[Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name )

root at mageia.org root at mageia.org
Thu Jan 13 19:12:32 CET 2011 

Revision: 780
Author:   misc
Date:     2011-01-13 19:12:32 +0100 (Thu, 13 Jan 2011)
Log Message:
-----------
move the type of access_class to deployment ( as this is tied to our group name )

Modified Paths:
--------------
    puppet/manifests/nodes.pp
    puppet/modules/pam/manifests/init.pp

Added Paths:
-----------
    puppet/deployment/access_class/
    puppet/deployment/access_class/manifests/
    puppet/deployment/access_class/manifests/init.pp

Added: puppet/deployment/access_class/manifests/init.pp
===================================================================
--- puppet/deployment/access_class/manifests/init.pp	                        (rev 0)
+++ puppet/deployment/access_class/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -0,0 +1,28 @@
+class access_class {
+ 
+  # beware , theses classes are exclusives
+  # if you need multiple group access, you need to define you own class
+  # of access  
+ 
+  # for server where only admins can connect
+  class admin {
+    pam::multiple_ldap_access { "admin":
+        access_classes => ['mga-sysadmin']
+    }
+  }
+
+  # for server where people can connect with ssh ( git, svn )
+  class committers {
+    # this is required, as we force the shell to be the restricted one
+    # openssh will detect if the file do not exist and while refuse to log the
+    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+    # so the file must exist
+    # permission to use svn, git, etc must be added separatly
+     
+    include restrictshell::shell
+
+    pam::multiple_ldap_access { "committers":
+        access_classes => ['mga-commiters']
+    }
+  }
+}

Modified: puppet/manifests/nodes.pp
===================================================================
--- puppet/manifests/nodes.pp	2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/manifests/nodes.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -21,7 +21,7 @@
     include buildsystem::mainnode
     include buildsystem::mgacreatehome
 
-    include pam::committers_access
+    include access_class::committers
     include restrictshell::allow_svn
     include restrictshell::allow_pkgsubmit
     include openssh::ssh_keys_from_ldap

Modified: puppet/modules/pam/manifests/init.pp
===================================================================
--- puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:32 UTC (rev 780)
@@ -47,30 +47,4 @@
   define multiple_ldap_access($access_classes) {
     include base
   }
- 
-  # beware , this two classes are exclusives
-  # if you need multiple group access, you need to define you own class
-  # of access  
- 
-  # for server where only admins can connect
-  class admin_access {
-    multiple_ldap_access { "admin_access":
-        access_classes => ['mga-sysadmin']
-    }
-  }
-
-  # for server where people can connect with ssh ( git, svn )
-  class committers_access {
-    # this is required, as we force the shell to be the restricted one
-    # openssh will detect if the file do not exist and while refuse to log the
-    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
-    # so the file must exist
-    # permission to use svn, git, etc must be added separatly
-     
-    include restrictshell::shell
-
-    multiple_ldap_access { "committers_access":
-        access_classes => ['mga-commiters']
-    }
-  }
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110113/b11cf251/attachment-0001.html>

More information about the Mageia-sysadm mailing list