Beispiel Benutzerverwaltung

Benutzer zentral in Pillars verwalten

Pillar anlegen

/srv/pillar/users.sls

#
# All users of the following list will be created if not present
#
users_present:
  thorsten.kramm:
    firstname: Thorsten
    lastname: Kramm
    sudo: True
  max.mustermann:
    firstname: Max
    lastname: Mustermann
    sudo: False
#
# Delete users
#
users_absent:
  - mausi

User per State ausrollen

/srv/salt/users/init.sls

sudo:
  pkg.installed: []

#
# Iterate over all users-present from the pillar and create users if needed
#
{% for username,user in pillar['users_present'].items() %}
{{ username }}-group:
    group.present:
      - name: {{ username }}

{{ username }}:
  user.present:
    - fullname: {{ user['firstname'] }} {{ user['lastname'] }}
    - shell: /bin/bash
    - home: /home/{{ username }}
    - createhome: true
    - system: false
    - groups:
      - {{ username }}
    - require:
      - group: {{ username }}-group

#
# Deploy the public SSH Key of the user
#
{{ username }}-key:
  ssh_auth.present:
    - user: {{ username }}
    - source: salt://users/ssh-keys/{{ username }}.pub
    - require:
      - user: {{ username }}

#
# Create or remove sudo file
#
{% if user['sudo'] == True %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
  file.managed:
    - contents: {{ username }} ALL=(ALL) NOPASSWD:ALL
    - mode: 0440
    - user: root
    - require:
      - pkg: sudo
      - user: {{ username }}
{% else %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
  file.absent: []
{% endif %}
{% endfor %}

{% if pillar['users_absent'] is defined %}
{% for absent_user in pillar['users_absent'] %}
#
# Delete the user
#
{{ absent_user }}-absent:
    user.absent:
      - name: {{ absent_user }}
      - purge: True
      - force: True
#
# Delete the sudoers entry
#
/etc/sudoers.d/{{ absent_user }}-absent:
  file.absent:
    - name: /etc/sudoers.d/{{ absent_user }}
{% endfor %}
{% endif %}

Beachten Sie {{ username|replace(".", "_") }}in Zeile 38. Sudo-Dateien dürfen keine Punkte im Dateinamen enthalten.

PreviousDatenbanken NextSalt-Mine

Last updated 4 months ago

# # All users of the following list will be created if not present # users_present: thorsten.kramm: firstname: Thorsten lastname: Kramm sudo: True max.mustermann: firstname: Max lastname: Mustermann sudo: False # # Delete users # users_absent: - mausi

sudo: pkg.installed: [] # # Iterate over all users-present from the pillar and create users if needed # {% for username,user in pillar['users_present'].items() %} {{ username }}-group: group.present: - name: {{ username }} {{ username }}: user.present: - fullname: {{ user['firstname'] }} {{ user['lastname'] }} - shell: /bin/bash - home: /home/{{ username }} - createhome: true - system: false - groups: - {{ username }} - require: - group: {{ username }}-group # # Deploy the public SSH Key of the user # {{ username }}-key: ssh_auth.present: - user: {{ username }} - source: salt://users/ssh-keys/{{ username }}.pub - require: - user: {{ username }} # # Create or remove sudo file # {% if user['sudo'] == True %} /etc/sudoers.d/{{ username|replace(".", "_") }}: file.managed: - contents: {{ username }} ALL=(ALL) NOPASSWD:ALL - mode: 0440 - user: root - require: - pkg: sudo - user: {{ username }} {% else %} /etc/sudoers.d/{{ username|replace(".", "_") }}: file.absent: [] {% endif %} {% endfor %} {% if pillar['users_absent'] is defined %} {% for absent_user in pillar['users_absent'] %} # # Delete the user # {{ absent_user }}-absent: user.absent: - name: {{ absent_user }} - purge: True - force: True # # Delete the sudoers entry # /etc/sudoers.d/{{ absent_user }}-absent: file.absent: - name: /etc/sudoers.d/{{ absent_user }} {% endfor %} {% endif %}