81 lines
2.4 KiB
Puppet
81 lines
2.4 KiB
Puppet
# Copyright 2017 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::login_defs
|
|
#
|
|
# Sets login.defs Parameters
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*password_max_days*]
|
|
# (Optional) Set the maximum age allowed for passwords
|
|
# Defaults to hiera('password_max_days', 99999)
|
|
#
|
|
# [*password_min_days*]
|
|
# (Optional) Set the minimum age allowed for passwords
|
|
# Defaults to hiera('password_min_days', 7)
|
|
#
|
|
# [*password_warn_age*]
|
|
# (Optional) Set the warning period for password expiration
|
|
# Defaults to hiera('password_min_len', 6)
|
|
#
|
|
# [*password_min_len*]
|
|
# (Optional) Set the minimum allowed password length.
|
|
# Defaults to hiera('password_warn_age', 7)
|
|
#
|
|
# [*fail_delay*]
|
|
# (Optional) The period of time between password retries
|
|
# Defaults to hiera('fail_delay', 4)
|
|
|
|
class tripleo::profile::base::login_defs (
|
|
$password_max_days = hiera('password_max_days', 99999),
|
|
$password_min_days = hiera('password_min_days', 7),
|
|
$password_min_len = hiera('password_min_len', 6),
|
|
$password_warn_age = hiera('password_warn_age', 7),
|
|
$fail_delay = hiera('fail_delay', 4),
|
|
$step = Integer(hiera('step'))
|
|
) {
|
|
include ::tripleo::profile::base::login_defs
|
|
|
|
if $step >= 1 {
|
|
package { 'shadow-utils':
|
|
ensure => 'present'
|
|
}
|
|
|
|
augeas { 'login_defs':
|
|
context => '/files/etc/login.defs',
|
|
changes => [
|
|
"set PASS_MAX_DAYS ${password_max_days}",
|
|
"set PASS_MIN_DAYS ${password_min_days}",
|
|
"set PASS_MIN_LEN ${password_min_len}",
|
|
"set PASS_WARN_AGE ${password_warn_age}",
|
|
"set FAIL_DELAY ${fail_delay}"
|
|
],
|
|
}
|
|
|
|
file { '/etc/login.defs':
|
|
ensure => file,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
}
|
|
}
|
|
}
|