Ask Your Question
0

How can I make this more efficient?

asked 2016-07-09 14:22:11 -0500

AndyWojo gravatar image

Hi,

I have the following base.pp:

#
# This is the base node, where we declare most things that get inheritted
#
node base {
  include sudoers::d
  include centrify::centrifydc

  include ssh_keys


  exec { 'awhome':
    command => '/bin/su - awojnarek -c echo'
  }

  ssh_keys::user{'awojnarek':
    manage_ssh_dir => true,
  }

  ssh_keys::authorized_key{'laptop':
    key_line => 'ssh-rsa     ssh key here  awojnarek@Andrews-MacBook-Pro.local',
    user     => 'awojnarek',
  }

So here's the thing. I'm using puppet to install and configure centrify. This joins the (linux) server into our AD so anyone can log in with their AD credentials. Then I'm executing a /bin/su to log into each account I want so it creates the home directory, and then I push the SSH key out.

This works fine, but it leaves for a lengthy manifest. I have to do it this way because centrify doesn't actually create home directories, it gets created when the user logins. I can't push the SSH key out until the home directory is there. How would I put an exec, or something in the SSH key section that will make it do the su so it logs in.

Or how do I condense down?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2016-07-11 04:00:11 -0500

You should refactor into proper roles & profiles and you'll end up with code as follows:

manifests/site.pp

node 'base.example.com' {
  include role::base
}

site/modules/role/manifests/base.pp

class role::base {
  include profile::base
}

site/modules/profile/manifests/base.pp

class profile::base {
  include sudoers::d
  include centrify::centrifydc
  include profile::base::ssh
}

site/modules/profile/manifests/base/ssh.pp

class profile::base::ssh {
  include ssh_keys

  exec { 'awhome':
    command => '/bin/su - awojnarek -c echo'
  }

  ssh_keys::user{'awojnarek':
    manage_ssh_dir => true,
  }

  ssh_keys::authorized_key{'laptop':
    key_line => 'ssh-rsa     ssh key here  awojnarek@Andrews-MacBook-Pro.local',
    user     => 'awojnarek',
  }
}

You can read more about the roles and profiles pattern here for example.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-07-09 14:22:11 -0500

Seen: 44 times

Last updated: Jul 11 '16