Thanks. That is probably definitely easier than what I planned to try to hack into place.
On Apr 23, 2017 16:45, "Rob Nelson" <[email protected]> wrote: > James, > > Sure, I've whipped up a gist for this in the past at > https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By > setting a deep merge on the key profile::base::linux::sudo_confs, I can > add to its hash value wherever I want in my hierarchy and a new sudoers.d > configuration snippet is added to the target system. All nodes receive the > sysadmin snippet, anything with the `infrastructure` role receives both the > sysadmin and the infrastructure snippet. That is all you need to get > started with saz/sudo, but I'm sure there's other functionality if you need > it. > > > Rob Nelson > [email protected] > > On Fri, Apr 21, 2017 at 1:33 PM, James Perry <[email protected]> wrote: > >> Thanks. I looked at saz/sudo, but at least they I did it, it didn't for >> my needs. We have a wide range of hosts that would have oracle, dba and >> tomcat sudo rules. On another it would only have dba rules. >> >> I didn't quite get how I would have it setup the sudo::conf blocks to do >> what I would need. For example one host would have classes that define a >> content block for dba sudo permissions. Another for oracle's permissions, >> etc. Based on the classes assigned to the node I would want to have it make >> the required files with the needed content. >> >> Besides the examples in the README.md for the saz/sudo module, could post >> some code that would do something similar to what I need using the saz/sudo >> module? It is highly likely I'm just not interpreting the doc correctly. >> >> Thanks! >> >> >> On Friday, April 21, 2017 at 12:19:43 PM UTC-4, Rob Nelson wrote: >>> >>> Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it >>> manages /etc/sudoers.d with `sudo::conf` instances and purges >>> /etc/sudoers.d of anything it didn't create, but if something else is >>> managing files in that directory you can set `sudo::purge: false` so they >>> can share nicely. >>> >>> >>> Rob Nelson >>> [email protected] >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com >> <https://groups.google.com/d/msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/puppet-users/zP9zSqbF84M/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/CAC76iT__BRv5K6bupusZ7DS5KGMZ0g-JpL_ > 7xjqhb3zOxU7HpQ%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAC76iT__BRv5K6bupusZ7DS5KGMZ0g-JpL_7xjqhb3zOxU7HpQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOU0SJQma-bPWoSQ5oOomEE0-QvCSpOghkGAOM7wT7S8Rk%3DQgQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
