jtimberman / puppet
watch download tarball
public
Forks1Right
Watchers3Right
Description: Public Puppet Configuration by The SANS Institute
Homepage:
Clone URL: git://github.com/jtimberman/puppet.git 
updated md3000
Joshua Timberman (author)
Wed Jun 18 08:46:57 -0700 2008
commit  8b5a3069e8469e319b8a477246f8f06925bc3bba
tree    0f2ffc8b426c1008cc91fce4da7a721185624d7a
parent  0bbbf42e5fbbf9291c840ba3bfc5983067f1b51b
puppet / users / manifests / people.pp
100644 67 lines (66 sloc) 2.134 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# class users::people
# we separate this out because it is long from having all the useraccount define
# calls.
class users::people { # this class virtually calls the user:account define.
    # first set some defaults based on whether this node is openbsd or centos.
    $group  = $operatingsystem ? {
        centos => "root",
        redhat => "root",
        openbsd => "wheel",
        default => "root",
    }   
    # we should get bash installed on openbsd systems elsewhere, but just
    # in case:
    $shell  = $operatingsystem ? {
        centos => "/bin/bash",
        redhat => "/bin/bash",
        openbsd => "/usr/local/bin/bash",
        default => "/bin/bash",
    }
    # We use /home as the default "home" filesystem.
    # TODO: maybe this should be handled through a define, instead.
    # we set the group here based on the default group by platform above.
    $homefs = "/home"
    file { $homefs:
        ensure  => directory,
        owner   => "root",
        group   => $group,
        mode    => 2755
    }
    # These are the NOC users.
    # use uids 500-509 for noc users.
    @useraccount { "someuser":
        ensure   => "present",
        uid      => "500",
        pgroup   => "wheel",
        groups   => ["users"],
        fullname => "Some User",
        homefs   => $homefs,
        shell    => $shell,
    }
    # These are the Web/database users.
    # use uids 510-529 for web users.
    @useraccount { "webguy1":
        ensure   => "present",
        uid      => "510",
        pgroup   => "htdocs",
        groups   => ["wwwcron"],
        fullname => "Web Guy One",
        homefs   => $homefs,
        shell    => "/bin/bash",
    }
}
# class users::database 
# Override the primary group for virtual web users to mysql.
# Make these virtual users real.
class users::database inherits users::people {
    Useraccount["webguy1"] {
        pgroup => "mysql",
        groups => "users",
        require => Group["mysql"],
    }
    Useraccount <| pgroup == mysql |>
}
# vim modeline - have 'set modeline' and 'syntax on' in your ~/.vimrc.
# vi:syntax=puppet:filetype=puppet:ts=4:et:
# EOF