# == Define: proxmox::hypervisor::group # # Manage groups and permissions to access the PVE ressources # # === Parameters # # [*group*] # _default_: +$title+, the title/name of the ressource # # Is the group's name. # # [*role*] # _default_: +undef+ # # [*acl_path*] # _default_: +/+ # # The objects in Proxmox form a tree, virtual machines (/vms/$vmid), storage # (/storage/$storageid) or ressource (/pool/$poolname). The role for this # group will be applied on this path. # # [*permission_file*] # _default_: +/etc/pve/user.cfg+ # # The file where group's informations are stored. # # [*users*] # _default_: +undef+ # # The user list members of this group. A user will be created if not exist. # define proxmox::hypervisor::group ( $group = $title, $acl_path = '/', $permission_file = '/etc/pve/user.cfg', $users = '', $role ) { File { owner => root, group => www-data, mode => 0640, } Exec { path => ['/bin','/sbin','/usr/bin','/usr/sbin'], logoutput => 'on_failure', } # Manage group only if Proxmox is available if $::is_proxmox == 'true' { # Create the group in Proxmox exec { "create_${group}_group": command => "pveum groupadd ${group}", unless => "grep '^group:${group}' ${permission_file}", } -> # Define the permission exec { "add_${group}_permission": command => "pveum aclmod ${acl_path} -group ${group} -role ${role}", unless => "grep '@${group}' ${permission_file}", } -> # Create user(s) and add it to this group proxmox::hypervisor::user { $users: group => $group, } # The permissions file if ! defined(File["${permission_file}"]) { file { "${permission_file}": ensure => present, } } } } # Public ressource: proxmox::hypervisor::group