* (#6) Add a new defined class to manage groups for PVE WebGUI.
This commit is contained in:
parent
2ed08834f2
commit
7edd0c055b
@ -3,6 +3,7 @@
|
|||||||
* Add a variable to choose to keep PVE enterprise repo for the subscribers.
|
* Add a variable to choose to keep PVE enterprise repo for the subscribers.
|
||||||
* (#4) Add an access control list for PveProxy.
|
* (#4) Add an access control list for PveProxy.
|
||||||
* (#4) Add a new class to manage Proxmox's service (proxmox::hypervisor::service).
|
* (#4) Add a new class to manage Proxmox's service (proxmox::hypervisor::service).
|
||||||
|
* (#6) Add a new defined class to manage groups for PVE WebGUI.
|
||||||
|
|
||||||
---------------------------------------
|
---------------------------------------
|
||||||
|
|
||||||
|
|||||||
62
manifests/hypervisor/group.pp
Normal file
62
manifests/hypervisor/group.pp
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
# == Define: proxmox::hypervisor::group
|
||||||
|
#
|
||||||
|
# Manage groups and permissions to access the PVE ressources
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*group*]
|
||||||
|
# _default_: +$title+, the title/name of the ressource
|
||||||
|
#
|
||||||
|
# Is the group's name.
|
||||||
|
#
|
||||||
|
# [*role*]
|
||||||
|
# _default_: +undef+
|
||||||
|
#
|
||||||
|
# [*acl_path*]
|
||||||
|
# _default_: +/+
|
||||||
|
#
|
||||||
|
# The objects in Proxmox form a tree, virtual machines (/vms/$vmid), storage
|
||||||
|
# (/storage/$storageid) or ressource (/pool/$poolname). The role for this
|
||||||
|
# group will be applied on this path.
|
||||||
|
#
|
||||||
|
# [*permission_file*]
|
||||||
|
# _default_: +/etc/pve/user.cfg+
|
||||||
|
#
|
||||||
|
# The file where group's informations are stored.
|
||||||
|
#
|
||||||
|
# [*users*]
|
||||||
|
# _default_: +undef+
|
||||||
|
#
|
||||||
|
# The user list members of this group. A user will be created if not exist.
|
||||||
|
#
|
||||||
|
define proxmox::hypervisor::group ( $group = $title, $role, $acl_path = '/', $permission_file = '/etc/pve/user.cfg', $users = '' ) {
|
||||||
|
|
||||||
|
# Manage group only if Proxmox is available
|
||||||
|
if $::is_proxmox == 'true' {
|
||||||
|
|
||||||
|
# Create the group in Proxmox
|
||||||
|
exec { "create_${group}_group":
|
||||||
|
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
|
||||||
|
command => "pveum groupadd ${group}",
|
||||||
|
unless => "grep '^group:${group}' ${permission_file}",
|
||||||
|
}
|
||||||
|
->
|
||||||
|
# Define the permission
|
||||||
|
exec { "add_${group}_permission":
|
||||||
|
path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
|
||||||
|
command => "pveum aclmod ${acl_path} -group ${group} -role ${role}",
|
||||||
|
unless => "grep '@${group}' ${permission_file}",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# The permissions file
|
||||||
|
if ! defined(File["${permission_file}"]) {
|
||||||
|
file { "${permission_file}":
|
||||||
|
ensure => present,
|
||||||
|
owner => root,
|
||||||
|
group => www-data,
|
||||||
|
mode => 0640,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
} # Public ressource: proxmox::hypervisor::group
|
||||||
Loading…
Reference in New Issue
Block a user