[Mageia-sysadm] [408] - split the module in 2 part, and add class to allow to more easyly

root at mageia.org root at mageia.org
Tue Nov 23 02:11:10 CET 2010


Revision: 408
Author:   misc
Date:     2010-11-23 02:11:10 +0100 (Tue, 23 Nov 2010)
Log Message:
-----------
- split the module in 2 part, and add class to allow to more easyly
combine the autorized shell

Modified Paths:
--------------
    puppet/modules/restrictshell/manifests/init.pp
    puppet/modules/restrictshell/templates/membersh-conf.pl

Modified: puppet/modules/restrictshell/manifests/init.pp
===================================================================
--- puppet/modules/restrictshell/manifests/init.pp	2010-11-23 01:11:08 UTC (rev 407)
+++ puppet/modules/restrictshell/manifests/init.pp	2010-11-23 01:11:10 UTC (rev 408)
@@ -1,5 +1,12 @@
 class restrictshell {
     class shell {
+        file {"/etc/membersh-conf.d":
+            ensure => directory,
+            owner => root,
+            group => root,
+            mode => 755,
+        }
+
         file { '/usr/local/bin/sv_membersh.pl':
             ensure => present,
             owner => root,
@@ -7,16 +14,7 @@
             mode => 755,
             content => template("restrictshell/sv_membersh.pl"),
         }
-    }
 
-    class base {
-        include shell
-        $allow_svn = "0"
-        $allow_git = "0"
-        $allow_rsync = "0"
-        $allow_pkgsubmit = "0"
-
-        $ldap_pwfile = "/etc/ldap.secret"
         file { '/etc/membersh-conf.pl':
             ensure => present,
             owner => root,
@@ -24,6 +22,9 @@
             mode => 755,
             content => template("restrictshell/membersh-conf.pl"),
         }
+    }
+    
+    class ssh_keys_from_ldap {
 
         package { 'python-ldap':
             ensure => installed,
@@ -37,6 +38,7 @@
             mode => 755,
         }
 
+        $ldap_pwfile = "/etc/ldap.secret"
         file { '/usr/local/bin/ldap-sshkey2file.py':
             ensure => present,
             owner => root,
@@ -47,9 +49,32 @@
         } 
     }
 
-    class allow_svn_git_pkgsubmit inherits base {
-        $allow_svn = "1"
-        $allow_git = "1"
-        $allow_pkgsubmit = "1"
+    define allow {
+        include shell
+        file { "/etc/membersh-conf.d/allow_$name.pl":
+            ensure => "present",
+            owner => root,
+            group => root,
+            mode => 755,
+            content => "\$use_$name = 1;\n",
+        }
     }
+
+    # yes, we could directly use the allow, but this is
+    # a nicer syntax
+    class allow_git {
+        allow{ "git": }
+    }
+
+    class allow_rsync {
+        allow{ "rsync": }
+    }
+
+    class allow_pkgsubmit {
+        allow{ "pkgsubmit": }
+    }
+
+    class allow_svn {
+        allow{ "svn": }
+    }
 }

Modified: puppet/modules/restrictshell/templates/membersh-conf.pl
===================================================================
--- puppet/modules/restrictshell/templates/membersh-conf.pl	2010-11-23 01:11:08 UTC (rev 407)
+++ puppet/modules/restrictshell/templates/membersh-conf.pl	2010-11-23 01:11:10 UTC (rev 408)
@@ -1,16 +1,18 @@
-$use_svn = "<%= allow_svn %>";
+
+
 $bin_svn = "/usr/bin/svnserve";
 $regexp_svn = "^svnserve -t\$";
 #@prepend_args_svn = ( '-r', '/svn' );
 @prepend_args_svn = ();
 
-$use_git = "<%= allow_git %>";
 $bin_git = "/usr/bin/git-shell";
 
-$use_rsync = "<%= allow_rsync %>";
 $bin_rsync = "/usr/bin/rsync";
 $regexp_rsync = "^rsync --server";
 $regexp_dir_rsync = "^/.*";
 
-$use_pkgsubmit = "<%= allow_pkgsubmit %>";
 
+foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) {
+    do($f)
+}
+1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101123/0c4827d6/attachment-0001.html>


More information about the Mageia-sysadm mailing list