[Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )
root at mageia.org
root at mageia.org
Wed Nov 17 16:35:10 CET 2010
Revision: 265
Author: misc
Date: 2010-11-17 16:35:10 +0100 (Wed, 17 Nov 2010)
Log Message:
-----------
- add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )
Modified Paths:
--------------
puppet/modules/apache/templates/vhost_catalyst_app.conf
puppet/modules/apache/templates/vhost_django_app.conf
puppet/modules/buildsystem/manifests/init.pp
puppet/modules/postfix/manifests/init.pp
puppet/modules/transifex/manifests/init.pp
Added Paths:
-----------
puppet/modules/pam/
puppet/modules/pam/manifests/
puppet/modules/pam/manifests/init.pp
puppet/modules/pam/templates/
puppet/modules/pam/templates/system-auth
Modified: puppet/modules/apache/templates/vhost_catalyst_app.conf
===================================================================
--- puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-17 15:13:07 UTC (rev 264)
+++ puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-17 15:35:10 UTC (rev 265)
@@ -15,6 +15,8 @@
ServerName <%= name %>
# Serve static content directly
DocumentRoot /dev/null
+# header
+
<% if location then %>
Alias /static <%= location %>/root/static
<% end %>
Modified: puppet/modules/apache/templates/vhost_django_app.conf
===================================================================
--- puppet/modules/apache/templates/vhost_django_app.conf 2010-11-17 15:13:07 UTC (rev 264)
+++ puppet/modules/apache/templates/vhost_django_app.conf 2010-11-17 15:35:10 UTC (rev 265)
@@ -4,7 +4,7 @@
DocumentRoot /dev/null
WSGIScriptAlias / /usr/local/lib/wsgi/<%= name %>.wsgi
-
+#footer
<Location />
Allow from all
</Location>
Modified: puppet/modules/buildsystem/manifests/init.pp
===================================================================
--- puppet/modules/buildsystem/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264)
+++ puppet/modules/buildsystem/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265)
@@ -4,6 +4,22 @@
include iurt
}
+ class scheduler {
+ # ulri
+ }
+
+ class dispatcher {
+ # emi
+ }
+
+ class repsys {
+ package { 'repsys':
+
+ }
+
+
+ }
+
class iurt {
include sudo
Added: puppet/modules/pam/manifests/init.pp
===================================================================
--- puppet/modules/pam/manifests/init.pp (rev 0)
+++ puppet/modules/pam/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265)
@@ -0,0 +1,27 @@
+class pam {
+
+ package { ["pam_ldap","nss_ldap", "pam_mkhomedir"]:
+ ensure => installed,
+ }
+
+
+ file { "system-auth":
+ path => "/etc/pam.d/system-auth",
+ owner => root,
+ group => root,
+ mode => 644,
+ content => template("openldap/system-auth")
+ }
+
+ # for server where only admin can connect
+ class admin_access {
+ $access_class = "admin"
+ file { "system-auth": }
+ }
+
+ # for server where people can connect with ssh ( git, svn )
+ class commiters_access {
+ $access_class = "commiters"
+ file { "system-auth": }
+ }
+}
Added: puppet/modules/pam/templates/system-auth
===================================================================
--- puppet/modules/pam/templates/system-auth (rev 0)
+++ puppet/modules/pam/templates/system-auth 2010-11-17 15:35:10 UTC (rev 265)
@@ -0,0 +1,35 @@
+auth required pam_env.so
+# this part is here if the module don't exist
+# basically, the idea is to copy the exact detail of sufficient,
+# and add abort=ignore
+auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8
+auth sufficient pam_unix.so likeauth nullok
+auth sufficient pam_ldap.so use_first_pass
+<% if access_class = 'admin' %>
+auth required pam_wheel.so group=mga-sysadmin
+<% end %>
+<% if access_class = 'commiters' %>
+auth required pam_wheel.so group=mga-commiters
+<% end %>
+auth required pam_deny.so
+
+
+account sufficient pam_localuser.so
+account sufficient pam_ldap.so
+account required pam_deny.so
+
+
+password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0
+# TODO check this part too
+password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore
+password sufficient pam_ldap.so use_authtok
+password sufficient pam_unix.so use_authtok nullok md5 shadow
+password required pam_deny.so
+
+session optional pam_keyinit.so revoke
+# optional if there is a problem when creating the account
+session optional pam_mkhomedir.so
+session required pam_limits.so
+session required pam_unix.so
+session optional pam_ldap.so
+
Modified: puppet/modules/postfix/manifests/init.pp
===================================================================
--- puppet/modules/postfix/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264)
+++ puppet/modules/postfix/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265)
@@ -4,7 +4,7 @@
package { postfix:
ensure => installed
}
- package { 'nail':
+ package { 'nail':
ensure => installed
}
service { postfix:
@@ -30,4 +30,17 @@
content => template("postfix/simple_relay_main.cf"),
}
}
+
+ class primary_smtp inherits base {
+ file { '/etc/postfix/main.cf':
+ content => template("postfix/primary_main.cf"),
+ }
+ }
+
+ class secondary_smtp inherits base {
+ file { '/etc/postfix/main.cf':
+ content => template("postfix/secondary_main.cf"),
+ }
+ }
+
}
Modified: puppet/modules/transifex/manifests/init.pp
===================================================================
--- puppet/modules/transifex/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264)
+++ puppet/modules/transifex/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265)
@@ -12,4 +12,8 @@
mode => 755,
content => template("transifex/20-engines.conf")
}
+
+ apache::vhost_django_app { "transifex.$domain":
+ module => "transifex"
+ }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101117/15a9175d/attachment.html>
More information about the Mageia-sysadm
mailing list