Created
June 27, 2019 16:14
-
-
Save perfecto25/e279600d5d8e48ce3b436972edb1e1de to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!py | |
import yaml | |
import salt | |
import logging | |
log = logging.getLogger(__name__) | |
def configure_user(host_users, all_users, config, host): | |
''' configure a User - add Group, Home Dir, SSH keys, etc ''' | |
host = __grains__['id'] | |
# Root config | |
config['bashrc_root'] = { | |
'file.managed': [ | |
{'name': '/root/.bashrc'}, | |
{'user': 'root'}, | |
{'group': 'root'}, | |
{'template': 'jinja'}, | |
{'mode': '0644'}, | |
{'source': 'salt://formula/user/files/bashrc/root.j2'} | |
] | |
} | |
config['vimrc_root'] = { | |
'file.managed': [ | |
{'name': '/root/.vimrc'}, | |
{'user': 'root'}, | |
{'group': 'root'}, | |
{'mode': '0644'}, | |
{'source': 'salt://formula/user/files/vimrc/default'} | |
] | |
} | |
# common user functions | |
config['spaceball_env'] = { | |
'file.managed': [ | |
{'name': '/etc/profile.d/spaceball_env'}, | |
{'source': 'salt://formula/user/files/bashrc/spaceball_env.j2'}, | |
{'template': 'jinja'}, | |
{'user': 'root'}, | |
{'group': 'root'}, | |
{'mode': '0644'} | |
] | |
} | |
for h_user in host_users: | |
if h_user in all_users: | |
config[h_user] = { | |
'group.present': [ | |
{'gid': all_users[h_user]['uid']} | |
], | |
'user.present': [ | |
{'fullname': all_users[h_user]['fullname']}, | |
{'uid': all_users[h_user]['uid']}, | |
{'gid': all_users[h_user]['uid']}, | |
{'allow_uid_change': 'True'}, | |
{'allow_gid_change': 'True'}, | |
{'createhome': 'True'}, | |
{'require': [{'group': h_user}]} | |
] | |
} | |
# set additional User preferences | |
if 'shell' in all_users[h_user]: | |
config[h_user]['user.present'][0]['shell'] = all_users[h_user]['shell'] | |
if 'home' in all_users[h_user]: | |
config[h_user]['user.present'][0]['home'] = all_users[h_user]['home'] | |
if 'groups' in all_users[h_user]: | |
config[h_user]['user.present'][0]['groups'] = all_users[h_user]['groups'] | |
# configure user's Home dir | |
config[h_user + '_home_dir'] = { | |
'file.directory': [ | |
{'name': '/home/' + h_user}, | |
{'mode': '700'}, | |
{'user': h_user}, | |
{'group': h_user}, | |
{'require': [{'user': h_user}]} | |
] | |
} | |
# configure user's SSH dir | |
config[h_user + '_ssh_dir'] = { | |
'file.directory': [ | |
{'name': '/home/' + h_user + '/.ssh'}, | |
{'mode': '700'}, | |
{'user': h_user}, | |
{'group': h_user}, | |
{'require': [{'user': h_user}]} | |
] | |
} | |
config['source_spaceball_env_' + h_user] = { | |
'file.append': [ | |
{'name': '/home/' + h_user + '/.bashrc'}, | |
{'text': 'source /etc/profile.d/spaceball_env'}, | |
{'require': [{'user': h_user}]} | |
] | |
} | |
# manage authorized users | |
if 'authorized_users' in all_users[h_user]: | |
auth_keys = [] | |
# append user keys | |
for auth_user in all_users[h_user]['authorized_users'][host]: | |
if 'ssh_keys' in all_users[auth_user]: | |
for auth_key in all_users[auth_user]['ssh_keys']: | |
auth_keys.append(auth_key) | |
# append invidual keys | |
if 'ssh_keys' in all_users[h_user]: | |
for key in all_users[h_user]['ssh_keys']: | |
auth_keys.append(key) | |
config['/home/' + h_user + '/.ssh/authorized_keys'] = { | |
'file.managed': [ | |
{'source': 'salt://formula/user/files/authorized_keys.j2'}, | |
{'template': 'jinja'}, | |
{'user': h_user}, | |
{'group': h_user}, | |
{'mode': '0600'}, | |
{'context':{'auth_keys': auth_keys}} | |
] | |
} | |
# manage authorized_keys file | |
elif 'ssh_keys' in all_users[h_user]: | |
for key in all_users[h_user]['ssh_keys']: | |
config[h_user + '_ssh_key_' + key] = { | |
'ssh_auth.present': [ | |
{'user': h_user}, | |
{'name': key} | |
] | |
} | |
return config | |
def run(): | |
config = {} | |
users_file = __salt__.cp.cache_file('salt://formula/user/files/all_users.yaml') | |
host_users = __salt__['pillar.get']('users') | |
host = __grains__['id'] | |
if not host_users: | |
return {} | |
try: | |
with open(users_file, 'rb') as f: | |
all_users = yaml.safe_load(f.read()) | |
except Exception as e: | |
log.error('cannot open all_users.yaml') | |
return {} | |
return configure_user(host_users, all_users, config, host) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment