Menu

Chef Supermarket

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

Select Status

RSS

tr-chef-cookbook-usermanagement (19) Versions 3.4.2

Creates tecRacer User on Unix Instances

Policyfile
Berkshelf
Knife 
cookbook 'tr-chef-cookbook-usermanagement', '~> 3.4.2', :supermarket
cookbook 'tr-chef-cookbook-usermanagement', '~> 3.4.2'
knife supermarket install tr-chef-cookbook-usermanagement
knife supermarket download tr-chef-cookbook-usermanagement
README
Dependencies
Changelog
Quality 50%

tr-chef-cookbook-usermanagement

With this cookbook you will get a usermanagement, where tecRacer users will be created by default.
The Public Keys are stored on a S3 Bucket, named ssh-pub. All users will be created with sudo rights with help from sudoers.d.

In a List:
- Installs prequesites (AWS CLI + jq)
- List users public keys from S3 Bucket
- Adding users from generated List and sets sudoers.d file with sudo rights
- Disables default user + remove sudoers.d file
- Remove old users, when removed public key from S3 Bucket

Each Public Key within the S3 Bucket have to be named with the the customers mail address (see tecRacer example)

!!! Important !!!
Give S3 ReadOnly Access to S3 Bucket ssh-pub for each instance, where this cookbook is used!
!!! Important !!!

Supported OS

  • Ubuntu 16.04
  • CentOS 7
  • RHEL 7
  • Amazon Linux

Usage

  1. Use default recipe in RunList
  2. Change attributes with json 2.1 add customers user generation 2.2 change S3 Bucket 2.3 let useraccounts expire
{
  "tr-usermanagement": {
    "groups": [ "tecracer", "<customer-project>" ],
    "s3bucket": "",
    "s3region": "",
    "expire-user": true
  }
}

IAM Policy

This policy can be used for default usage.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::ssh-pub",
                "arn:aws:s3:::ssh-pub/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "*"
        }
    ]
}

Attributes

The attributes used by this cookbook:

Attribute Description Type Default
groups Per default tecracer is set Array tecracer
s3bucket Bucket Name, where the Key files are stored String ssh-pub
s3region Bucket Region, where the Bucket is in String eu-central-1
expire-user Set password expire Boolean true

Recipes

default

  • This recipe manages all mentioned before

License and Authors

All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever
without the express written permission of the publisher except for the use of brief quotations in a book review.

Dependent cookbooks

tr-chef-cookbook-aws-cli >= 0.0.0
tr-chef-cookbook-msp-toolbox >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Changelog

Version 3.4.2

  • Add expire_user custom resource
  • Add expire_user resource to recipe and remove execute resource for it

Version 3.4.1

  • Add multiple converge
  • Change centos ami id for kitchen
  • Change package resource to yum_package resource when rhel or centos
  • Fix flush_cache behaviour for centos + rhel
  • Fix crontab error, when crontab is not installed on OS

Version 3.4.0

  • Add recipe for check of correct rights (USERMGMT-25)
  • Add cli options as attribute for usage (USERMGMT-24)
  • Add IAM Policy to README

Version 3.3.2

  • Fix attribute setting for expire-user to boolean in Readme

Version 3.3.1

  • Update Readme with default attribute for expire-user

Version 3.3.0

  • Add attribute for expiring users
  • Remove supermarket.chef.io from Berksfile

Version 3.2.0

  • Updated README with currently supported and tested OS
  • Updating .kitchen.yml to current

Version 3.1.0

  • Adding explicit version for Ubuntu

Version 3.0.0

  • Change linking of aws cli to absolute path through attributes (USERMGMT-18)
  • Removing public keys from S3 Bucket removes user from system (USERMGMT-2 + USERMGMT-17)
  • Removing support for Ubuntu 14.04 due to non supported aws cli version (USERMGMT-19)
  • Removing sudoers.d files for default users (USERMGMT-20)

Version 2.2.3

  • Change Readme for json syntax (USERMGMT-16)
  • Add information to README to use S3 ReadOnly Access for ssh-pub Bucket (USERMGMT-15)

Version 2.2.2

  • Adding Foodcritic

Version 2.2.1

  • Fixing bug, which allows login with default user (USERMGMT-14)

Version 2.2.0

  • Adding Download Folder for ssh-keys (USERMGMT-13)

Version 2.1.2

  • Fixing Bug when using same groups (USERMGMT-12)

Version 2.1.1

  • Remove EPEL Installation for CentOS and RedHat (USERMGMT-11)

Version 2.1.0

  • Adding Support for CentOS 7 (USERMGMT-8)
  • Adding Support for Red Hat 7 (USERMGMT-4)

Version 2.0.0

  • Adding possibility to add customers (USERMGMT-1)
  • Adding support for Ubuntu 14.04 and Amazon Linux (USERMGMT-5 + USERMGMT-6)
  • Adding default users lock (USERMGMT-3)
  • Changing method to receive usernames (USERMGMT-9)
  • Changing userlist.json to userlist.txt (USERMGMT-7)
  • Updating README (USERMGMT-10)

Version 1.1.1

  • Creating Changelog
  • Fixing bug for userlist.json

Collaborator Number Metric 
            
3.4.2 passed this metric

Foodcritic Metric 
            
3.4.2 passed this metric

Patrick Schaumburg Patrick Schaumburg
tecRacer Cooksmate
Thomas Heinen

Details

View Source View Issues

Updated January 9, 2020 Created on

Supported Platforms

  • amazon >= 0.0.0
  • ubuntu >= 0.0.0
  • centos >= 0.0.0
  • redhat >= 0.0.0

License

All Rights Reserved

Required Chef Infra Client

(>= 13.0)

Download Cookbook