Merge branch 'release/0.8.0' into production

.ruby-version

@@ -1 +1 @@
-2.1.0
+2.1.10

Gemfile.lock

@@ -1,16 +1,20 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.2.8)
-    artii (2.1.1)
-    awesome_print (1.6.1)
+    activesupport (4.2.8)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    artii (2.1.2)
+    awesome_print (1.7.0)
     configatron (3.2.0)
     deep_merge (1.0.1)
     diff-lcs (1.2.5)
-    diffy (3.0.7)
-    facter (2.4.4)
-      CFPropertyList (~> 2.2.6)
-    falkorlib (0.5.9)
+    diffy (3.2.0)
+    facter (2.4.6)
+    falkorlib (0.7.7)
+      activesupport (~> 4.0)
       artii (>= 2.1)
       awesome_print (~> 1.2)
       configatron (~> 3.2)
@@ -25,23 +29,26 @@ GEM
       rake (~> 10.1, >= 10.1.0)
       term-ansicolor (~> 1.3)
       thor (>= 0.19)
+      thor-zsh_completion
     git_remote_branch (0.3.8)
     hiera (2.0.0)
       json_pure
-    json (1.8.3)
+    i18n (0.8.1)
+    json (1.8.6)
     json_pure (1.8.2)
     license-generator (0.4.1)
       thor
     logger (1.2.8)
     minigit (0.0.4)
+    minitest (5.10.2)
     puppet (4.0.0)
       facter (> 2.0, < 4)
       hiera (>= 2.0, < 3)
       json_pure
     puppet-lint (1.1.0)
     puppet-syntax (2.0.0)
       rake
-    rake (10.4.2)
+    rake (10.5.0)
     rspec (3.2.0)
       rspec-core (~> 3.2.0)
       rspec-expectations (~> 3.2.0)
@@ -57,10 +64,14 @@ GEM
     rspec-puppet (2.1.0)
       rspec
     rspec-support (3.2.2)
-    term-ansicolor (1.3.0)
+    term-ansicolor (1.6.0)
       tins (~> 1.0)
-    thor (0.19.1)
-    tins (1.5.2)
+    thor (0.19.4)
+    thor-zsh_completion (0.1.2)
+    thread_safe (0.3.6)
+    tins (1.13.3)
+    tzinfo (1.2.3)
+      thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
@@ -72,3 +83,6 @@ DEPENDENCIES
   puppet-lint (>= 0.3.2)
   puppet-syntax
   rspec-puppet
+
+BUNDLED WITH
+   1.14.6

README.md

@@ -1,41 +1,42 @@
 -*- mode: markdown; mode: visual-line;  -*-
 
-# Sysadmins Puppet Module 
+# Sysadmins Puppet Module
 
 [![Puppet Forge](http://img.shields.io/puppetforge/v/ULHPC/sysadmins.svg)](https://forge.puppetlabs.com/ULHPC/sysadmins)
 [![License](http://img.shields.io/:license-GPL3.0-blue.svg)](LICENSE)
 ![Supported Platforms](http://img.shields.io/badge/platform-debian-lightgrey.svg)
 [![Documentation Status](https://readthedocs.org/projects/ulhpc-puppet-sysadmins/badge/?version=latest)](https://readthedocs.org/projects/ulhpc-puppet-sysadmins/?badge=latest)
+[![By ULHPC](https://img.shields.io/badge/by-ULHPC-blue.svg)](http://hpc.uni.lu)
 
 Configuration of a single system administrator account (localadmin by default) attached to (potentially) several  users
 
-      Copyright (c) 2015 UL HPC Team aka. S. Varrette, H. Cartiaux, V. Plugaru, S. Diehl <hpc-sysadmins@uni.lu>
-      
+      Copyright (c) 2015-2017 UL HPC Devops Team <hpc-sysadmins@uni.lu>
+      aka. S. Varrette, H. Cartiaux, V. Plugaru, S. Diehl and C. Parisot
 
 | [Project Page](https://github.com/ULHPC/puppet-sysadmins) | [Sources](https://github.com/ULHPC/puppet-sysadmins) | [Documentation](https://ulhpc-puppet-sysadmins.readthedocs.org/en/latest/) | [Issues](https://github.com/ULHPC/puppet-sysadmins/issues) |
 
 ## Synopsis
 
-This puppet module configures a single system administrator account (`localadmin` by default) attached to (potentially) several users for which one or more SSH keys can be configured. 
+This puppet module configures a single system administrator account (`localadmin` by default) attached to (potentially) several users for which one or more SSH keys can be configured.
 
-This module implements the following elements: 
+This module implements the following elements:
 
 * __Puppet classes__:
-    - `sysadmins` 
-    - `sysadmins::common` 
-    - `sysadmins::common::debian`: specific implementation under Debian 
-    - `sysadmins::common::redhat`: specific implementation under Redhat-like system 
-    - `sysadmins::params`:  module parameters 
+    - `sysadmins`
+    - `sysadmins::common`
+    - `sysadmins::common::debian`: specific implementation under Debian
+    - `sysadmins::common::redhat`: specific implementation under Redhat-like system
+    - `sysadmins::params`:  module parameters
 
 All these components are configured through a set of variables you will find in
-[`manifests/params.pp`](manifests/params.pp). 
+[`manifests/params.pp`](manifests/params.pp).
 
 _Note_: the various operations that can be conducted from this repository are piloted from a [`Rakefile`](https://github.com/ruby/rake) and assumes you have a running [Ruby](https://www.ruby-lang.org/en/) installation.
-See `docs/contributing.md` for more details on the steps you shall follow to have this `Rakefile` working properly. 
+See `docs/contributing.md` for more details on the steps you shall follow to have this `Rakefile` working properly.
 
 ## Dependencies
 
-See [`metadata.json`](metadata.json). In particular, this module depends on 
+See [`metadata.json`](metadata.json). In particular, this module depends on
 
 * [puppetlabs/stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib)
 * [puppetlabs/concat](https://forge.puppetlabs.com/puppetlabs/concat)
@@ -48,13 +49,13 @@ See [`metadata.json`](metadata.json). In particular, this module depends on
 ### Class `sysadmins`
 
 This is the main class defined in this module.
-It accepts the following parameters: 
+It accepts the following parameters:
 
 * `$ensure`: default to 'present', can be 'absent'
 * `$login`: the actual login used for the local sysadmin account
   - _Default_: `localadmin`
 * `$email`: redirect all mails sent to the sysadmin account to this email address
-* `$purge_ssh_keys`: whether to purge the authorized_keys files or not 
+* `$purge_ssh_keys`: whether to purge the authorized_keys files or not
 * `$filter_access`: whether or not to prevent access to the sysadmin account for non-registered users (via `~<login>/.sysadminrc`)
    - _Default_: true
 * `$users`:  hash of the users authorized to connect to the  local sysadmin account _i.e._ the real users (system administrators). The format of each entry is as follows:
@@ -81,7 +82,7 @@ Use it as follows:
           ssh_keys       => hiera_hash('sysadmins::ssh_keys', {}),
           purge_ssh_keys => true,
 	  }
-		 
+
 Example hiera YAML file (see also [`tests/hiera/common.yaml`](tests/hiera/common.yaml)):
 
 ```yaml
@@ -122,7 +123,7 @@ sysadmins::ssh_keys:
     type: ssh-rsa
     public: HY0wAAAIBF...
 ```
-	
+
 See also [`tests/init.pp`](tests/init.pp)
 
 This will create the `localadmin` account. In the example above, the `~localadmin/.ssh/authorized_keys` holds the SSH keys of only `svarrette` and `hcartiaux` users as they are the ones listed in `sysadmins::users`. Example:
@@ -136,7 +137,7 @@ This will create the `localadmin` account. In the example above, the `~localadmi
 	   environment="SYSADMIN_USER=svarrette" ssh-dss AAAAB3NzaC1kc3MA... svarrette@falkor.uni.lux-on-localadmin
 
 As you can notice, the special environment variable `SYSADMIN_USER` is set.
-It is used to eventually restrict the access to the `localadmin` account (see `~localadmin/.sysadminrc`). 
+It is used to eventually restrict the access to the `localadmin` account (see `~localadmin/.sysadminrc`).
 
 ## Librarian-Puppet / R10K Setup
 
@@ -146,29 +147,29 @@ You can of course configure the sysadmins module in your `Puppetfile` to make it
      # Modules from the Puppet Forge
      mod "ULHPC/sysadmins"
 
-or, if you prefer to work on the git version: 
+or, if you prefer to work on the git version:
 
-     mod "ULHPC/sysadmins", 
+     mod "ULHPC/sysadmins",
          :git => 'https://github.com/ULHPC/puppet-sysadmins',
-         :ref => 'production' 
+         :ref => 'production'
 
 ## Issues / Feature request
 
-You can submit bug / issues / feature request using the [ULHPC/sysadmins Puppet Module Tracker](https://github.com/ULHPC/puppet-sysadmins/issues). 
+You can submit bug / issues / feature request using the [ULHPC/sysadmins Puppet Module Tracker](https://github.com/ULHPC/puppet-sysadmins/issues).
 
-## Developments / Contributing to the code 
+## Developments / Contributing to the code
 
-If you want to contribute to the code, you shall be aware of the way this module is organized. 
+If you want to contribute to the code, you shall be aware of the way this module is organized.
 These elements are detailed on [`docs/contributing.md`](contributing/index.md).
 
-You are more than welcome to contribute to its development by [sending a pull request](https://help.github.com/articles/using-pull-requests). 
+You are more than welcome to contribute to its development by [sending a pull request](https://help.github.com/articles/using-pull-requests).
 
 ## Puppet modules tests within a Vagrant box
 
 The best way to test this module in a non-intrusive way is to rely on [Vagrant](http://www.vagrantup.com/).
 The `Vagrantfile` at the root of the repository pilot the provisioning various vagrant boxes available on [Vagrant cloud](https://atlas.hashicorp.com/boxes/search?utf8=%E2%9C%93&sort=&provider=virtualbox&q=svarrette) you can use to test this module.
 
-See [`docs/vagrant.md`](vagrant.md) for more details. 
+See [`docs/vagrant.md`](vagrant.md) for more details.
 
 ## Online Documentation
 

Vagrantfile

@@ -11,8 +11,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     # (nearly) All below boxes were generated using [vagrant-vms](https://github.com/Falkor/vagrant-vms/)
     {
         :centos_7 => {
-            :box => "svarrette/centos-7",
-            :url => "https://atlas.hashicorp.com/svarrette/boxes/centos-7"
+            :box => "svarrette/centos-7-puppet",
+            :url => "https://atlas.hashicorp.com/svarrette/boxes/centos-7-puppet"
         },
         :debian_7 => {
             :box     => "svarrette/debian-7-puppet",
@@ -24,8 +24,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
         config.vm.define boxname, :autostart => (! cfg[:primary].nil?), :primary => cfg[:primary] do |local|
             #local.vm.primary = true if cfg[:primary]
             local.vm.box = cfg[:box]
-            config.vm.box_check_update = false
             local.vm.host_name = ENV['VAGRANT_HOSTNAME'] || name.to_s.downcase.gsub(/_/, '-').concat(".vagrant.com")
+            #config.vm.box_check_update = false
             local.vm.provision "shell", path: ".vagrant_init.rb"
             # local.vm.provision :puppet do |puppet|
             #     puppet.hiera_config_path = 'data/hiera.yaml'

docs/index.md

@@ -6,6 +6,7 @@
 [![License](http://img.shields.io/:license-GPL3.0-blue.svg)](LICENSE)
 ![Supported Platforms](http://img.shields.io/badge/platform-debian-lightgrey.svg)
 [![Documentation Status](https://readthedocs.org/projects/ulhpc-puppet-sysadmins/badge/?version=latest)](https://readthedocs.org/projects/ulhpc-puppet-sysadmins/?badge=latest)
+[![By ULHPC](https://img.shields.io/badge/by-ULHPC-blue.svg)](http://hpc.uni.lu)
 
       Copyright (c) 2015 UL HPC Team aka. S. Varrette, H. Cartiaux, V. Plugaru, S. Diehl <hpc-sysadmins@uni.lu>
 

manifests/common.pp

@@ -17,7 +17,7 @@
 
     ############# VARIABLES ###########
     # sysadmin user homedir
-    $homedir = "${sysadmins::params::homebasedir}/${sysadmins::login}"
+    $homedir = "${sysadmins::homebasedir}/${sysadmins::login}"
     # main configuration file for sysadmin
     $sysadminrc = "${homedir}/${sysadmins::params::configfile}"
     # Merge default groups with the provided onces
@@ -82,7 +82,6 @@
         "),
     }
 
-
     # initialize the configuration file
     concat { $sysadminrc:
         owner   => $sysadmins::login,
@@ -132,6 +131,47 @@
         }
     }
 
+    # Create an entry for ${sysadmins::login} in /etc/aliases
+    $mail_list = parseyaml(inline_template('<%= scope.lookupvar("sysadmins::users").collect { |k,v| v["email"] unless v["email"].nil? }.to_yaml %>'))
+
+    mailalias { $::sysadmins::login:
+        ensure    => $::sysadmins::ensure,
+        recipient => $mail_list,
+    }
+    # mailalias { "root":
+    #     ensure    => $::sysadmins::ensure,
+    #     recipient => $mail_list,
+    # }
+
+
+    # # Update the root entry by adapting the current list (from the custom fact -- see
+    # # modules/common/lib/facter/mail_aliases.rb)
+    # $current_root_maillist = split($::mail_aliases_root, ',')
+
+    # $tmp_root_maillist = array_include($current_root_maillist, $sysadmin::login) ? {
+    #     false   => [ $sysadmin::login, $current_root_maillist ],
+    #     default => $current_root_maillist
+    # }
+
+    # # TODO: removal DO NOT work. TO BE FIXED
+    # $real_root_maillist = $sysadmin::ensure ? {
+    #     'present' => $tmp_root_maillist,
+    #     # remove ${sysadmin::login} from root mail entries if ensure != present
+    #     default   => array_del(flatten(uniq($tmp_root_maillist)), $sysadmin::login)
+    # }
+
+    # mailalias { 'root':
+    #     ensure    => $sysadmin::ensure,
+    #     recipient => uniq(flatten($real_root_maillist)),
+    #     require   => Mailalias[$sysadmin::login]
+    # }
+
+
+
+
+
+    # $current_root_maillist = split($::mail_aliases_root, ',')
+    # notice("root mail = ${current_root_maillist}")
 
 
 }

manifests/init.pp

@@ -42,6 +42,7 @@
 class sysadmins(
     $ensure         = $sysadmins::params::ensure,
     $login          = $sysadmins::params::login,
+    $homebasedir    = $sysadmins::params::homebasedir,
     $email          = $sysadmins::params::email,
     $purge_ssh_keys = $sysadmins::params::purge_ssh_keys,
     $filter_access  = $sysadmins::params::filter_access,
@@ -67,6 +68,3 @@
         }
     }
 }
-
-
-