillar.example +++ b/pillar.example @@ -176,3 +176,10 @@ groups: niceguys: gid: 4242 system: False + addusers: root + delusers: toor + ssl-cert: + system: True + members: + - www-data + - openldap diff --git a/users/init.sls b/users/init.sls index 8804b6c..8af84d5 100644 --- a/users/init.sls +++ b/users/init.sls @@ -15,6 +15,9 @@ users_group_present_{{ group }}: - name: {{ group }} - gid: {{ setting.get('gid') }} - system: {{ setting.get('system',"False") }} + - members: {{ setting.get('members')|json }} + - addusers: {{ setting.get('addusers')|json }} + - delusers: {{ setting.get('delusers')|json }} {% endif %} {% endfor %} From c128b1ea286716a2ff6b1db4c2b17d3fddf3e303 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 7 Mar 2019 14:38:54 +0100 Subject: [PATCH 55/56] gid: default to "null" using `|json` would let the state get an error if gid is a string, as it would not be converted. Using directly the `None` yaml value, and letting numbers as string be converted by yaml parser. --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 8af84d5..068d3f6 100644 --- a/users/init.sls +++ b/users/init.sls @@ -13,7 +13,7 @@ users_group_absent_{{ group }}: users_group_present_{{ group }}: group.present: - name: {{ group }} - - gid: {{ setting.get('gid') }} + - gid: {{ setting.get('gid', "null") }} - system: {{ setting.get('system',"False") }} - members: {{ setting.get('members')|json }} - addusers: {{ setting.get('addusers')|json }} From ba61e9b7f16fcb79b199293f6ff9888c9b0fed93 Mon Sep 17 00:00:00 2001 From: Meng Chen Date: Mon, 29 Apr 2019 14:39:19 +0800 Subject: [PATCH 56/56] add example of groups init --- pillar.example | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pillar.example b/pillar.example index abd7b50..31902dc 100644 --- a/pillar.example +++ b/pillar.example @@ -3,6 +3,13 @@ users-formula: lookup: # override the defauls in map.jinja root_group: root +# group initialization +groups: + foo: + state: present + gid: 500 + system: False + users: ## Minimal required pillar values auser: