What I seem to be missing is do you have subsequent classes called
sudo::user_alias and sudo::user_priv? I get the Hiera yaml file setup, not
how to use them selectively to have them added to the sudoers file.
Thanks!
--
You received this message because you are subscribed to the Google Group
Thanks. That is probably definitely easier than what I planned to try to
hack into place.
On Apr 23, 2017 16:45, "Rob Nelson" wrote:
> James,
>
> Sure, I've whipped up a gist for this in the past at
> https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By
> setting a deep merge on
James,
Sure, I've whipped up a gist for this in the past at
https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By
setting a deep merge on the key profile::base::linux::sudo_confs, I can add
to its hash value wherever I want in my hierarchy and a new sudoers.d
configuration snippet
I will look into that John, thanks. I haven't gotten to the Yaml level
yet, but we already have a temple we use now that is standard across the OS
we support. We then add in lines accordingly.
I had some luck with the sudo::config setup, so I may try to merge the two.
With having a class per
I use a template for a single /etc/sudoers:
# /etc/sudoers #
# This file MUST be edited with the 'visudo' command as root.
#
# Of course, if you do, Puppet will completely rewrite it 30 minutes later.
#
Defaultsenv_reset
<% unless @cmd_aliases.empty? -%>
# Cmnd alias specificati
BTW. I am running Foreman 1.14.3 and Puppet 4. All class assignments to
nodes are done via Foreman versus the site.pp.
On Friday, April 21, 2017 at 1:33:38 PM UTC-4, James Perry wrote:
>
> Thanks. I looked at saz/sudo, but at least they I did it, it didn't for my
> needs. We have a wide range o
Thanks. I looked at saz/sudo, but at least they I did it, it didn't for my
needs. We have a wide range of hosts that would have oracle, dba and tomcat
sudo rules. On another it would only have dba rules.
I didn't quite get how I would have it setup the sudo::conf blocks to do
what I would nee
Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it
manages /etc/sudoers.d with `sudo::conf` instances and purges
/etc/sudoers.d of anything it didn't create, but if something else is
managing files in that directory you can set `sudo::purge: false` so they
can share nicely.
Rob
I'm at an impasse.
Due to changing requirements we have different local service accounts being
added 'ad hoc' to various servers. Each needs their own set of sudoers
lines. When moving from Puppet 0.25 to Puppet 4 I had to kludge something
together in a hurry. It works, but not well.
I look
