Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

sudo

A very flexible and well-tested puppet module for sudo
Project URLRSS FeedReport issues

41,642 downloads

40,062 latest version

1.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.1.0 (latest)
  • 1.0.0
released Jul 8th 2014
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet 3.x
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'justinclayton-sudo', '1.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add justinclayton-sudo
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install justinclayton-sudo --version 1.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: sudo, sudoers

Documentation

justinclayton/sudo — version 1.1.0 Jul 8th 2014

Build Status

##Description

This module allows you to easily manage sudo, no matter how complex or simple your configuration needs to be. It is fully backwards-compatible with those sudo::conf defined types. It has been tested for quality using puppet-lint, rspec-puppet, and rspec-system.

##Installation

If you're using librarian-puppet, add a line to your Puppetfile:

mod 'justinclayton/sudo', '1.x'

##Usage

###Level 1

include sudo

This will install sudo and add its own sudoers file, but don't worry; that sudoers file still matches your OS flavor's defaults.

sudo::conf { 'dudr':
  content => 'dudr ALL=(ALL) NOPASSWD: ALL',
}

This will create a file called /etc/sudoers.d/dudr with the supplied content. Note that if you use sudo::conf you do not need to explicitly include sudo elsewhere.

###Level 2

class { 'sudo':
  manage_sudoersd => false,
}

By default this module wants to manage the entire suoders.d directory, which includes removing any files not explicitly managed by this module. While this can be very good for keeping a handle on configs outside of puppet, there are cases (particularly during an initial transition to puppet) where you will want to allow for both. Disabling manage_sudoersd allows for this.

class { 'sudo':
  keep_os_defaults     => false,
  sudoers_file_content => template('mymodule/sudoers.erb'),
}

If you know what you're doing and want to build a sudoers file from scratch (including ignoring what the OS tries to do for you), the above code can make that happen for you.

###Level 3

class { 'sudo':
  keep_os_defaults => false,
  defaults_hash    => {
    requiretty     => false,
    visiblepw      => true,
  },
  confs_hash       => {
    'dudr'         => {
      ensure       => present,
      content      => 'dudr ALL=(ALL) NOPASSWD: ALL',
    },
    'fudr'         => {
      ensure       => present,
      content      => 'fudr ALL=(ALL): /bin/echo',
    },
  },
}

As an alternative to sprinkling sudo::conf resources all throughout your codebase, you may wish to consolidate all your data into a single manifest, or be even more fancy and pull it in from something like hiera. This module makes this a snap by allowing you to pass a hash of sudo::conf resources as a class parameter.