[Mageia-sysadm] [408] - split the module in 2 part, and add class to allow to more easyly
root at mageia.org
root at mageia.org
Tue Nov 23 02:11:10 CET 2010
Revision: 408
Author: misc
Date: 2010-11-23 02:11:10 +0100 (Tue, 23 Nov 2010)
Log Message:
-----------
- split the module in 2 part, and add class to allow to more easyly
combine the autorized shell
Modified Paths:
--------------
puppet/modules/restrictshell/manifests/init.pp
puppet/modules/restrictshell/templates/membersh-conf.pl
Modified: puppet/modules/restrictshell/manifests/init.pp
===================================================================
--- puppet/modules/restrictshell/manifests/init.pp 2010-11-23 01:11:08 UTC (rev 407)
+++ puppet/modules/restrictshell/manifests/init.pp 2010-11-23 01:11:10 UTC (rev 408)
@@ -1,5 +1,12 @@
class restrictshell {
class shell {
+ file {"/etc/membersh-conf.d":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 755,
+ }
+
file { '/usr/local/bin/sv_membersh.pl':
ensure => present,
owner => root,
@@ -7,16 +14,7 @@
mode => 755,
content => template("restrictshell/sv_membersh.pl"),
}
- }
- class base {
- include shell
- $allow_svn = "0"
- $allow_git = "0"
- $allow_rsync = "0"
- $allow_pkgsubmit = "0"
-
- $ldap_pwfile = "/etc/ldap.secret"
file { '/etc/membersh-conf.pl':
ensure => present,
owner => root,
@@ -24,6 +22,9 @@
mode => 755,
content => template("restrictshell/membersh-conf.pl"),
}
+ }
+
+ class ssh_keys_from_ldap {
package { 'python-ldap':
ensure => installed,
@@ -37,6 +38,7 @@
mode => 755,
}
+ $ldap_pwfile = "/etc/ldap.secret"
file { '/usr/local/bin/ldap-sshkey2file.py':
ensure => present,
owner => root,
@@ -47,9 +49,32 @@
}
}
- class allow_svn_git_pkgsubmit inherits base {
- $allow_svn = "1"
- $allow_git = "1"
- $allow_pkgsubmit = "1"
+ define allow {
+ include shell
+ file { "/etc/membersh-conf.d/allow_$name.pl":
+ ensure => "present",
+ owner => root,
+ group => root,
+ mode => 755,
+ content => "\$use_$name = 1;\n",
+ }
}
+
+ # yes, we could directly use the allow, but this is
+ # a nicer syntax
+ class allow_git {
+ allow{ "git": }
+ }
+
+ class allow_rsync {
+ allow{ "rsync": }
+ }
+
+ class allow_pkgsubmit {
+ allow{ "pkgsubmit": }
+ }
+
+ class allow_svn {
+ allow{ "svn": }
+ }
}
Modified: puppet/modules/restrictshell/templates/membersh-conf.pl
===================================================================
--- puppet/modules/restrictshell/templates/membersh-conf.pl 2010-11-23 01:11:08 UTC (rev 407)
+++ puppet/modules/restrictshell/templates/membersh-conf.pl 2010-11-23 01:11:10 UTC (rev 408)
@@ -1,16 +1,18 @@
-$use_svn = "<%= allow_svn %>";
+
+
$bin_svn = "/usr/bin/svnserve";
$regexp_svn = "^svnserve -t\$";
#@prepend_args_svn = ( '-r', '/svn' );
@prepend_args_svn = ();
-$use_git = "<%= allow_git %>";
$bin_git = "/usr/bin/git-shell";
-$use_rsync = "<%= allow_rsync %>";
$bin_rsync = "/usr/bin/rsync";
$regexp_rsync = "^rsync --server";
$regexp_dir_rsync = "^/.*";
-$use_pkgsubmit = "<%= allow_pkgsubmit %>";
+foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) {
+ do($f)
+}
+1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101123/0c4827d6/attachment-0001.html>
More information about the Mageia-sysadm
mailing list