diff --git a/modules/rhizo_base/files/bin/install_callie b/modules/rhizo_base/files/bin/install_callie old mode 100644 new mode 100755 diff --git a/modules/rhizo_base/files/bin/notify-freeswitch.sh b/modules/rhizo_base/files/bin/notify-freeswitch.sh old mode 100644 new mode 100755 diff --git a/modules/rhizo_base/files/etc/sudoers.Debian b/modules/rhizo_base/files/etc/sudoers.Debian index af3378f..35b208c 100644 --- a/modules/rhizo_base/files/etc/sudoers.Debian +++ b/modules/rhizo_base/files/etc/sudoers.Debian @@ -16,7 +16,7 @@ Defaults env_keep+=SSH_AUTH_SOCK # User alias specification # Cmnd alias specification -Cmnd_Alias OP_CMDS = /usr/bin/sngrep +Cmnd_Alias OP_CMDS = /usr/bin/sngrep, /usr/sbin/tcpdump Cmnd_Alias DATABASE = /usr/bin/psql, /usr/bin/pg_dump # User privilege specification diff --git a/modules/rhizo_base/manifests/freeswitch.pp b/modules/rhizo_base/manifests/freeswitch.pp index 3838f48..0489e6f 100644 --- a/modules/rhizo_base/manifests/freeswitch.pp +++ b/modules/rhizo_base/manifests/freeswitch.pp @@ -243,25 +243,6 @@ class rhizo_base::freeswitch::common { mode => '0750' } - # SSH Deploy key and config for gitlab - file { '/root/.ssh/bsc_dev': - ensure => present, - mode => '0600', - content => hiera('rhizo::bsc_dev_deploy_key'), - } - - file { '/root/.ssh/config': - ensure => present, - source => 'puppet:///modules/rhizo_base/ssh/config', - } - - sshkey { 'dev_host_key': - name => 'dev.rhizomatica.org', - ensure => present, - key => hiera('rhizo::dev_host_key'), - type => 'ssh-rsa', - } - vcsrepo { '/usr/share/freeswitch/sounds/rccn': schedule => 'always', ensure => latest, diff --git a/modules/rhizo_base/manifests/init.pp b/modules/rhizo_base/manifests/init.pp index 4320ad2..fbe24a7 100644 --- a/modules/rhizo_base/manifests/init.pp +++ b/modules/rhizo_base/manifests/init.pp @@ -267,7 +267,7 @@ schedule { 'never': ensure => present, content => template('rhizo_base/vars.sh.erb'), owner => 'root', - group => 'rhizomatica' + group => 'operator' } file { '/home/rhizomatica/bin/pg_backup_rotated.sh': @@ -583,12 +583,6 @@ schedule { 'never': mode => '0750' } - file { '/root/.ssh/bts_key': - ensure => present, - mode => '0600', - content => hiera('rhizo::bts_key'), - } - file { '/var/log/rccn': ensure => link, target => '/var/rhizomatica/rccn/log', @@ -613,10 +607,6 @@ schedule { 'never': require => Vcsrepo['/var/rhizomatica'], } - file { '/root/.ssh': - ensure => directory - } - #Python modules class { 'python': version => 'system', @@ -719,4 +709,11 @@ schedule { 'never': ensure => 'running' } + sshkey { 'dev_host_key': + name => 'dev.rhizomatica.org', + ensure => present, + key => hiera('rhizo::dev_host_key'), + type => 'ssh-rsa', + } + } diff --git a/modules/rhizo_base/manifests/users.pp b/modules/rhizo_base/manifests/users.pp index ec09cf5..95fdd6d 100644 --- a/modules/rhizo_base/manifests/users.pp +++ b/modules/rhizo_base/manifests/users.pp @@ -16,11 +16,13 @@ class rhizo_base::users { $pgsql_pwd = $rhizo_base::pgsql_pwd user { 'rhizomatica': - ensure => present, - gid => 'rhizomatica', - home => '/home/rhizomatica', - password => Sensitive($password_hash), - uid => '1000', + ensure => present, + gid => 'rhizomatica', + groups => ['sudo', 'dip', 'plugdev', 'netdev', 'operator'], + membership => inclusive, + home => '/home/rhizomatica', + password => Sensitive($password_hash), + uid => '1000', purge_ssh_keys => true } @@ -60,6 +62,19 @@ class rhizo_base::users { mode => '0600' } + file { '/home/tic/.ssh/config': + content => template('rhizo_base/ssh_user_config.erb'), + owner => 'tic', + group => 'tic', + mode => '0600' + } + + file { '/home/osmocom/.ssh/config': + content => template('rhizo_base/ssh_user_config.erb'), + owner => 'osmocom', + mode => '0600' + } + file { '/home/tic/.bash_aliases': content => template('rhizo_base/bash_aliases.erb'), owner => 'tic', @@ -67,4 +82,42 @@ class rhizo_base::users { mode => '0640' } -} \ No newline at end of file + file { '/root/.ssh': + ensure => directory + } + + file { '/root/.ssh/bts_key': + ensure => present, + mode => '0600', + content => hiera('rhizo::bts_key'), + } + + file { '/home/tic/.ssh/bts_key': + ensure => present, + mode => '0600', + owner => 'tic', + group => 'tic', + content => hiera('rhizo::bts_key'), + } + + file { '/home/osmocom/.ssh/bts_key': + ensure => present, + mode => '0600', + owner => 'osmocom', + content => hiera('rhizo::bts_key'), + } + + # SSH Deploy key and config for gitlab + file { '/root/.ssh/bsc_dev': + ensure => present, + mode => '0600', + content => hiera('rhizo::bsc_dev_deploy_key'), + } + + file { '/root/.ssh/config': + ensure => present, + source => 'puppet:///modules/rhizo_base/ssh/config', + } + + +} diff --git a/modules/rhizo_base/templates/bash_aliases.erb b/modules/rhizo_base/templates/bash_aliases.erb index 03f41be..e2ec97c 100644 --- a/modules/rhizo_base/templates/bash_aliases.erb +++ b/modules/rhizo_base/templates/bash_aliases.erb @@ -1,3 +1,4 @@ alias psql='psql postgresql://rhizomatica:<%= @pgsql_pwd %>@localhost/rhizomatica' alias systemctl='sudo systemctl' alias journalctl='sudo journalctl' +alias sudo="/usr/bin/sudo -n" diff --git a/modules/rhizo_base/templates/ssh_user_config.erb b/modules/rhizo_base/templates/ssh_user_config.erb index ecabdb4..f4212fb 100644 --- a/modules/rhizo_base/templates/ssh_user_config.erb +++ b/modules/rhizo_base/templates/ssh_user_config.erb @@ -1,10 +1,9 @@ Include config.local -Host lc1 -Hostname 172.16.0.11 -User root - -Host lc2 -Hostname 172.16.0.12 -User root +Host 172.16.0.?? + User root + IdentityFile ~/.ssh/bts_key +Host 172.16.0.??? + User ubnt + IdentityFile ~/.ssh/ubnt_key