Hi,
I am trying to get puppet going on CentOS 6.3 and I got it installed and
running. I want to create good manifests for basic stuff. I know I will learn
more as I go but I am new to programming in general and puppet code. I have
puppet master install on 1 cloud server and a client test puppet on another
cloud server. I was able to run this code correctly. Now I want to make it
better.
Here is what I have so far for my Push to add users to my nodes.
site.pp: (I know its short lol)
node ''puppet-client'' {
import "classes/adduser.pp"
}
adduser.pp located in /etc/puppet/manifests/classes/
define custom_user($passwd) {
user { "${name}":
ensure => present,
password => $passwd,
shell => "/bin/bash",
managehome => true,
}
}
custom_user {
"anthony":
passwd => ''Removed real hash here'',
}
custom_user {
"admin":
passwd => ''Hash for password gone'',
}
custom_user {
"luca":
passwd => ''My Password Hash Here'',
}
So I am testing on a test-only server till I get the hang of it. So I have many
cloud servers and need to be able to add my admin users. I need help now to
modify /etc/sudoers or visudo and add these people to the doc with ALL=(ALL)
ALL
Please help me. I know I need to add a template and also a module of my own. I
mainly need help with code and learning to build off this for future system
changes. Please help me keep this simple and dumb-down lol. FYI - After this I
want to start on Apache and editing the config and setting up new servers from
an image. This is more practical and important to start with.
Thanks all.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
First suggestion: Use a group name ( like "wheel" ) and declare the sudo privileges to the group. Then all you need do is add that group in the "groups" parameter for puppet type user. On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:> Hi, > > I am trying to get puppet going on CentOS 6.3 and I got it installed and running. I want to create good manifests for basic stuff. I know I will learn more as I go but I am new to programming in general and puppet code. I have puppet master install on 1 cloud server and a client test puppet on another cloud server. I was able to run this code correctly. Now I want to make it better. > Here is what I have so far for my Push to add users to my nodes. > > site.pp: (I know its short lol) > > node ''puppet-client'' { > import "classes/adduser.pp" > } > > > adduser.pp located in /etc/puppet/manifests/classes/ > > define custom_user($passwd) { > user { "${name}": > ensure => present, > password => $passwd, > shell => "/bin/bash", > managehome => true, > } > } > custom_user { > "anthony": > passwd => ''Removed real hash here'', > } > custom_user { > "admin": > passwd => ''Hash for password gone'', > } > custom_user { > "luca": > passwd => ''My Password Hash Here'', > } > > > So I am testing on a test-only server till I get the hang of it. So I have many cloud servers and need to be able to add my admin users. I need help now to modify /etc/sudoers or visudo and add these people to the doc with ALL=(ALL) ALL > > Please help me. I know I need to add a template and also a module of my own. I mainly need help with code and learning to build off this for future system changes. Please help me keep this simple and dumb-down lol. FYI - After this I want to start on Apache and editing the config and setting up new servers from an image. This is more practical and important to start with. > > Thanks all. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I understand but that is not what I asked for help. I would like some help on making or writing the code needed to add users to visudo. On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:> > First suggestion: > > Use a group name ( like "wheel" ) and declare the sudo privileges to the > group. > Then all you need do is add that group in the "groups" parameter for > puppet type user. > > On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote: > > > Hi, > > > > I am trying to get puppet going on CentOS 6.3 and I got it installed and > running. I want to create good manifests for basic stuff. I know I will > learn more as I go but I am new to programming in general and puppet code. > I have puppet master install on 1 cloud server and a client test puppet on > another cloud server. I was able to run this code correctly. Now I want to > make it better. > > Here is what I have so far for my Push to add users to my nodes. > > > > site.pp: (I know its short lol) > > > > node ''puppet-client'' { > > import "classes/adduser.pp" > > } > > > > > > adduser.pp located in /etc/puppet/manifests/classes/ > > > > define custom_user($passwd) { > > user { "${name}": > > ensure => present, > > password => $passwd, > > shell => "/bin/bash", > > managehome => true, > > } > > } > > custom_user { > > "anthony": > > passwd => ''Removed real hash here'', > > } > > custom_user { > > "admin": > > passwd => ''Hash for password gone'', > > } > > custom_user { > > "luca": > > passwd => ''My Password Hash Here'', > > } > > > > > > So I am testing on a test-only server till I get the hang of it. So I > have many cloud servers and need to be able to add my admin users. I need > help now to modify /etc/sudoers or visudo and add these people to the doc > with ALL=(ALL) ALL > > > > Please help me. I know I need to add a template and also a module of my > own. I mainly need help with code and learning to build off this for future > system changes. Please help me keep this simple and dumb-down lol. FYI - > After this I want to start on Apache and editing the config and setting up > new servers from an image. This is more practical and important to start > with. > > > > Thanks all. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J. > > To post to this group, send email to puppet...@googlegroups.com<javascript:>. > > > To unsubscribe from this group, send email to > puppet-users...@googlegroups.com <javascript:>. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
You learn from use one of these: http://forge.puppetlabs.com/modules?q=sudo On Wed, Aug 29, 2012 at 02:13:34PM -0700, Tony Caffe wrote:> I understand but that is not what I asked for help. I would like some help > on making or writing the code needed to add users to visudo. > On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote: > > First suggestion: > > Use a group name ( like "wheel" ) and declare the sudo privileges to the > group. > Then all you need do is add that group in the "groups" parameter for > puppet type user. > > On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote: > > > Hi, > > > > I am trying to get puppet going on CentOS 6.3 and I got it installed > and running. I want to create good manifests for basic stuff. I know I > will learn more as I go but I am new to programming in general and > puppet code. I have puppet master install on 1 cloud server and a client > test puppet on another cloud server. I was able to run this code > correctly. Now I want to make it better. > > Here is what I have so far for my Push to add users to my nodes. > > > > site.pp: (I know its short lol) > > > > node ''puppet-client'' { > > import "classes/adduser.pp" > > } > > > > > > adduser.pp located in /etc/puppet/manifests/classes/ > > > > define custom_user($passwd) { > > user { "${name}": > > ensure => present, > > password => $passwd, > > shell => "/bin/bash", > > managehome => true, > > } > > } > > custom_user { > > "anthony": > > passwd => ''Removed real hash here'', > > } > > custom_user { > > "admin": > > passwd => ''Hash for password gone'', > > } > > custom_user { > > "luca": > > passwd => ''My Password Hash Here'', > > } > > > > > > So I am testing on a test-only server till I get the hang of it. So I > have many cloud servers and need to be able to add my admin users. I > need help now to modify /etc/sudoers or visudo and add these people to > the doc with ALL=(ALL) ALL > > > > Please help me. I know I need to add a template and also a module of > my own. I mainly need help with code and learning to build off this for > future system changes. Please help me keep this simple and dumb-down > lol. FYI - After this I want to start on Apache and editing the config > and setting up new servers from an image. This is more practical and > important to start with. > > > > Thanks all. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To view this discussion on the web visit > [1]https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J. > > To post to this group, send email to [2]puppet...@googlegroups.com. > > To unsubscribe from this group, send email to > [3]puppet-users...@googlegroups.com. > > For more options, visit this group at > [4]http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > [5]https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > References > > Visible links > 1. https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J > 2. javascript: > 3. javascript: > 4. http://groups.google.com/group/puppet-users?hl=en > 5. https://groups.google.com/d/msg/puppet-users/-/ebP58zFazv0J-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 8/29/2012 8:31 AM, Tony Caffe wrote:> Hi, > > I am trying to get puppet going on CentOS 6.3 and I got it installed and running. I want to create good manifests for basic stuff. I know I will learn more as I go but I am new to programming in general and puppet code. I have puppet master install on 1 cloud server and a client test puppet on another cloud server. I was able to run this code correctly. Now I want to make it better. > Here is what I have so far for my Push to add users to my nodes. > > site.pp: (I know its short lol) > > node ''puppet-client'' { > import "classes/adduser.pp" > } > > > adduser.pp located in /etc/puppet/manifests/classes/ > > define custom_user($passwd) { > user { "${name}": > ensure => present, > password => $passwd, > shell => "/bin/bash", > managehome => true, > } > } > custom_user { > "anthony": > passwd => ''Removed real hash here'', > } > custom_user { > "admin": > passwd => ''Hash for password gone'', > } > custom_user { > "luca": > passwd => ''My Password Hash Here'', > } > > > So I am testing on a test-only server till I get the hang of it. So I have many cloud servers and need to be able to add my admin users. I need help now to modify /etc/sudoers or visudo and add these people to the doc with ALL=(ALL) ALL > > Please help me. I know I need to add a template and also a module of my own. I mainly need help with code and learning to build off this for future system changes. Please help me keep this simple and dumb-down lol. FYI - After this I want to start on Apache and editing the config and setting up new servers from an image. This is more practical and important to start with.Your sudo should be new enough to support /etc/sudoers.d/ which means you can just drop a file per user into that dir. Make Puppet manage the whole dir and purge anything it doesn''t recognize and you''re all set. Ramin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Would I still need to write ruby code? I dont know ruby or really any other programming language. So I would create a duplicate of the sudoers file in /etc/sudoers.d/ that adds a user to it and it will work? I am not to sure of how sudoers.d works. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/be_1FNEoI8kJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
In regard to: Re: [Puppet Users] Puppet visudo/ sudoers help, Tony Caffe...:> I understand but that is not what I asked for help. I would like some help > on making or writing the code needed to add users to visudo.$ cat puppet/modules/sudo/manifests/config.pp define sudo::config($content='''', $source='''') { case $content { '''': { file {"/etc/sudoers.d/${name}": ensure => file, owner => ''root'', group => ''root'', mode => ''0440'', source => $source, } } default: { file {"/etc/sudoers.d/${name}": ensure => file, owner => ''root'', group => ''root'', mode => ''0440'', content => $content, } } } } # vim:sm:ts=2:expandtab Example usage for "source": sudo::config{ ''networker-jukebox'': source => ''puppet:///networker/networker_jb_sudoers'', } Example usage for "contents": sudo::config{ ''myuser'': content => "myuser ALL = (ALL) ALL\n" } Note that both RHEL 5.x and 6.x have a sudo that supports the include mechanism, but only RHEL 6.x ships with an /etc/sudoers.d and an /etc/sudoers that has the "include /etc/sudoers.d/*" pre-populated. Since both flavors support it, we just have our sudo init.pp make sure the directory is present and make certain that the /etc/sudoers has the necessary "include" statement. From then on, it''s just puppet dropping files into /etc/sudoers.d via the sudo::config() define. The bad part about our current implementation is that there''s no syntax checking for the contents/source, so a bad entry can sneak in and cause sudo to completely not work until it''s fixed. There are ways around this but it''s more complicated than we felt like getting for now. If you need to support systems where sudo is old enough that "include" isn''t even an option, then I highly recommend you look at the "concat" module, and build up your sudoers file from file fragments. Another option for older sudo versions that don''t support including fragments is using file_line from puppetlabs-stdlib. Tim> On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote: >> >> First suggestion: >> >> Use a group name ( like "wheel" ) and declare the sudo privileges to the >> group. >> Then all you need do is add that group in the "groups" parameter for >> puppet type user. >> >> On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote: >> >>> Hi, >>> >>> I am trying to get puppet going on CentOS 6.3 and I got it installed and >> running. I want to create good manifests for basic stuff. I know I will >> learn more as I go but I am new to programming in general and puppet code. >> I have puppet master install on 1 cloud server and a client test puppet on >> another cloud server. I was able to run this code correctly. Now I want to >> make it better. >>> Here is what I have so far for my Push to add users to my nodes. >>> >>> site.pp: (I know its short lol) >>> >>> node ''puppet-client'' { >>> import "classes/adduser.pp" >>> } >>> >>> >>> adduser.pp located in /etc/puppet/manifests/classes/ >>> >>> define custom_user($passwd) { >>> user { "${name}": >>> ensure => present, >>> password => $passwd, >>> shell => "/bin/bash", >>> managehome => true, >>> } >>> } >>> custom_user { >>> "anthony": >>> passwd => ''Removed real hash here'', >>> } >>> custom_user { >>> "admin": >>> passwd => ''Hash for password gone'', >>> } >>> custom_user { >>> "luca": >>> passwd => ''My Password Hash Here'', >>> } >>> >>> >>> So I am testing on a test-only server till I get the hang of it. So I >> have many cloud servers and need to be able to add my admin users. I need >> help now to modify /etc/sudoers or visudo and add these people to the doc >> with ALL=(ALL) ALL >>> >>> Please help me. I know I need to add a template and also a module of my >> own. I mainly need help with code and learning to build off this for future >> system changes. Please help me keep this simple and dumb-down lol. FYI - >> After this I want to start on Apache and editing the config and setting up >> new servers from an image. This is more practical and important to start >> with. >>> >>> Thanks all. >>> >>> -- >>> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >>> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J. >>> To post to this group, send email to puppet...@googlegroups.com<javascript:>. >> >>> To unsubscribe from this group, send email to >> puppet-users...@googlegroups.com <javascript:>. >>> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >>> >> >> > >-- Tim Mooney Tim.Mooney@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks. I used this:
file {''puppet_sudo'':
ensure => present,
path => ''/tmp/puppet_sudo'',
source =>
''puppet:///files/puppet_sudo'',
owner => ''root'',
group => ''root'',
mode => 0440,
}
file {''move_puppet_sudo'':
ensure => present,
path => ''/etc/sudoers.d/'',
source => ''/tmp/puppet_sudo'',
owner => ''root'',
group => ''root'',
mode => 0440,
require => file[''puppet_sudo''],
}
but My Puppet master is 6.3 and all my puppet clients are all 5.8. 5.8
doesnt have the line
#includedir /etc/sudoers.d
nor does it have a DIRECTORY /etc/sudoers.d/, just a file called
/etc/sudoers.d
Any Idea about that? I am avoiding writing code since I dont know how.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/G3ZQJhWgM1QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.