Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 12 of 12
Well, installing the tool boils down to Code: yum install puppet A very (,very) basic manifest for sudo can look like this: Code: package { 'sudo': ensure => installed, } ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,221

    Well, installing the tool boils down to
    Code:
    yum install puppet
    A very (,very) basic manifest for sudo can look like this:
    Code:
    package { 'sudo':
      ensure => installed,
    }
    file { '/etc/sudoers.d/irithori':
      ensure  => 'present',
      mode    => '0440',
      content => "irithori          ALL=(ALL)            ALL\n",
      require => Package['sudo'],
    }
    In the next iteration, you might want to replace the content attribute with source.
    This means, that a file from a central puppet master instance is copied to each affected node.
    Code:
      source  => 'puppet:///modules/sudo/irithori',
    The next iteration might introduce a template that getīs a list of valid users and generates the appropiate lines.

    Code:
    $sudoers_conf = [
      {  "bob"  => 'ALL=(ALL)            ALL',
        "jane" => 'ALL=(ALL)            ALL',
      },
    ]
    package { 'sudo':
      ensure => installed,
    }
    file { '/etc/sudoers.d/puppet_generated_sudoers':
      ensure  => 'present',
      mode    => '0440',
      content => template('sudo/puppet_generated_sudoers.erb'),
      require => Package['sudo'],
    }
    
    
    The template "puppet_generated_sudoers.erb" might look like this :
    <% sudoers_conf.each do |user,params| -%>
      <%= user -%>  <%= params %>
    <% end -%>
    The next iteration might separate code from config via the "hiera" module.

    You see, this is really up to you and what you want to achieve on your machines.
    The above essentially makes sure a rpm is installed
    and it manages one file.

    What good does it do?
    For starters:
    The config is generated. So the amount of possible errors is already reduced.
    As a consequence, manual configs are a NoGo. Any config needs to happen via manifests.
    Manifests are under version controll of course.

    Still, someone could write garbage into the sudo config part of the manifest.
    No big deal.
    Once you realize this, correct the error.
    On the next puppet run, the fixed file will be distributed to the nodes and all is well again.



    Disclaimer:
    I didnt test the code above, jsut wrote it from the top of my head.
    For sure I made my usual amount of typos
    Last edited by Irithori; 06-19-2012 at 07:14 PM.
    You must always face the curtain with a bow.

  2. #12
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,221
    .. to add "1" to the end of the line ..
    Yes, should work.
    You could alternatively add: init=/bin/bash
    You must always face the curtain with a bow.

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •