/[adm]/puppet/modules/restrictshell/manifests/init.pp
ViewVC logotype

Diff of /puppet/modules/restrictshell/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 406 by misc, Tue Nov 23 01:11:07 2010 UTC revision 408 by misc, Tue Nov 23 01:11:10 2010 UTC
# Line 1  Line 1 
1  class restrictshell {  class restrictshell {
2      class shell {      class shell {
3            file {"/etc/membersh-conf.d":
4                ensure => directory,
5                owner => root,
6                group => root,
7                mode => 755,
8            }
9    
10          file { '/usr/local/bin/sv_membersh.pl':          file { '/usr/local/bin/sv_membersh.pl':
11              ensure => present,              ensure => present,
12              owner => root,              owner => root,
# Line 7  class restrictshell { Line 14  class restrictshell {
14              mode => 755,              mode => 755,
15              content => template("restrictshell/sv_membersh.pl"),              content => template("restrictshell/sv_membersh.pl"),
16          }          }
     }  
17    
     class base {  
         include shell  
         $allow_svn = "0"  
         $allow_git = "0"  
         $allow_rsync = "0"  
         $allow_pkgsubmit = "0"  
   
         $ldap_pwfile = "/etc/ldap.secret"  
18          file { '/etc/membersh-conf.pl':          file { '/etc/membersh-conf.pl':
19              ensure => present,              ensure => present,
20              owner => root,              owner => root,
# Line 24  class restrictshell { Line 22  class restrictshell {
22              mode => 755,              mode => 755,
23              content => template("restrictshell/membersh-conf.pl"),              content => template("restrictshell/membersh-conf.pl"),
24          }          }
25        }
26        
27        class ssh_keys_from_ldap {
28    
29          package { 'python-ldap':          package { 'python-ldap':
30              ensure => installed,              ensure => installed,
# Line 37  class restrictshell { Line 38  class restrictshell {
38              mode => 755,              mode => 755,
39          }          }
40    
41            $ldap_pwfile = "/etc/ldap.secret"
42          file { '/usr/local/bin/ldap-sshkey2file.py':          file { '/usr/local/bin/ldap-sshkey2file.py':
43              ensure => present,              ensure => present,
44              owner => root,              owner => root,
# Line 47  class restrictshell { Line 49  class restrictshell {
49          }          }
50      }      }
51    
52      class allow_svn_git_pkgsubmit inherits base {      define allow {
53          $allow_svn = "1"          include shell
54          $allow_git = "1"          file { "/etc/membersh-conf.d/allow_$name.pl":
55          $allow_pkgsubmit = "1"              ensure => "present",
56                owner => root,
57                group => root,
58                mode => 755,
59                content => "\$use_$name = 1;\n",
60            }
61        }
62    
63        # yes, we could directly use the allow, but this is
64        # a nicer syntax
65        class allow_git {
66            allow{ "git": }
67        }
68    
69        class allow_rsync {
70            allow{ "rsync": }
71        }
72    
73        class allow_pkgsubmit {
74            allow{ "pkgsubmit": }
75        }
76    
77        class allow_svn {
78            allow{ "svn": }
79      }      }
80  }  }
Legend:
Removed from v.406  
changed lines
  Added in v.408
  ViewVC Help
Powered by ViewVC 1.1.30