[MediaWiki-commits] [Gerrit] Add the decom-user resource - change (operations/puppet)

Fri, 25 Apr 2014 12:09:12 -0700 

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/129728

Change subject: Add the decom-user resource
......................................................................

Add the decom-user resource

Change-Id: Ic76f4dcf5b3b76bfe0d6329e5efd8ecb4aa4f614
---
A manifests/decom-user.pp
1 file changed, 45 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/28/129728/1

diff --git a/manifests/decom-user.pp b/manifests/decom-user.pp
new file mode 100644
index 0000000..236f879
--- /dev/null
+++ b/manifests/decom-user.pp
@@ -0,0 +1,45 @@
+# resource decom-user
+#
+# Try our very hardest to wipe out all traces of an existing user.
+#
+define decom-user($username=$title, $uid) {
+
+    if $realm == labs {
+        fail("You probably don't want to include this on labs.")
+    }
+
+    if defined(user[$username]) {
+        # A user really needs to be removed from admins.pp before
+        #  being added to the decom list.
+        fail("User ${username} is both defined and decommissioned.")
+    } else {
+        # remove from /etc/passwd
+        user { $username:
+            name   =>     username,
+            uid    =>     $uid,
+            ensure =>     absent,
+            managehome => true,
+        }
+
+        # remove any remaining owned files
+        #  NOTE:  Expensive!   We limit this to a single
+        #         run if and only if the homedir exists.
+        #         Of course, that means we need to do this before
+        #         we rm the homedir.
+        exec { "disown ${username}":
+            command => "/usr/bin/find / -user ${uid} -print0 | xargs -0 chown 
-h 0",
+            onlyif  => "/usr/bin/test -d /home/${username}",
+            timeout => 1200,
+            require => user[$username],
+        }
+    
+        # remove homedir
+        #  NOTE:  $managehome, above, is documented as doing this,
+        #         but it really doesn't.
+        exec { "/bin/rm -rf /home/${username}":
+            onlyif  => "/usr/bin/test -d /home/${username}",
+            require => exec["disown ${username}"],
+            returns => ['123','0'],
+        }
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/129728
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic76f4dcf5b3b76bfe0d6329e5efd8ecb4aa4f614
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to