diff --git a/manifests/site.pp b/manifests/site.pp index 1f6ed45..71fde1b 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,4 +1,5 @@ import "sitedefs.pp" +import "util.pp" # base node node "li266-215.members.linode.com" { diff --git a/manifests/sitedefs.pp b/manifests/sitedefs.pp index e22eed1..29ab3fa 100644 --- a/manifests/sitedefs.pp +++ b/manifests/sitedefs.pp @@ -2,9 +2,6 @@ $monitored_nodes = [ { "name" => "node1.test.cadmio.org", "ip" => "46.137.48.255" } ] -# probably not a best practise -$monitored_nodes = [ { "name" => "node1.test.cadmio.org", "ip" => "46.137.48.255" } ] - # host on which the munin master is located $monitoring_host = "178.79.146.215" @@ -26,19 +23,26 @@ include ntp include sudo include users - + include git # include mysql } class openstack-base-node { + include users + create_user { "stack": uid => 1002, - email => "openstack@cadmio.org" + email => "openstack@cadmio.org", home => "/opt/stack", - keyfiles => [ "bogdan.pub"] + keyfiles => [ "openstack.pub"] } } +node "ip-10-58-237-10.eu-west-1.compute.internal" { + include openstack-base-node + include mysql +} + #node "ip-10-58-111-96.eu-west-1.compute.internal" { # include nova-common # include nova-compute diff --git a/manifests/util.pp b/manifests/util.pp new file mode 100644 index 0000000..f41f15a --- /dev/null +++ b/manifests/util.pp @@ -0,0 +1,71 @@ + # Put pubkey files in place + define user_keys { + $key_content = file("/etc/puppet/modules/users/files/$name", "/dev/null") + if ! $key_content { + notify { "Public key file $name not found on keymaster; skipping ensure => present": } + } else { + if $key_content !~ /^(ssh-...) +([^ ]*) *([^ \n]*)/ { + err("Can't parse public key file $name") + notify { "Can't parse public key file $name on the keymaster: skipping ensure => $ensure": } + } else { + $keytype = $1 + $modulus = $2 + $comment = $3 + ssh_authorized_key { $comment: + ensure => "present", + user => $username, + type => $keytype, + key => $modulus, + options => $options ? { "" => undef, default => $options }, + } + } + } + } # user_keys + + # Create user accounts + define create_user($uid, $email, $home, $keyfiles) { + $username = $title + + user { $username: + ensure => present, + uid => $uid, + comment => $email, + home => $home, + shell => "/bin/bash", + managehome => true, + groups => "wheel", + } + + exec { "/opt/tools/setuserpassword $username": + path => "/bin:/usr/bin", + refreshonly => true, + subscribe => User[$username], + unless => "cat /etc/shadow | grep $username| cut -f 2 -d : | grep -v '!'", + require => [Class["tools"],User[$username]] + } + + group { $username: + gid => $uid, + require => User[$username] + } + + file { $home : + ensure => directory, + owner => $username, + group => $username, + mode => 750, + require => [ User[$username], Group[$username] ] + } + + file { "$home/.ssh": + ensure => directory, + owner => $username, + group => $username, + mode => 700, + require => File["$home"] + } + + user_keys { "$keyfiles": + } + } # create_user + diff --git a/modules/tools/manifests/install.pp b/modules/tools/manifests/install.pp index 4d11e88..ec5e388 100644 --- a/modules/tools/manifests/install.pp +++ b/modules/tools/manifests/install.pp @@ -2,14 +2,14 @@ file { '/opt' : ensure => directory, owner => 'root', - group => 'root' + group => 'root', mode => 755 } file { '/opt/tools' : ensure => directory, owner => 'root', - group => 'root' + group => 'root', mode => 755, require => File["/opt"] } diff --git a/modules/users/files/openstack.pub b/modules/users/files/openstack.pub new file mode 100644 index 0000000..a14922d --- /dev/null +++ b/modules/users/files/openstack.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6Ivy2Se4nRdPMtvg+NIpMXVH5rFEGc2burh1Qe3ByJD8dCVwLj+ekgN3rM0KURZFW3Deqlql9zPaoNTUAWgazga3D2CXq/GTKtJwMEukLiV9zjx05L1ysOFnTqBuY1VHI/1xakp9AYIDofxso3FgZwspGtJc7vPpF38it1YrTCqflXcE4s3Dq2FfeJ3+1cFszcCx2I//a3nBpaZDKgahslMg1Umc9h+IQ5P//GZJE/6om132h+FLy3FkV3n1tYQl5NRrwlPGtpGrO1fFnXdwcd7zmjv2ev+07NHuv5UXyaIPRFhpKhZ7Vpk2N4cmacuP2DwhoJblhpfvadiP9+MiMw== bogdan@bogdan-desktop diff --git a/modules/users/manifests/install.pp b/modules/users/manifests/install.pp index 6aed63b..61f8bc7 100644 --- a/modules/users/manifests/install.pp +++ b/modules/users/manifests/install.pp @@ -10,77 +10,8 @@ uid => 1001, email => "bogdan.gaza@yahoo.com", home => "/home/bogdan", - keyfiles => [ "bogdan.pub"] + keyfiles => "bogdan.pub" } - # Put pubkey files in place - define user_keys { - $key_content = file("/etc/puppet/modules/users/files/$name", "/dev/null") - if ! $key_content { - notify { "Public key file $name not found on keymaster; skipping ensure => present": } - } else { - if $key_content !~ /^(ssh-...) +([^ ]*) *([^ \n]*)/ { - err("Can't parse public key file $name") - notify { "Can't parse public key file $name on the keymaster: skipping ensure => $ensure": } - } else { - $keytype = $1 - $modulus = $2 - $comment = $3 - ssh_authorized_key { $comment: - ensure => "present", - user => $username, - type => $keytype, - key => $modulus, - options => $options ? { "" => undef, default => $options }, - } - } - } - } # user_keys - - # Create user accounts - define create_user($uid, $email, $home, $keyfiles) { - $username = $title - - user { $username: - ensure => present, - uid => $uid, - comment => $email, - home => $home, - shell => "/bin/bash", - managehome => true, - groups => "wheel", - } - - exec { "/opt/tools/setuserpassword $uid": - path => "/bin:/usr/bin", - refreshonly => true, - subscribe => user[$uid], - unless => "cat /etc/shadow | grep $uid| cut -f 2 -d : | grep -v '!'", - require => Class["tools"] - } - - group { $username: - gid => $uid, - require => User[$username] - } - - file { $home : - ensure => directory, - owner => $username, - group => $username, - mode => 750, - require => [ User[$username], Group[$username] ] - } - - file { "$home/.ssh": - ensure => directory, - owner => $username, - group => $username, - mode => 700, - require => File["$home"] - } - - user_keys { $keyfiles: } - } # create_user }