I'm new to Puppet and have downloaded central_auth module in forge to implement AD login on Linux (CentOS) servers. After some tweaking, I finally got AD login to work. What I'm trying to do now is add a custom sudoers file in /etc/sudoers.d based on the value in the node's yaml file. The issue: /etc/sudoers.d/customsudo gets created but the contents are not correct.
Here are my configs:
in manifests/init.pp
class central_auth (
# Class parameters are populated from External(hiera)/Defaults/Fail
Boolean $manage_auth = false,
Boolean $enable_sssd = true,
Boolean $enable_pam_access = false,
Boolean $manage_pam_files = true,
) {
if $manage_auth {
class { 'central_auth::install': }
-> class { 'central_auth::config': }
-> class { 'central_auth::pam': }
-> class { 'central_auth::join_ad': }
-> class { 'central_auth::service': }
-> class { 'central_auth::custom_sudoers': }
}
}
in manifests/custom_sudoers.pp
class central_auth::custom_sudoers (
Any $sudoersgrp = $central_auth::sudoersgrp,
) {
if $sudoersgrp {
file { '/etc/sudoers.d/customsudo':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template( 'central_auth/sudogroup.epp' ),
} } }
in templates/sudogroup.epp
%<%= $sudoersgrp %> ALL=(ALL) NOPASSWD: ALL
In the node's yaml file, I added these lines to call the central_auth class:
classes:
- central_auth
central_auth::manage_auth: true
central_auth::enable_sssd: true
central_auth::enable_pam_access: true
central_auth::manage_pam_files: true
central_auth::sudoersgrp: 'CustomSudoers'
In the client's /etc/sudoers.d/customsudo file that was created, it only appears like the below. I want 'CustomSudoers' to be passed on $sudoersgrp varible in manifests/custom_sudoers.pp which will create /etc/sudoers.d/customsudo file.
What it should look like in /etc/sudoers.d/customsudo:
%CustomSudoers ALL=(ALL) NOPASSWD: ALL
CodePudding user response:
Fixed now after watching a tutorial in Udemy. :)
in init.pp
class central_auth (
# Class parameters are populated from External(hiera)/Defaults/Fail
Boolean $manage_auth = false,
Boolean $enable_sssd = true,
Boolean $enable_pam_access = false,
Boolean $manage_pam_files = true,
Any $sudoersgrp = undef,
) {
if $manage_auth {
class { 'central_auth::install': }
-> class { 'central_auth::config': }
-> class { 'central_auth::pam': }
-> class { 'central_auth::join_ad': }
-> class { 'central_auth::service': }
-> class { 'central_auth::custom_sudoers': }
}
}
in manifests/custom_sudoers.pp
class central_auth::custom_sudoers (
Any $sudoersgrp = $central_auth::sudoersgrp,
) {
if $sudoersgrp {
file { '/etc/sudoers.d/customsudo':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => epp('central_auth/sudogroup.epp', {
'sudoersgrp' => $sudoersgrp,
} ),
}
}
}