The whole point of ssh_authorized_keys is to provide password less key/cert access to machine/server.
we talked about user management using puppet on previous post.
http://www.sysadmincloud.com/2014/02/11/user-management-using-puppet
In this post we are going to walk through how to provide user sudo access to machine without password prompt and manage it using puppet.
Basically, all the sudo access is managed using sudo file located at /etc/sudoers.
To manage sudo access, simply create module named sudo. Add files,manifests directory.
Create file named init.pp inside manifests directory and add the following content.
class sudo {
file { ‘/etc/sudoers’:
ensure => ‘file’,
mode => ’0440′,
owner => ‘root’,group => ‘root’,
source => ‘puppet:///modules/sudo/sudoers’,
}
}
file { ‘/etc/sudoers’:
ensure => ‘file’,
mode => ’0440′,
owner => ‘root’,group => ‘root’,
source => ‘puppet:///modules/sudo/sudoers’,
}
}
create a file named sudo inside files directory.
Defaults !visiblepw
Defaults always_set_home
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
## User Table ##
# Here user keshab all sudo access to ALL machine i.e. whichever machine this module will be puppetized too. NOPASSWD option will allow user sudo permission without prompting for password
keshab ALL=NOPASSWD:ALL
# Here chris has only sudo access to certain machine only
chris queue=NOPASSWD:ALL:shared=NOPASSWD:ALL
keshab ALL=NOPASSWD:ALL
# Here chris has only sudo access to certain machine only
chris queue=NOPASSWD:ALL:shared=NOPASSWD:ALL
Once you are done puppet config, add module class to host node and run puppet agent on client side
# puppet agent –test –verbose
Use –noop option to simulate what will module do without actually making changes.
No comments:
Post a Comment