* (#6) Add a new defined class to manage groups for PVE WebGUI.

2015-01-13 18:56:40 +01:00 · 2015-01-13 18:56:40 +01:00 · 7edd0c055b
commit 7edd0c055b
parent 2ed08834f2
2 changed files with 63 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@
 * Add a variable to choose to keep PVE enterprise repo for the subscribers.
 * (#4) Add an access control list for PveProxy.
 * (#4) Add a new class to manage Proxmox's service (proxmox::hypervisor::service).
+* (#6) Add a new defined class to manage groups for PVE WebGUI.

 ---------------------------------------

--- a/manifests/hypervisor/group.pp
+++ b/manifests/hypervisor/group.pp
@ -0,0 +1,62 @@
+# == Define: proxmox::hypervisor::group
+#
+# Manage groups and permissions to access the PVE ressources
+#
+# === Parameters
+#
+# [*group*]
+#   _default_: +$title+, the title/name of the ressource
+#
+#   Is the group's name.
+#
+# [*role*]
+#   _default_: +undef+
+#
+# [*acl_path*]
+#   _default_: +/+
+#
+#   The objects in Proxmox form a tree, virtual machines (/vms/$vmid), storage
+#   (/storage/$storageid) or ressource (/pool/$poolname). The role for this
+#   group will be applied on this path.
+#
+# [*permission_file*]
+#   _default_: +/etc/pve/user.cfg+
+#
+#   The file where group's informations are stored.
+#
+# [*users*]
+#   _default_: +undef+
+#
+#   The user list members of this group. A user will be created if not exist.
+#
+define proxmox::hypervisor::group ( $group = $title, $role, $acl_path = '/', $permission_file = '/etc/pve/user.cfg', $users = '' ) {
+
+  # Manage group only if Proxmox is available
+  if $::is_proxmox == 'true' {
+
+    # Create the group in Proxmox
+    exec { "create_${group}_group":
+      path    => ['/bin','/sbin','/usr/bin','/usr/sbin'],
+      command => "pveum groupadd ${group}",
+      unless  => "grep '^group:${group}' ${permission_file}",
+    }
+    ->
+    # Define the permission
+    exec { "add_${group}_permission":
+      path    => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
+      command => "pveum aclmod ${acl_path} -group ${group} -role ${role}",
+      unless  => "grep '@${group}' ${permission_file}",
+    }
+  }
+
+  # The permissions file
+  if ! defined(File["${permission_file}"]) {
+    file { "${permission_file}":
+      ensure => present,
+      owner  => root,
+      group  => www-data,
+      mode   => 0640,
+    }
+  }
+
+} # Public ressource: proxmox::hypervisor::group