Beispiel Benutzerverwaltung

Benutzer zentral in Pillars verwalten

Pillar anlegen

/srv/pillar/users.sls
#
# All users of the following list will be created if not present
#
users_present:
  thorsten.kramm:
    firstname: Thorsten
    lastname: Kramm
    sudo: True
  max.mustermann:
    firstname: Max
    lastname: Mustermann
    sudo: False
#
# Delete users
#
users_absent:
  - mausi

User per State ausrollen

/srv/salt/users/init.sls
sudo:
  pkg.installed: []

#
# Iterate over all users-present from the pillar and create users if needed
#
{% for username,user in pillar['users_present'].items() %}
{{ username }}-group:
    group.present:
      - name: {{ username }}

{{ username }}:
  user.present:
    - fullname: {{ user['firstname'] }} {{ user['lastname'] }}
    - shell: /bin/bash
    - home: /home/{{ username }}
    - createhome: true
    - system: false
    - groups:
      - {{ username }}
    - require:
      - group: {{ username }}-group

#
# Deploy the public SSH Key of the user
#
{{ username }}-key:
  ssh_auth.present:
    - user: {{ username }}
    - source: salt://users/ssh-keys/{{ username }}.pub
    - require:
      - user: {{ username }}

#
# Create or remove sudo file
#
{% if user['sudo'] == True %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
  file.managed:
    - contents: {{ username }} ALL=(ALL) NOPASSWD:ALL
    - mode: 0440
    - user: root
    - require:
      - pkg: sudo
      - user: {{ username }}
{% else %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
  file.absent: []
{% endif %}
{% endfor %}

{% if pillar['users_absent'] is defined %}
{% for absent_user in pillar['users_absent'] %}
#
# Delete the user
#
{{ absent_user }}-absent:
    user.absent:
      - name: {{ absent_user }}
      - purge: True
      - force: True
#
# Delete the sudoers entry
#
/etc/sudoers.d/{{ absent_user }}-absent:
  file.absent:
    - name: /etc/sudoers.d/{{ absent_user }}
{% endfor %}
{% endif %}

Beachten Sie {{ username|replace(".", "_") }}in Zeile 38. Sudo-Dateien dürfen keine Punkte im Dateinamen enthalten.

Last updated