root

pdk
root account module

15,203 downloads

3,447 latest version

4.7 quality score

Version information

  • 6.1.0 (latest)
  • 6.0.0
  • 5.1.2
  • 5.1.1
  • 5.1.0
  • 5.0.0
  • 4.6.0
  • 4.5.0
  • 4.4.0
  • 4.3.0
  • 4.2.0
  • 4.1.1
  • 4.1.0
  • 4.0.0
released Jun 16th 2023
This version is compatible with:
  • Puppet Enterprise 2025.3.x, 2025.2.x, 2025.1.x, 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • RedHat
    ,
    Rocky
    ,
    AlmaLinux
    ,
    CentOS
    ,
    Debian
    ,
    Ubuntu

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'treydock-root', '6.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add treydock-root
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install treydock-root --version 6.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: root

Documentation

treydock/root — version 6.1.0 Jun 16th 2023

puppet-module-root

Puppet Forge CI Status

Table of Contents

  1. Overview
  2. Usage - Configuration options
  3. Reference - Parameter and detailed reference to all options

Overview

This module manages the Linux root user.

This module has soft dependencies on the following modules:

Usage

root

include root

Manage root and define mailaliases, ssh_authorized_keys and set a password.

root::mailaliases:
  - 'root@example.com'
root::password: '$1$Bp8B.dWo$DUVekjsAsU0ttWZmS37P5'
root::ssh_authorized_keys:
  - 'ssh-rsa somelonghash== user@fqdn'

Authorized keys can also be set using a hash.

root::ssh_authorized_keys:
  user@fqdn:
    type: 'ssh-rsa'
    key: 'somelonghash=='

If you wish to merge authorized keys from multiple locations:

lookup_options:
  root::mailaliases:
    merge: unique
  root::ssh_authorized_keys:
    merge: deep
root::mailaliases:
  - 'root@example.com'
root::ssh_authorized_keys:
  user@fqdn:
    type: 'ssh-rsa'
    key: 'somelonghash=='
# Some other Hiera location:
root::mailaliases:
  - 'root@example2.com'
root::ssh_authorized_keys:
  user2@fqdn:
    type: 'ssh-rsa'
    key: 'somelonghash=='

If you use Arrays for resources like root::ssh_authorized_keys then use unique merge instead of deep.

To export a system's root RSA key

root::export_key: true

To generate and export a different root SSH key:

root::generate_key_type: ecdsa-sk
root::export_key_type: "%{lookup('root::generate_key_type')}"

To collect exported root RSA keys from multiple tags

root::collect_exported_keys: true
root::collect_exported_keys_tags:
  - "%{facts.domain}"
  - 'foo'

Add Kerberos principals to /root/.k5login:

root::kerberos_login_principals:
  - user1@EXAMPLE.COM
  - user2@EXAMPLE.COM

Add Kerberos principals and commands to /root/.k5users. Note that user3 and user4 will not have commands defined. The examples also illustrate defining commands as strings or arrays.

root::kerberos_users_commands:
  user1@EXAMPLE.COM:
    - /bin/systemctl
    - /bin/cat
  user2@EXAMPLE.COM: /bin/systemctl /bin/cat
  user3@EXAMPLE.COM: ''
  user4@EXAMPLE.COM: []

If a different module manages Kerberos for root, disable Kerberos in this module:

root::manage_kerberos: false

Set an automatic logout for idle interactive shells (in seconds):

root::logout_timeout: 600

Reference

http://treydock.github.io/puppet-module-root/