sudo

UNKNOWN

Project URL RSS Feed Report issues

Module Stats

122,947,116 downloads

18,339 latest version

3.6 quality score

Version information

released Apr 19th 2014

This version is compatible with:

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'saz-sudo', '3.0.6'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add saz-sudo

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install saz-sudo --version 3.0.6

Tags: sudo

Documentation

saz/sudo — version 3.0.6 Apr 19th 2014

puppet-sudo

Manage sudo configuration via Puppet

Gittip

Usage

WARNING

This module will purge your current sudo config

If this is not what you're expecting, set purge and/or config_file_replace to false

Install sudo with default sudoers

Purge current sudo config

    class { 'sudo': }

Purge sudoers.d directory, but leave sudoers file as it is

    class { 'sudo':
      config_file_replace => true,
    }

Leave current sudo config as it is

    class { 'sudo':
      purge               => false,
      config_file_replace => false,
    }

Adding sudoers configuration

Using Code

    class { 'sudo': }
    sudo::conf { 'web':
      source => 'puppet:///files/etc/sudoers.d/web',
    }
    sudo::conf { 'admins':
      priority => 10,
      content  => "%admins ALL=(ALL) NOPASSWD: ALL",
    }
    sudo::conf { 'joe':
      priority => 60,
      source   => 'puppet:///files/etc/sudoers.d/users/joe',
    }

Using Hiera

A hiera hash may be used to assemble the sudoers configuration. Hash merging is also enabled, which supports layering the configuration settings.

Examples using:

YAML backend
an environment called production
a /etc/puppet/hiera.yaml hierarchy configuration:

:hierarchy:
  - "%{environment}"
  - "defaults"

Load module

Using Puppet version 3+

Load the module via Puppet Code or your ENC.

    include sudo

Using Puppet version 2.7+

After Installing Hiera:

Load the sudo and sudo::configs modules via Puppet Code or your ENC.

    include sudo
    include sudo::configs

Configure Hiera YAML (defaults.yaml)

These defaults will apply to all systems.

sudo::configs:
    'web':
        'source'    : 'puppet:///files/etc/sudoers.d/web'
    'admins':
        'content'   : "%admins ALL=(ALL) NOPASSWD: ALL"
        'priority'  : 10
    'joe':
        'priority'  : 60
        'source'    : 'puppet:///files/etc/sudoers.d/users/joe'

Configure Hiera YAML (production.yaml)

This will only apply to the production environment. In this example we are:

inheriting/preserving the web configuration
overriding the admins configuration
removing the joe configuration

sudo::configs:
    'admins':
        'content'   : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
        'priority'  : 10
    'joe':
        'ensure'    : 'absent'
        'source'    : 'puppet:///files/etc/sudoers.d/users/joe'

If you have Hiera version >= 1.2.0 and enable Hiera Deeper Merging you may conditionally override any setting.

In this example we are:

inheriting/preserving the web configuration
overriding the admins:content setting
inheriting/preserving the admins:priority setting
inheriting/preserving the joe:source and joe:priority settings
removing the joe configuration

sudo::configs:
    'admins':
        'content'   : "%prodadmins ALL=(ALL) NOPASSWD: ALL"
    'joe':
        'ensure'    : 'absent'

sudo::conf / sudo::configs notes

You can pass template() through content parameter.
One of content or source must be set.

sudo class parameters

Parameter	Type	Default	Description
enable	boolean	true	Set this to remove or purge all sudoers configs
package	string	OS specific	Set package name (for unsupported platforms)
package_ensure	string	present	latest, absent, or a specific package version
package_source	string	OS specific	Set package source (for unsupported platforms)
purge	boolean	true	Purge unmanaged files from config_dir
config_file	string	OS specific	Set configfile (for unsupported platforms)_
config_file_replace	boolean	true	Replace config file with module config file
config_dir	string	OS specific	Set configdir (for unsupported platforms)_
source	string	OS specific	Set source (for unsupported platforms)

sudo::conf class / sudo::configs hash parameters

Parameter	Type	Default	Description
ensure	string	present	present or absent
priority	number	10	file name prefix
content	string	undef	content of configuration snippet
source	string	undef	source of configuration snippet
sudo_config_dir	string	OS Specific	configuration snippet directory (for unsupported platforms)

   Copyright 2012 Steffen Zieger

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.

Modules

Discover

Contribute

Resources

About Forge

Getting Started