James, Sure, I've whipped up a gist for this in the past at https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By setting a deep merge on the key profile::base::linux::sudo_confs, I can add to its hash value wherever I want in my hierarchy and a new sudoers.d configuration snippet is added to the target system. All nodes receive the sysadmin snippet, anything with the `infrastructure` role receives both the sysadmin and the infrastructure snippet. That is all you need to get started with saz/sudo, but I'm sure there's other functionality if you need it.
Rob Nelson [email protected] On Fri, Apr 21, 2017 at 1:33 PM, James Perry <[email protected]> wrote: > Thanks. I looked at saz/sudo, but at least they I did it, it didn't for my > needs. We have a wide range of hosts that would have oracle, dba and tomcat > sudo rules. On another it would only have dba rules. > > I didn't quite get how I would have it setup the sudo::conf blocks to do > what I would need. For example one host would have classes that define a > content block for dba sudo permissions. Another for oracle's permissions, > etc. Based on the classes assigned to the node I would want to have it make > the required files with the needed content. > > Besides the examples in the README.md for the saz/sudo module, could post > some code that would do something similar to what I need using the saz/sudo > module? It is highly likely I'm just not interpreting the doc correctly. > > Thanks! > > > On Friday, April 21, 2017 at 12:19:43 PM UTC-4, Rob Nelson wrote: >> >> Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it >> manages /etc/sudoers.d with `sudo::conf` instances and purges >> /etc/sudoers.d of anything it didn't create, but if something else is >> managing files in that directory you can set `sudo::purge: false` so they >> can share nicely. >> >> >> Rob Nelson >> [email protected] >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAC76iT__BRv5K6bupusZ7DS5KGMZ0g-JpL_7xjqhb3zOxU7HpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
