1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# File 'modules/sudo/manifests/sudoldap.pp', line 1
class sudo::sudoldap
{
# this cannot be used in Debian buster
debian::codename::require::max('stretch')
# this assert is here only because it was before in the form of realm if branch.
# This class only makes sense in CloudVPS anyway
requires_realm('labs')
# This hack is necessary because sudo-ldap can only be installed
# if SUDO_FORCE_REMOVE is set. Puppet doesn't allow passing
# in an environment to a normal package resource.
# Perhaps this is no longer required in modern Debian versions
exec {'install sudo-ldap':
command => '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install sudo-ldap',
environment => 'SUDO_FORCE_REMOVE=yes',
onlyif => '/usr/bin/apt-cache policy sudo-ldap | /bin/grep -q "Installed: (none)"',
}
package { 'sudo-ldap':
ensure => installed,
require => Exec['install sudo-ldap'],
}
file { '/etc/sudoers':
ensure => present,
mode => '0440',
owner => 'root',
group => 'root',
source => 'puppet:///modules/sudo/sudoers',
require => Package[sudo-ldap],
validate_cmd => '/usr/sbin/visudo -c -f %'
}
}
|