devsnack/control-repo
1
0
Fork 0
Code Releases Activity

ASDPLNG-55: Review and test puppet-profile_sudo

Browse Source 
Add org_asd & org_irst as defaults for sudo groups
Disable sudo for all_disabled_usr group
Update profile_sudo to v0.1.1
This commit is contained in:
Bill Glick 2021-02-15 13:16:10 -06:00
parent 0e9d96eee7
commit 3476984ba3
No known key found for this signature in database
GPG Key ID: 11F4B27B369F39A4
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Puppetfile
View File

@ -18,7 +18,7 @@ mod 'ncsa/profile_allow_ssh_from_bastion', tag: 'v0.2.0', git: 'https://github.c
# mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall' # mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall'
mod 'ncsa/profile_pam_access', tag: 'v0.0.4', git: 'https://github.com/ncsa/puppet-profile_pam_access' mod 'ncsa/profile_pam_access', tag: 'v0.0.4', git: 'https://github.com/ncsa/puppet-profile_pam_access'
# mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master' # mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master'
# mod 'ncsa/profile_sudo', tag: 'v0.1.0', git: 'https://github.com/ncsa/profile_sudo' mod 'ncsa/profile_sudo', tag: 'v0.1.1', git: 'https://github.com/ncsa/puppet-profile_sudo'
# mod 'ncsa/profile_timezone', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_timezone' # mod 'ncsa/profile_timezone', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_timezone'
mod 'ncsa/sshd', tag: 'v0.3.0', git: 'https://github.com/ncsa/puppet-sshd' mod 'ncsa/sshd', tag: 'v0.3.0', git: 'https://github.com/ncsa/puppet-sshd'
mod 'ncsa/sssd', tag: 'v3.0.0', git: 'https://github.com/ncsa/puppet-sssd' mod 'ncsa/sssd', tag: 'v3.0.0', git: 'https://github.com/ncsa/puppet-sssd'
@ -37,7 +37,7 @@ mod 'puppetlabs/stdlib', '6.3.0'
# mod 'puppetlabs/xinetd', '3.3.0' # mod 'puppetlabs/xinetd', '3.3.0'
mod 'richardc-datacat', '0.6.2' mod 'richardc-datacat', '0.6.2'
# mod 'saz/limits', '3.0.4' # mod 'saz/limits', '3.0.4'
# mod 'saz/sudo', '6.0.0' mod 'saz/sudo', '6.0.0'
# mod 'saz/timezone', '6.0.0' # mod 'saz/timezone', '6.0.0'
# mod 'sharumpe-tcpwrappers', '1.0.4' # mod 'sharumpe-tcpwrappers', '1.0.4'
#mod 'sharumpe-tcpwrappers', tag: '1.0.7', git: 'https://github.com/sharumpe/puppet-tcpwrappers.git' #mod 'sharumpe-tcpwrappers', tag: '1.0.7', git: 'https://github.com/sharumpe/puppet-tcpwrappers.git'

10
data/common.yaml
View File

@ -12,6 +12,16 @@ profile_allow_ssh_from_bastion::groups:
- org_asd - org_asd
- org_irst - org_irst
profile_sudo::configs:
common_disabled_users:
priority: 1
content:
- "#deny former NCSA users"
- "%all_disabled_usr ALL=(ALL) !ALL"
profile_sudo::groups:
org_asd: "ALL=(ALL) NOPASSWD: ALL"
org_irst: "ALL=(ALL) NOPASSWD: ALL"
sssd::debug_level: 0 sssd::debug_level: 0
sssd::domains: sssd::domains:
ncsa.illinois.edu: ncsa.illinois.edu:

2
site-modules/profile/manifests/base.pp
View File

@ -6,7 +6,7 @@ class profile::base {
include ::profile_allow_ssh_from_bastion include ::profile_allow_ssh_from_bastion
# include ::profile_email # include ::profile_email
include ::profile_pam_access include ::profile_pam_access
# include ::profile_sudo include ::profile_sudo
# include ::profile_timezone # include ::profile_timezone
include ::profile::sssd include ::profile::sssd
include ::sshd include ::sshd