/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Diff of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 387 by blino, Mon Nov 22 12:41:54 2010 UTC revision 393 by blino, Mon Nov 22 13:21:17 2010 UTC
# Line 3  class buildsystem { Line 3  class buildsystem {
3      class base {      class base {
4          $build_login = "iurt"          $build_login = "iurt"
5          $build_home_dir = "/home/$build_login"          $build_home_dir = "/home/$build_login"
6            $sched_login = "schedbot"
7            $sched_home_dir = "/home/$sched_login"
8    
9          include ssh::auth          include ssh::auth
10          ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits          ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
# Line 37  class buildsystem { Line 39  class buildsystem {
39    
40      }      }
41    
42      class iurtuser {      define sshuser($user, $homedir, $comment) {
43          group {"$build_login":          group {"$user":
44              ensure => present,              ensure => present,
45          }          }
46    
47          user {"$build_login":          user {"$user":
48              ensure => present,              ensure => present,
49              comment => "System user used to run build bots",              comment => $comment,
50              managehome => true,              managehome => true,
51              gid => $build_login,              gid => $user,
52              shell => "/bin/bash",              shell => "/bin/bash",
53              notify => Exec["unlock$build_login"],              notify => Exec["unlock$user"],
54          }          }
55    
56          # set password to * to unlock the account but forbid login through login          # set password to * to unlock the account but forbid login through login
57          exec { "unlock$build_login":          exec { "unlock$user":
58              command => "usermod -p '*' $build_login",              command => "usermod -p '*' $user",
59              refreshonly => true,              refreshonly => true,
60          }          }
61    
62          file { $build_home_dir:          file { $homedir:
63              ensure => "directory",              ensure => "directory",
64          }          }
65    
66          file { "$build_home_dir/.ssh":          file { "$homedir/.ssh":
67              ensure => "directory",              ensure => "directory",
68              mode   => 600,              mode   => 600,
69              owner  => $build_login,              owner  => $user,
70              group  => $build_login,              group  => $user,
71          }          }
72      }      }
73    
74        class iurtuser {
75            sshuser($build_login, $build_home_dir, "System user used to run build bots")
76        }
77    
78      class iurt {      class iurt {
79          include sudo          include sudo
80          include iurtuser          include iurtuser
Legend:
Removed from v.387  
changed lines
  Added in v.393
  ViewVC Help
Powered by ViewVC 1.1.30