---
message: "This node is using common data"
profile::sssd::enablemkhomedir: true
profile_allow_ssh_from_bastion::bastion_nodelist:
- "141.142.148.5"
- "141.142.236.22"
- "141.142.236.23"
- "141.142.148.24"
profile_allow_ssh_from_bastion::groups:
- org_asd
- org_irst
profile_sudo::configs:
common_disabled_users:
priority: 1
content:
- "#deny former NCSA users"
- "%all_disabled_usr ALL=(ALL) !ALL"
profile_sudo::groups:
org_asd: "ALL=(ALL) NOPASSWD: ALL"
org_irst: "ALL=(ALL) NOPASSWD: ALL"
sssd::debug_level: 0
sssd::domains:
ncsa.illinois.edu:
access_provider: "simple"
auth_provider: "krb5"
cache_credentials: false
chpass_provider: "krb5"
debug_level: 0
enumerate: false
id_provider: "ldap"
krb5_auth_timeout: 3
krb5_lifetime: "25h"
krb5_realm: "NCSA.EDU"
krb5_renew_interval: 3600
krb5_renewable_lifetime: "7d"
krb5_use_kdcinfo: false
krb5_validate: true
ldap_backup_uri:
- ldaps://ldap.ncsa.illinois.edu
#- ldaps://ldap3.ncsa.illinois.edu
#- ldaps://ldap4.ncsa.illinois.edu
ldap_group_member: "uniqueMember"
ldap_group_search_base: "dc=ncsa,dc=illinois,dc=edu"
ldap_schema: "rfc2307bis"
ldap_search_base: "dc=ncsa,dc=illinois,dc=edu"
#ldap_tls_cacert: "/etc/pki/ca-trust/source/anchors/incommon-ca.pem"
# Above not present on CentOS; below one is
ldap_tls_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
ldap_tls_reqcert: "demand"
ldap_uri:
- ldaps://ldap1.ncsa.illinois.edu
- ldaps://ldap2.ncsa.illinois.edu
ldap_user_search_base: "dc=ncsa,dc=illinois,dc=edu"
# LEAVE simple_allow_groups BLANK - ncsa/sshd MODULE DYNAMICALLY ADDS GROUPS
#simple_allow_groups:
simple_deny_groups:
- all_disabled_usr
sssd::services:
nss:
override_homedir: "/home/%u"
shell_fallback: "/bin/bash"
allowed_shells:
- /usr/ncsa/bin/tcsh
- /usr/ncsa/bin/bash
- /usr/ncsa/bin/zsh
- /bin/csh
- /bin/tcsh
- /bin/zsh
vetoed_shells:
- /usr/ncsa/bin/tcsh
- /usr/ncsa/bin/bash
- /usr/ncsa/bin/zsh
- /bin/csh
filter_groups:
- adm
- apache
- asmadmin
- asmdba
- asmoper
- audio
- avahi
- avahi-autoipd
- backupdba
- bin
- cdrom
- cgred
- chronograf
- chrony
- condor
- conserver
- daemon
- dba
- dbus
- dgdba
- dhcpd
- dialout
- dip
- disk
- docker
- elasticsearch
- floppy
- ftp
- games
- geoclue
- git
- gitlab-prometheus
- gitlab-psql
- gitlab-redis
- gitlab-www
- grafana
- graylog
- graylog-web
- hsqldb
- influxdb
- input
- kmdba
- kmem
- ldap
- levelone
- lock
- lp
- mail
- man
- mem
- mongod
- munge
- myproxy
- myproxyoauth
- mysql
- nagios
- named
- nfsnobody
- nobody
- nrpe
- nscd
- ntp
- oinstall
- oper
- oprofile
- pdagent
- polkitd
- postdrop
- postfix
- postgres
- puppet
- puppetdb
- qserv
- qualys
- rabbitmq
- racdba
- redis
- root
- rpc
- rpcuser
- saslauth
- screen
- sfcb
- simpleca
- slocate
- slurm
- sshd
- ssh_keys
- sssd
- stapdev
- stapsys
- stapusr
- suiadmin
- SupportAssistAdmins
- SupportAssistUsers
- sys
- systemd-bus-proxy
- systemd-journal
- systemd-network
- tape
- tcpdump
- telegraf
- tss
- tty
- unbound
- users
- utempter
- utmp
- video
- wheel
filter_users:
- activemq
- adm
- apache
- avahi
- avahi-autoipd
- bin
- chronograf
- chrony
- condor
- daemon
- dbus
- docker
- elasticsearch
- ftp
- games
- geoclue
- grafana
- graylog
- graylog-web
- grid
- halt
- hsqldb
- influxdb
- ldap
- lp
- mail
- mongod
- munge
- myproxy
- myproxyoauth
- mysql
- nagios
- nfsnobody
- nobody
- nrpe
- nscd
- nslcd
- ntp
- operator
- oprofile
- oracle
- pdagent
- polkitd
- postfix
- rabbitmq
- redis
- rsbackup
- qserv
- qualys
- root
- rpc
- rpcuser
- saslauth
- shutdown
- simpleca
- slurm
- sshd
- sssd
- suiadmin
- sync
- systemd-bus-proxy
- systemd-network
- tcpdump
- telegraf
- tomcat
- tss
- unbound
- wireshark
# NCSA LDAP users w/ uid below 1000:
- acraig
- bw
- cbushell
- ceperley
- cox
- ferguson
- johns
- lex
- norman
- proth
- radha
- redman
- rkufrin
- scott
- scoyle
- straka
- svinson
- u10956
- welge
- wicker
pam: {}
telegraf::agent:
flush_interval: "10s"
metric_buffer_limit: "100000"
telegraf::flush_jitter: "10s"
telegraf::inputs:
cpu:
percpu: false
totalcpu: true
disk:
ignore_fs:
- "devtmpfs"
- "devfs"
ipmi_sensor:
path: "/usr/bin/ipmitool"
interval: "60s"
timeout: "10s"
mem: [{}]
net:
interfaces:
- "e*"
- "bond*"
processes: [{}]
puppetagent:
location: "/opt/puppetlabs/puppet/cache/state/last_run_summary.yaml"
swap: [{}]
system: [{}]
systemd_units:
unittype: "service"
telegraf::interval: "60s"
telegraf::manage_repo: true
telegraf::outputs: {}