/usr/share/puppet/modules.available/puppet-community-mcollective/manifests/user.pp is in puppet-module-puppet-community-mcollective 0.6.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | # Define - mcollective::user
define mcollective::user(
$username = $name,
$callerid = $name,
$group = $name,
$homedir = "/home/${name}",
$certificate = undef,
$private_key = undef,
# duplication of $ssl_ca_cert, $ssl_server_public, $connector,
# $middleware_ssl, $middleware_hosts, and $securityprovider parameters to
# allow for spec testing. These are otherwise considered private.
$ssl_ca_cert = $mcollective::ssl_ca_cert,
$ssl_server_public = $mcollective::ssl_server_public,
$middleware_hosts = $mcollective::middleware_hosts,
$middleware_ssl = $mcollective::middleware_ssl,
$securityprovider = $mcollective::securityprovider,
$connector = $mcollective::connector,
) {
file { [
"${homedir}/.mcollective.d",
"${homedir}/.mcollective.d/credentials",
"${homedir}/.mcollective.d/credentials/certs",
"${homedir}/.mcollective.d/credentials/private_keys",
]:
ensure => 'directory',
owner => $username,
group => $group,
}
datacat { "mcollective::user ${username}":
path => "${homedir}/.mcollective",
collects => [ 'mcollective::user', 'mcollective::client' ],
owner => $username,
group => $group,
mode => '0400',
template => 'mcollective/settings.cfg.erb',
}
if $middleware_ssl or $securityprovider == 'ssl' {
file { "${homedir}/.mcollective.d/credentials/certs/ca.pem":
source => $ssl_ca_cert,
owner => $username,
group => $group,
mode => '0444',
}
file { "${homedir}/.mcollective.d/credentials/certs/server_public.pem":
source => $ssl_server_public,
owner => $username,
group => $group,
mode => '0444',
}
$private_path = "${homedir}/.mcollective.d/credentials/private_keys/${callerid}.pem"
file { $private_path:
source => $private_key,
owner => $username,
group => $group,
mode => '0400',
}
}
if $securityprovider == 'ssl' {
file { "${homedir}/.mcollective.d/credentials/certs/${callerid}.pem":
source => $certificate,
owner => $username,
group => $group,
mode => '0444',
}
mcollective::user::setting { "${username}:plugin.ssl_client_public":
setting => 'plugin.ssl_client_public',
username => $username,
value => "${homedir}/.mcollective.d/credentials/certs/${callerid}.pem",
order => '60',
}
mcollective::user::setting { "${username}:plugin.ssl_client_private":
setting => 'plugin.ssl_client_private',
username => $username,
value => "${homedir}/.mcollective.d/credentials/private_keys/${callerid}.pem",
order => '60',
}
mcollective::user::setting { "${username}:plugin.ssl_server_public":
setting => 'plugin.ssl_server_public',
username => $username,
value => "${homedir}/.mcollective.d/credentials/certs/server_public.pem",
order => '60',
}
}
# This is specific to connector, but refers to the user's certs
if $connector in [ 'activemq', 'rabbitmq' ] {
$pool_size = size(flatten([$middleware_hosts]))
$hosts = range( '1', $pool_size )
$connectors = prefix( $hosts, "${username}_" )
mcollective::user::connector { $connectors:
username => $username,
callerid => $callerid,
homedir => $homedir,
connector => $connector,
middleware_ssl => $middleware_ssl,
order => '60',
}
}
}
|