I use a template for a single /etc/sudoers:
# /etc/sudoers #
# This file MUST be edited with the 'visudo' command as root.
#
# Of course, if you do, Puppet will completely rewrite it 30 minutes later.
#
Defaults env_reset
<% unless @cmd_aliases.empty? -%>
# Cmnd alias specification
<%- @cmd_aliases.each_pair do |key, val| -%>
Cmnd_Alias <%= key %> = <%= val %>
<%- end -%>
<% end -%>
<% unless @host_aliases.empty? -%>
# Host alias specification
<%- @host_aliases.each_pair do |key, val| -%>
Host_Alias <%= key %> = <%= val %>
<%- end -%>
<% end -%>
<%- if @sudoers -%>
# User alias specification
<%- @sudoers.each_pair do |key, val| -%>
User_Alias <%= key %> = <%= val %>
<%- end -%>
<% end -%>
<%- if @user_priv -%>
# User Privilege Specifications
<%- @user_priv.each_pair do |key, val| -%>
<%= key %> <%= val %>
<%- end -%>
<% end -%>
And then in YAML I use a fairly primitive definition and load up the
variables using a deep merge:
sudo::user_aliases:
NOPWD:
- user1
sudo::user_priv:
NOPWD:
- "ALL = NOPASSWD: ALL"
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/61c9ecfb-0005-4919-98f3-25faf56169fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
