Requirements: Dev groups are created on each server, dedicated to developers, build accounts for specific developers, and join Dev Group;
Operators will also create their own users, and join the wheel group, through Sudo to the group members do permission settings.
The architecture is as follows:
The contents of the documents in Manfests are as follows:
1,init.pp class Sudo {case $::osfamily {' RedHat ': {include ' sudo::conf ' ' import ' sudo
Ers.pp '} default: {Fail ("$::osfamily not yet supported by the ' sudo ' module!")
}} 2,conf.pp class Sudo::conf {package {"sudo": ensure => present, # Source The sudoers file from the Puppet Master file {"/etc/sudoers": Ensure => Prese NT, owner => ' root ', group => ' root ', mode => 0440, source => ' puppet: Modules/sudo/sudoers ", Require => package[" sudo "],} # Source a new ' su ' file for PAM ( Caution:this May is platform-specific) file {"/etc/pam.d/su": Ensure => present, owner => '
Root ', group => ' root ', mode => 0644, source => ' Puppet:///modules/sudo/pam_su_el6 ' # clear any config In sudoers.d file {"/ETC/SUDOERS.D": Ensure => directory, owner => ' root ', group => ' root ', mode => ' 0750 ', recurse => true, purge => true, require => ; package["sudo"],} 3,sudoers.pp define Sudo::sudoers ($sudo _sudoers, $sudo _sys Admins, # $admins = Split ($sudo _sysadmins, ', '), # $sudoers = Split ($sudo _sudoers, ', '),) {u ser {[$sudo _sysadmins]: Ensure => present, groups => [' wheel '], require => group[' wh
Eel '], user {[$sudo _sudoers]: Ensure => present, Groups => [' Dev '],
Require => group[' dev ',} Group {"Wheel": ensure =>, present,} Group {"Dev": Ensure => Present,}}