Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

sudo: improvements making use of the new #includedir directive

 * this directive is available since version 1.7.2
 * adding backward compatibility for older versions
 * adding a definition to add configuration parts and check the syntax with visudo
  • Loading branch information...
commit afc53cd9e3ac0587ed0635ad671a684f1d3eb697 1 parent 6159b52
@mbornoz mbornoz authored
View
0  README
No changes.
View
16 README.rst
@@ -0,0 +1,16 @@
+==================
+Sudo Puppet module
+==================
+
+Since the version 1.7.2 a new `#includedir` directive is available in sudoers.
+To keep backward compatibility with old sudo versions the `common::concatfilepart` definition is used. Some default distribution versions are defined in `sudo::params::majversion` but it is also possible to specify your own version in the global parameter `$sudo_version`
+
+The definition `sudo::directive` provides a simple way to write sudo configurations parts. If you use a sudo version >= 1.7.2, the sudo directive part is validated via visudo and removed if syntax is not correct.
+
+
+This module is provided to you by Camptocamp_.
+
+.. _Camptocamp: http://www.camptocamp.com/
+
+For more information about sudo see http://www.gratisoft.us/sudo/
+
View
12 manifests/classes/base.pp
@@ -1,12 +0,0 @@
-class sudo::base {
- package {"sudo":
- ensure => installed,
- }
-
- file {"/etc/sudoers":
- ensure => present,
- owner => root,
- group => root,
- mode => 440,
- }
-}
View
44 manifests/classes/sudo-base.pp
@@ -0,0 +1,44 @@
+class sudo::base {
+
+ include sudo::params
+
+ package {"sudo":
+ ensure => $sudo::params::version,
+ }
+
+ file {"/etc/sudoers":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 440,
+ }
+
+ if versioncmp($sudo::params::majversion,'1.7.2') < 0 {
+ #
+ # Backward compatibility for version less than 1.7.2
+ #
+ common::concatfilepart { "000-sudoers.init":
+ ensure => present,
+ manage => true,
+ file => "/etc/sudoers",
+ content => template("sudo/sudoers.erb"),
+ }
+
+ } else {
+ #
+ # Use the #includedir directive to manage sudoers.d, version >= 1.7.2
+ #
+ file {"/etc/sudoers.d":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 755,
+ purge => true,
+ recurse => true,
+ }
+
+ File ["/etc/sudoers"] { content => template("sudo/sudoers.erb"), }
+
+ }
+
+}
View
25 manifests/classes/sudo-params.pp
@@ -0,0 +1,25 @@
+class sudo::params {
+
+ $release_version = $operatingsystem ? {
+ RedHat => $lsbdistcodename ? {
+ /^Nahant.*/ => '1.6.7',
+ /Tikanga|Santiago/ => '1.7.2',
+ },
+ Debian => $lsbdistcodename ? {
+ lenny => '1.6.9',
+ squeeze => '1.7.4',
+ },
+ CentOS => $lsbdistrelease ? {
+ 5.5 => '1.7.2',
+ },
+ }
+
+ if !$sudo_version {
+ $version = "present"
+ $majversion = $release_version
+ } else {
+ $majversion = $sudo_version
+ $version = $sudo_version
+ }
+
+}
View
51 manifests/definitions/sudo-directive.pp
@@ -0,0 +1,51 @@
+define sudo::directive (
+ $ensure=present,
+ $content="",
+ $source=""
+) {
+
+ include sudo::params
+
+ if versioncmp($sudo::params::majversion,'1.7.2') < 0 {
+
+ common::concatfilepart {$name:
+ ensure => $ensure,
+ file => "/etc/sudoers",
+ content => $content ? {
+ "" => undef,
+ default => $content,
+ },
+ source => $source ? {
+ "" => undef,
+ default => $source,
+ },
+ require => Package["sudo"],
+ }
+
+ } else {
+
+ file {"/etc/sudoers.d/${name}":
+ ensure => $ensure,
+ owner => root,
+ group => root,
+ mode => 0440,
+ content => $content ? {
+ "" => undef,
+ default => $content,
+ },
+ source => $source ? {
+ "" => undef,
+ default => $source,
+ },
+ notify => Exec["sudo-syntax-check"],
+ require => Package["sudo"],
+ }
+
+ }
+
+ exec {"sudo-syntax-check":
+ command => "visudo -c -f /etc/sudoers.d/${name} || ( rm -f /etc/sudoers.d/${name} && exit 1)",
+ refreshonly => true,
+ }
+
+}
View
7 manifests/init.pp
@@ -1 +1,8 @@
import "classes/*.pp"
+import "definitions/*.pp"
+
+class sudo {
+ case $operatingsystem {
+ default: { include sudo::base }
+ }
+}
View
14 templates/sudoers.erb
@@ -0,0 +1,14 @@
+# file managed by puppet
+Defaults env_keep=SSH_AUTH_SOCK
+Defaults !authenticate
+Defaults env_reset
+<% if has_variable?("sudo_mailto") -%>
+Defaults mailto=<%= sudo_mailto %>
+<% end -%>
+Defaults always_set_home
+root ALL=(ALL) ALL
+
+# This directive only works with version >= 1.7.2!
+#includedir /etc/sudoers.d
+##
+#
Please sign in to comment.
Something went wrong with that request. Please try again.