Add support FreeBSD using map.jinja (Tested on Freebsd10)

This commit is contained in:
root 2014-05-30 12:20:13 +09:00
parent 39d89a01fa
commit 8417c6c888
3 changed files with 47 additions and 15 deletions

View File

@ -1,3 +1,6 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
include:
- users.sudo
@ -126,24 +129,24 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}:
file.managed:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
- user: root
- group: root
- group: {{ users.root_group }}
- mode: '0440'
{% if 'sudo_rules' in user %}
{% for rule in user['sudo_rules'] %}
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
cmd.run:
- name: 'visudo -cf - <<<"$rule"'
- shell: /bin/bash
- shell: {{ users.visudo_shell }}
- env:
# Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}"
- require_in:
- file: /etc/sudoers.d/{{ name }}
- file: {{ users.sudoers_dir }}{{ name }}
{% endfor %}
/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.managed:
- contents: |
{%- for rule in user['sudo_rules'] %}
@ -154,9 +157,9 @@ sudoer-{{ name }}:
- file: sudoer-{{ name }}
{% endif %}
{% else %}
/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.absent:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
{% endif %}
{% endfor %}
@ -174,17 +177,17 @@ sudoer-{{ name }}:
{% else %}
user.absent
{% endif -%}
/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.absent:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
{% endfor %}
{% for user in pillar.get('absent_users', []) %}
{{ user }}:
user.absent
/etc/sudoers.d/{{ user }}:
{{ users.sudoers_dir }}{{ user }}:
file.absent:
- name: /etc/sudoers.d/{{ user }}
- name: {{ users.sudoers_dir }}{{ user }}
{% endfor %}
{% for group in pillar.get('absent_groups', []) %}

21
users/map.jinja Normal file
View File

@ -0,0 +1,21 @@
# vim: sts=2 ts=2 sw=2 et ai
{% set users = salt['grains.filter_by']({
'Debian': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d/',
'sudoers_file': '/usr/local/etc/sudoers',
'root_group': 'wheel',
'visudo_shell': '/usr/local/bin/bash',
},
'default': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
}, merge=salt['pillar.get']('users:lookup')) %}

View File

@ -1,3 +1,11 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
#Support bash in FreeBSD
bash:
pkg:
- installed
sudo:
group:
- present
@ -6,18 +14,18 @@ sudo:
- installed
- require:
- group: sudo
- file: /etc/sudoers.d
- file: {{ users.sudoers_dir }}
/etc/sudoers.d:
{{ users.sudoers_dir }}:
file:
- directory
sudoer-defaults:
file.append:
- name: /etc/sudoers
- name: {{ users.sudoers_file }}
- require:
- pkg: sudo
- text:
- Defaults env_reset
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- '#includedir /etc/sudoers.d'
- '#includedir {{ users.sudoers_dir }}'