puppet
/
proxmox
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add defaults attributes for some ressources for the defined types 

group and user.
This commit is contained in:
gardouille 2015-01-14 21:33:08 +01:00
parent 23a442b0ee
commit f4ae152134
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
manifests/hypervisor/group.pp
View File

@ -31,19 +31,28 @@
# #
define proxmox::hypervisor::group ( $group = $title, $role, $acl_path = '/', $permission_file = '/etc/pve/user.cfg', $users = '' ) { define proxmox::hypervisor::group ( $group = $title, $role, $acl_path = '/', $permission_file = '/etc/pve/user.cfg', $users = '' ) {
File {
owner => root,
group => www-data,
mode => 0640,
}
Exec {
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
logoutput => 'on_failure',
}
# Manage group only if Proxmox is available # Manage group only if Proxmox is available
if $::is_proxmox == 'true' { if $::is_proxmox == 'true' {
# Create the group in Proxmox # Create the group in Proxmox
exec { "create_${group}_group": exec { "create_${group}_group":
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
command => "pveum groupadd ${group}", command => "pveum groupadd ${group}",
unless => "grep '^group:${group}' ${permission_file}", unless => "grep '^group:${group}' ${permission_file}",
} }
-> ->
# Define the permission # Define the permission
exec { "add_${group}_permission": exec { "add_${group}_permission":
path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
command => "pveum aclmod ${acl_path} -group ${group} -role ${role}", command => "pveum aclmod ${acl_path} -group ${group} -role ${role}",
unless => "grep '@${group}' ${permission_file}", unless => "grep '@${group}' ${permission_file}",
} }
@ -58,9 +67,6 @@ define proxmox::hypervisor::group ( $group = $title, $role, $acl_path = '/', $pe
if ! defined(File["${permission_file}"]) { if ! defined(File["${permission_file}"]) {
file { "${permission_file}": file { "${permission_file}":
ensure => present, ensure => present,
owner => root,
group => www-data,
mode => 0640,
} }
} }

8
manifests/hypervisor/user.pp
View File

@ -21,6 +21,11 @@
# #
define proxmox::hypervisor::user ( $user = $title, $group = '', $permission_file = '/etc/pve/user.cfg' ) { define proxmox::hypervisor::user ( $user = $title, $group = '', $permission_file = '/etc/pve/user.cfg' ) {
Exec {
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
logoutput => 'on_failure',
}
# Manage user only if Proxmox is available # Manage user only if Proxmox is available
if $::is_proxmox == 'true' { if $::is_proxmox == 'true' {
@ -31,14 +36,12 @@ define proxmox::hypervisor::user ( $user = $title, $group = '', $permission_file
if empty($group) == false { if empty($group) == false {
# Create the user in Proxmox # Create the user in Proxmox
exec { "add_${user}_user": exec { "add_${user}_user":
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
command => "pveum useradd ${user}", command => "pveum useradd ${user}",
unless => "grep '^user:${user}' ${permission_file}", unless => "grep '^user:${user}' ${permission_file}",
} }
-> ->
# Then add this user to a group # Then add this user to a group
exec { "add_${user}_to_${group}": exec { "add_${user}_to_${group}":
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
command => "pveum usermod ${user} -group ${group}", command => "pveum usermod ${user} -group ${group}",
# The grep command should return 2 lines (minium) that match the pattern # The grep command should return 2 lines (minium) that match the pattern
unless => "test `grep '${user}' -c ${permission_file}` -ge 2", unless => "test `grep '${user}' -c ${permission_file}` -ge 2",
@ -47,7 +50,6 @@ define proxmox::hypervisor::user ( $user = $title, $group = '', $permission_file
else { else {
# Create the user in Proxmox # Create the user in Proxmox
exec { "add_${user}_user": exec { "add_${user}_user":
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
command => "pveum useradd ${user}", command => "pveum useradd ${user}",
unless => "grep '^user:${user}' ${permission_file}", unless => "grep '^user:${user}' ${permission_file}",
} }