3 |
class base { |
class base { |
4 |
$build_login = "iurt" |
$build_login = "iurt" |
5 |
$build_home_dir = "/home/$build_login" |
$build_home_dir = "/home/$build_login" |
6 |
|
$sched_login = "schedbot" |
7 |
|
$sched_home_dir = "/home/$sched_login" |
8 |
|
|
9 |
include ssh::auth |
include ssh::auth |
10 |
ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits |
ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits |
39 |
|
|
40 |
} |
} |
41 |
|
|
42 |
class iurtuser { |
define sshuser($user, $homedir, $comment) { |
43 |
group {"$build_login": |
group {"$user": |
44 |
ensure => present, |
ensure => present, |
45 |
} |
} |
46 |
|
|
47 |
user {"$build_login": |
user {"$user": |
48 |
ensure => present, |
ensure => present, |
49 |
comment => "System user used to run build bots", |
comment => $comment, |
50 |
managehome => true, |
managehome => true, |
51 |
gid => $build_login, |
gid => $user, |
52 |
shell => "/bin/bash", |
shell => "/bin/bash", |
53 |
notify => Exec["unlock$build_login"], |
notify => Exec["unlock$user"], |
54 |
} |
} |
55 |
|
|
56 |
# set password to * to unlock the account but forbid login through login |
# set password to * to unlock the account but forbid login through login |
57 |
exec { "unlock$build_login": |
exec { "unlock$user": |
58 |
command => "usermod -p '*' $build_login", |
command => "usermod -p '*' $user", |
59 |
refreshonly => true, |
refreshonly => true, |
60 |
} |
} |
61 |
|
|
62 |
file { $build_home_dir: |
file { $homedir: |
63 |
ensure => "directory", |
ensure => "directory", |
64 |
} |
} |
65 |
|
|
66 |
file { "$build_home_dir/.ssh": |
file { "$homedir/.ssh": |
67 |
ensure => "directory", |
ensure => "directory", |
68 |
mode => 600, |
mode => 600, |
69 |
owner => $build_login, |
owner => $user, |
70 |
group => $build_login, |
group => $user, |
71 |
} |
} |
72 |
} |
} |
73 |
|
|
74 |
|
class iurtuser { |
75 |
|
sshuser($build_login, $build_home_dir, "System user used to run build bots") |
76 |
|
} |
77 |
|
|
78 |
class iurt { |
class iurt { |
79 |
include sudo |
include sudo |
80 |
include iurtuser |
include iurtuser |