James, Sure, I've whipped up a gist for this in the past at https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By setting a deep merge on the key profile::base::linux::sudo_confs, I can add to its hash value wherever I want in my hierarchy and a new sudoers.d configuration snippet is added to the target system. All nodes receive the sysadmin snippet, anything with the `infrastructure` role receives both the sysadmin and the infrastructure snippet. That is all you need to get started with saz/sudo, but I'm sure there's other functionality if you need it.
Rob Nelson rnels...@gmail.com On Fri, Apr 21, 2017 at 1:33 PM, James Perry <jjperr...@gmail.com> wrote: > Thanks. I looked at saz/sudo, but at least they I did it, it didn't for my > needs. We have a wide range of hosts that would have oracle, dba and tomcat > sudo rules. On another it would only have dba rules. > > I didn't quite get how I would have it setup the sudo::conf blocks to do > what I would need. For example one host would have classes that define a > content block for dba sudo permissions. Another for oracle's permissions, > etc. Based on the classes assigned to the node I would want to have it make > the required files with the needed content. > > Besides the examples in the README.md for the saz/sudo module, could post > some code that would do something similar to what I need using the saz/sudo > module? It is highly likely I'm just not interpreting the doc correctly. > > Thanks! > > > On Friday, April 21, 2017 at 12:19:43 PM UTC-4, Rob Nelson wrote: >> >> Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it >> manages /etc/sudoers.d with `sudo::conf` instances and purges >> /etc/sudoers.d of anything it didn't create, but if something else is >> managing files in that directory you can set `sudo::purge: false` so they >> can share nicely. >> >> >> Rob Nelson >> rnel...@gmail.com >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAC76iT__BRv5K6bupusZ7DS5KGMZ0g-JpL_7xjqhb3zOxU7HpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
