Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.0.0 < 8.0.0
- , , , , , , , , , , , , Gentoo, , ,
This module has been deprecated by its author since Apr 17th 2024.
The author has suggested puppet-nsswitch as its replacement.
Start using this module
Documentation
nsswitch.conf module for Puppet
A way of expressing nsswitch.conf configurations declaratively. This
should manage the standard 15 databases NSS supports, plus the sudo entry
respected by sudo since the 1.7.0 release.
Updated for Puppet 4 - No Puppet 3 Compatibility
The 2.x series of this module officially adopts the Puppet 4 parser syntax and
other new Puppet features. The 2.x series will no longer work with Puppet 3 or
earlier. One benefit is the removal of dependency the trlinkin-validate_multi
module.
Defaults
Currently this module has support for EL based Linux distributions, Fedora, Debian/Ubuntu, and Gentoo. This module by default will create a basic nsswitch.conf that uses defaults derived from what the distribution uses in the nsswitch.conf file on fresh install. These defaults have been verified on the mentioned distributions by the kindness and diligence of contributors, of which I'm very grateful.
Supported Systems
This module should be capable of supporting the following systems using
Puppet versions 4 and 5 with the ruby versions that are released with
the AIO (all in one installer). For an exact matrix see .travis.yml.
- Debian/Ubuntu 10.04, 12.04
- Solaris 10, 11, 11.1, 11.2, 11.3
- Variants of Enterprise Linux 6 and 7 (Such as Amazon Linux, Scientific Linux, etc)
- Fedora (defaults need validation)
- Gentoo
- FreeBSD 10.3, 10.4, 11.1
- LinuxMint 17.2
- SLES 11, 12
Testing has only confirmed functionality on the following:
- Ubuntu 12.4
- Fedora 19
- Centos 6/7
- RHEL 6/7
Usage
See REFERENCE.md for full API details.
nsswitch class
This is the class by which you will manage the nsswitch.conf file. There is one parameter per standard database NSS supports. The class accepts both strings and arrays as parameters. The benefit being, you could possibly merge an array of options with hiera. When using an array, each element should be the lookup service followed by the reaction statement.
Available parameters are:
- passwd
- group
- shadow
- hosts
- bootparams
- aliases
- automount
- ethers
- netgroup
- netmasks
- network
- protocols
- publickey
- rpc
- services
- shells
- sudo
For more information on NSS, please see the man pages. man 5 nsswitch.conf
Examples
# defaults only
include nsswitch
# setting a simple lookup
class { 'nsswitch':
publickey => 'nis',
}
# 'hosts' lookups contain a reaction statement for the 'dns' service
class { 'nsswitch':
passwd => ['ldap','files'],
hosts => ['dns [!UNAVAIL=return]','files'],
}
Example nsswitch.conf with all defaults for RHEL systems
# This file is controlled by Puppet
passwd: files
shadow: files
group: files
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
Reference
Table of Contents
Classes
nsswitch: Manages the system nsswitch.conf configurationnsswitch::params: nsswitch::params class Provides default values for the nsswitch module according to the operatingsystem being used.
Classes
nsswitch
This module creates a nsswitch.conf file with all the lines that determine
the sources from which to obtain name-service information in a range of
categories, and in what order.
- See also nsswitch.conf(5)
Examples
Basic example
include nsswitch
class { 'nsswitch':
passwd => ['ldap','files'],
hosts => ['dns [!UNAVAIL=return]','files'],
}
Parameters
The following parameters are available in the nsswitch class.
aliases
Data type: Optional[Variant[String, Array]]
Mail aliases, used by getaliasent() and related functions.
Default value: $nsswitch::params::aliases_default
automount
Data type: Optional[Variant[String, Array]]
Which conventions to use for automounting of homes.
Default value: $nsswitch::params::automount_default
bootparams
Data type: Optional[Variant[String, Array]]
Where bootparams shall be supplied from (e.g. for diskless clients at boot time using rpc.bootparamd).
Default value: $nsswitch::params::bootparams_default
ethers
Data type: Optional[Variant[String, Array]]
Ethernet numbers.
Default value: $nsswitch::params::ethers_default
file_group
Data type: Optional[Variant[String]]
Group of the nsswitch.conf file
Default value: $nsswitch::params::file_group
file_owner
Data type: Variant[String]
Owner of the nsswitch.conf file
Default value: 'root'
file_perms
Data type: Variant[String]
Permissions for the nsswitch.conf file
Default value: '0644'
group
Data type: Optional[Variant[String, Array]]
Groups of users, used by getgrent() and related functions.
Default value: $nsswitch::params::group_default
gshadow
Data type: Optional[Variant[String, Array]]
Shadow groups, used by getspnam() and related functions.
Default value: $nsswitch::params::gshadow_default
hosts
Data type: Optional[Variant[String, Array]]
Host names and numbers, used by gethostbyname() and related functions.
Default value: $nsswitch::params::hosts_default
netgroup
Data type: Optional[Variant[String, Array]]
Network-wide list of hosts and users, used for access rules.
Default value: $nsswitch::params::netgroup_default
netmasks
Data type: Optional[Variant[String, Array]]
Netmasks specify how much of the address to reserve for sub-dividing networks into subnetworks.
Default value: $nsswitch::params::netmasks_default
networks
Data type: Optional[Variant[String, Array]]
Network names and numbers, used by getnetent() and related functions.
Default value: $nsswitch::params::networks_default
passwd
Data type: Optional[Variant[String, Array]]
User passwords, used by getpwent() and related functions.
Default value: $nsswitch::params::passwd_default
protocols
Data type: Optional[Variant[String, Array]]
Network protocols, used by getprotoent() and related functions.
Default value: $nsswitch::params::protocols_default
publickey
Data type: Optional[Variant[String, Array]]
Public and secret keys for Secure_RPC used by NFS and NIS+.
Default value: $nsswitch::params::publickey_default
rpc
Data type: Optional[Variant[String, Array]]
Remote procedure call names and numbers, used by getrpcbyname() and related functions.
Default value: $nsswitch::params::rpc_default
services
Data type: Optional[Variant[String, Array]]
Network services, used by getservent() and related functions.
Default value: $nsswitch::params::services_default
shadow
Data type: Optional[Variant[String, Array]]
Shadow user passwords, used by getspnam() and related functions.
Default value: $nsswitch::params::shadow_default
shells
Data type: Optional[Variant[String, Array]]
Valid user shells, used by getusershell() and related functions.
Default value: $nsswitch::params::shells_default
sudoers
Data type: Optional[Variant[String, Array]]
Sudoers policy module users.
Default value: $nsswitch::params::sudoers_default
file_path
Data type: Stdlib::Unixpath
The path to nsswitch.conf on the system.
Default value: '/etc/nsswitch.conf'
nsswitch::params
nsswitch::params class Provides default values for the nsswitch module according to the operatingsystem being used.
Changelog
- Bump Version to 2.0.0 and amend change log
- Update README with Puppet 4 compatibility message
- Simplify the TravisCI matrix
- Add default for "sudoers" database to Solaris
- Add default shadow value of "undef" for Solaris
- Correct typo in unit tests
- Use $facts for all fact access
- Update travis configuration
- Remove dependencies from metadata.json
- Ensure puppet-lint used is 2.0.0 or higher
- Update metadata CI job
- Update automated testing for Puppet 4 features
- Use Puppet 4 style facts
- Move from ERB to EPP templates
- Update TravisCI to test only Puppet 4+
- Merge branch 'puppet4' into 2.x.x
- Add support for CloudLinux distributions
- Bump version to 1.2.0 and update changelog
- Change quoting of string in
params.pp - Correct
.travis.ymltests - Add unit tests for different EL versions
- Cleanup metadata tabbing and add EL 7 version
- Add Puppet/PE requirements to metadata.json
- Add explicit support for EL 7
- Change tabbing in params.pp
- Remove undesirable tags from metadata
- Merge pull request #15 from togge/master
- added support for gshadow
- Update Changelog and bump version to 1.1.0
- Extend Travis-CI testing
- Updates to the README.md
- Fixup the travis-ci configuration
- Removing Gemfile.lock - I was wrong
- Update spec tests to use Rspec 3.x syntax
- Refactor unit tests for changes in Rspec/Rspec-Puppet
- Add changes to Gemfile and add a Gemfile.lock
- Remove Gemfile.lock from the .gitignore
- Fix fact name in spec tests
- Add fixtures to .gitignore
- add OEL supprt
- making changes to pass lint
- Bump version to 1.0.0
- Adding license file
- Further clean up metadata.json
- Add travis-ci badge
- Correct wrong link in metadata.json
- Add .travis.yml for automated Travis-CI testing
- Add .rspec file for testing purposes
- Bump version to 0.1.0 for release
- Convert to metadata.json
- Add initial components of automated testing
- Remove useless filename selection
Dependencies
- puppetlabs/stdlib (>= 4.25.0 < 9.0.0)