ecryptfs

Manage ecryptfs mounts

Module Stats

12,171 downloads

8,129 latest version

3.8 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Oct 15th 2015

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'ignis-ecryptfs', '0.1.4'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ignis-ecryptfs

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ignis-ecryptfs --version 0.1.4

Documentation

ignis/ecryptfs — version 0.1.4 Oct 15th 2015

ecryptfs

Overview
Usage - Configuration options and additional functionality
Limitations - OS compatibility, etc.

Overview

This module allows to manage ecryptfs mounts as puppet types. Passphrase for encryption should be stored in a file and secured separately.

Mounts are NOT persisted across reboots.

Usage

Use ecryptfs::mount type to define encrypted mounts:

ecryptfs::mount { 'encrypted JENKINS_HOME':
  source_dir      => '/mnt/ebs/jenkins',
  dest_dir        => '/var/lib/jenkins',
  passphrase_file => '/dev/shm/.jenkins_home_ecryptfs'
}

This will install ecryptfs-utils and try to mount /mnt/ebs/jenkins to /var/lib/jenkins using a passphrase stored in plaintext in a file /dev/shm/.jenkins_home_ecryptfs. Please note that a passphrase file should be created by you -- either by puppet or by any other means. Same goes for a source and destination directory. Please see an example in manifests/vagrant.pp.

If you need to define a resource which makes sure that an encrypted mount is UNMOUNTED upon puppet run, set ensure => unmounted leaving all the other parameters in place.

Limitations

This module was tested on CentOS 6.x so far.

Types in this module release

anchor

A simple resource type intended to be used as an anchor in a composite class.

In Puppet 2.6, when a class declares another class, the resources in the interior class are not contained by the exterior class. This interacts badly with the pattern of composing complex modules from smaller classes, as it makes it impossible for end users to specify order relationships between the exterior class and other modules.

The anchor type lets you work around this. By sandwiching any interior classes between two no-op resources that are contained by the exterior class, you can ensure that all resources in the module are contained.

  class ntp {
    # These classes will have the correct order relationship with each
    # other. However, without anchors, they won't have any order
    # relationship to Class['ntp'].
    class { 'ntp::package': }
    -> class { 'ntp::config': }
    -> class { 'ntp::service': }

    # These two resources "anchor" the composed classes within the ntp
    # class.
    anchor { 'ntp::begin': } -> Class['ntp::package']
    Class['ntp::service']    -> anchor { 'ntp::end': }
  }

This allows the end user of the ntp module to establish require and before relationships with Class['ntp']:

  class { 'ntp': } -> class { 'mcollective': }
  class { 'mcollective': } -> class { 'ntp': }

Parameters
name	The name of the anchor resource.

file_line

Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and end. If the line is not contained in the given file, Puppet will append the line to the end of the file to ensure the desired state. Multiple resources may be declared to manage multiple lines in the same file.

Example:

    file_line { 'sudo_rule':
      path => '/etc/sudoers',
      line => '%sudo ALL=(ALL) ALL',
    }

    file_line { 'sudo_rule_nopw':
      path => '/etc/sudoers',
      line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',
    }

In this example, Puppet will ensure both of the specified lines are
contained in the file /etc/sudoers.

Match Example:

    file_line { 'bashrc_proxy':
      ensure => present,
      path   => '/etc/bashrc',
      line   => 'export HTTP_PROXY=http://squid.puppetlabs.vm:3128',
      match  => '^export HTTP_PROXY=',
    }

In this code example match will look for a line beginning with export 
followed by HTTP_PROXY and replace it with the value in line.

Match Example With `ensure => absent`:

    file_line { 'bashrc_proxy':
      ensure            => absent,
      path              => '/etc/bashrc',
      line              => 'export HTTP_PROXY=http://squid.puppetlabs.vm:3128',
      match             => '^export HTTP_PROXY=',
      match_for_absence => true,
    }

In this code example match will look for a line beginning with export
followed by HTTP_PROXY and delete it.  If multiple lines match, an
error will be raised unless the `multiple => true` parameter is set.

**Autorequires:** If Puppet is managing the file that will contain the line
being managed, the file_line resource will autorequire that file.

Parameters
after	An optional value used to specify the line after which we will add any new lines. (Existing lines are added in place)
ensure
line	The line to be appended to the file or used to replace matches found by the match attribute.
match	An optional ruby regular expression to run against existing lines in the file. If a match is found, we replace that line rather than adding a new line. A regex comparisson is performed against the line value and if it does not match an exception will be raised.
match_for_absence	An optional value to determine if match should be applied when ensure => absent. If set to true and match is set, the line that matches match will be deleted. If set to false (the default), match is ignored when ensure => absent.
multiple	An optional value to determine if match can change multiple lines. If set to false, an exception will be raised if more than one line matches
name	An arbitrary name used as the identity of the resource.
path	The file Puppet will ensure contains the line specified by the line parameter.
provider
replace	If true, replace line that matches. If false, do not write line if a match is found

Providers
ruby

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

ecryptfs

Contributions Requested

Support the Puppet Community by contributing to this module

Version information

Start using this module

Documentation

ecryptfs

Table of Contents

Overview

Usage

Limitations

Types in this module release

anchor

file_line

Dependencies