Defined Type: admin::user
- Defined in:
- modules/admin/manifests/user.pp
Overview
WARNING: this is designed to NOT play well with local modifications.
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'modules/admin/manifests/user.pp', line 26
define admin::user (
Wmflib::Ensure $ensure = present,
Optional[Integer] $uid = undef,
Optional[Integer] $gid = undef,
Array[String] $groups = [],
String $comment = '',
String $shell = '/bin/bash',
Optional[Array[String]] $privileges = undef,
Array[String] $ssh_keys = [],
Variant[Enum['none'],Stdlib::Unixpath] $home_dir = "/home/${name}",
) {
include admin
# Add special hack for /nonexistent dir
# By default managehome is controlled at the class level so we
# can ensure all users for a specific role, profile, host are
# all configured the same regardless of this parameter we still
# sync files below from modules/admin/files/home/${user}
$managehome = $home_dir ? {
'/nonexistent' => false,
'none' => false,
default => $admin::managehome,
}
$_home_dir = $home_dir ? {
'none' => '/nonexistent',
default => $home_dir,
}
user { $name:
ensure => $ensure,
name => $name,
uid => $uid,
comment => $comment,
gid => $gid,
groups => [],
shell => $shell,
home => $_home_dir,
allowdupe => false,
managehome => $managehome,
}
# This is all absented by the above /home/${user} cleanup
# Puppet chokes if we try to absent subfiles to /home/${user}
if $ensure == 'present' and $_home_dir != '/nonexistent' {
file { $_home_dir:
ensure => stdlib::ensure($ensure, 'directory'),
source => [
"puppet:///modules/admin/home/${name}/",
'puppet:///modules/admin/home/skel/',
],
sourceselect => 'first',
recurse => 'remote',
mode => '0644',
owner => $name,
group => $gid,
force => true,
}
}
# /etc/ssh/userkey is recursively-managed,
# automatically purged, so user keys not defined
# (as resource) will be automatically dropped.
if !empty($ssh_keys) {
ssh::userkey { $name:
ensure => $ensure,
content => join($ssh_keys, "\n"),
}
}
if !empty($privileges) {
sudo::user { $name:
ensure => $ensure,
privileges => $privileges,
}
}
}
|