9b95aa0a35
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
73 lines
1.6 KiB
Puppet
73 lines
1.6 KiB
Puppet
class platform::users::params (
|
|
$wrsroot_password = undef,
|
|
$wrsroot_password_max_age = undef,
|
|
) {}
|
|
|
|
|
|
class platform::users
|
|
inherits ::platform::users::params {
|
|
|
|
include ::platform::params
|
|
|
|
group { 'wrs':
|
|
ensure => 'present',
|
|
} ->
|
|
|
|
# WRS: Create a 'wrs_protected' group for wrsroot and all openstack services
|
|
# (including TiS services: sysinv, etc.).
|
|
group { $::platform::params::protected_group_name:
|
|
ensure => 'present',
|
|
gid => $::platform::params::protected_group_id,
|
|
} ->
|
|
|
|
user { 'wrsroot':
|
|
ensure => 'present',
|
|
groups => ['wrs', 'root', $::platform::params::protected_group_name],
|
|
home => '/home/wrsroot',
|
|
password => $wrsroot_password,
|
|
password_max_age => $wrsroot_password_max_age,
|
|
shell => '/bin/sh',
|
|
} ->
|
|
|
|
# WRS: Keyring should only be executable by 'wrs_protected'.
|
|
file { '/usr/bin/keyring':
|
|
owner => 'root',
|
|
group => $::platform::params::protected_group_name,
|
|
mode => '0750',
|
|
}
|
|
}
|
|
|
|
|
|
class platform::users::bootstrap
|
|
inherits ::platform::users::params {
|
|
|
|
include ::platform::params
|
|
|
|
group { 'wrs':
|
|
ensure => 'present',
|
|
} ->
|
|
|
|
group { $::platform::params::protected_group_name:
|
|
ensure => 'present',
|
|
gid => $::platform::params::protected_group_id,
|
|
} ->
|
|
|
|
user { 'wrsroot':
|
|
ensure => 'present',
|
|
groups => ['wrs', 'root', $::platform::params::protected_group_name],
|
|
home => '/home/wrsroot',
|
|
password_max_age => $wrsroot_password_max_age,
|
|
shell => '/bin/sh',
|
|
}
|
|
}
|
|
|
|
|
|
class platform::users::runtime {
|
|
include ::platform::users
|
|
}
|
|
|
|
class platform::users::upgrade {
|
|
include ::platform::users
|
|
}
|
|
|