Puppet Class: sudo::sudoldap

Defined in:
modules/sudo/manifests/sudoldap.pp

Overview



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# File 'modules/sudo/manifests/sudoldap.pp', line 1

class sudo::sudoldap
{
    # this cannot be used in Debian buster
    requires_os('debian < buster')

    # this assert is here only because it was before in the form of realm if branch.
    # This class only makes sense in CloudVPS anyway
    requires_realm('labs')

    # This hack is necessary because sudo-ldap can only be installed
    #  if SUDO_FORCE_REMOVE is set.  Puppet doesn't allow passing
    #  in an environment to a normal package resource.
    # Perhaps this is no longer required in modern Debian versions
    exec {'install sudo-ldap':
        command     => '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install sudo-ldap',
        environment => 'SUDO_FORCE_REMOVE=yes',
        onlyif      => '/usr/bin/apt-cache policy sudo-ldap | /bin/grep -q "Installed: (none)"',
    }

    package { 'sudo-ldap':
        ensure  => installed,
        require => Exec['install sudo-ldap'],
    }

    file { '/etc/sudoers':
        ensure  => present,
        mode    => '0440',
        owner   => 'root',
        group   => 'root',
        source  => 'puppet:///modules/sudo/sudoers',
        require => Package[sudo-ldap],
    }
}