Puppet: Administering Sudo previlages.

0 votes

I have Puppet 6.7 with 1 Linux agent. I am using puppet to manage the sudo previlages of my nodes. I have installed the saz-sudo module from puppet forge for managing those previlages.

puppet module install saz-sudo
Preparing to install into /etc/puppetlabs/code/environments/production/modules …
Notice: Downloading from http://forgeapi.puppetlabs.com ...
    Notice: Installing -- do not interrupt ...
    /etc/puppetlabs/puppet/modules
    └── saz-sudo (v2.3.6)
          └── puppetlabs-stdlib (3.2.2) [/opt/puppet/share/puppet/modules]

How should I use this saz-sudo module to manage the sudo previlages of my nodes?  What more needs to be done?

Jul 30 in Puppet by Karan
• 6,650 points
76 views

1 answer to this question.

0 votes

Now that you have installed saz-sudo module from pupper forge the next thing you should probably do is to 

Step 1: create a module that will contain the previlages class.

You'll have to create the privileges module directory, its manifests subdirectory, and an init.pp manifest file that contains the privileges class.

  • From the command line on the master, navigate to the modules directory :

cd /etc/puppetlabs/code/environments/production/modules
  • Create the module directory and its manifests directory:

mkdir -p privileges/manifests
  • In the manifests directory, use your text editor to create the init.pp file, and edit it so it contains the following Puppet code:

class privileges { 
sudo::conf { 'admins': 
ensure => present, 
content => '%admin ALL=(ALL) ALL', 
} 
}

The sudo::conf 'admins' line creates a sudoers rule that ensures that members of the admins group have the ability to run any command using sudo. This resource creates a configuration fragment file to define this rule in /etc/sudoers.d/. It's called something like 10_admins.

  • Save and exit the file.

  • That’s it! You’ve created a module that contains a class that, after it's applied, ensures that your agents have the correct sudo privileges set for the root user and the admins and wheel groups.

Step 2: Next, add the privileges and sudo classes to default nodes.

  • From the command line on the master, navigate to the main manifest: 

cd /etc/puppetlabs/code/environments/production/manifests
  • Open site.pp with your text editor and add the following Puppet code to the default node:

class { 'sudo': }
sudo::conf { 'web': 
content => "web ALL=(ALL) NOPASSWD: ALL", 
} 
class { 'privileges': } 
sudo::conf { 'jargyle': 
priority => 60, 
content => "jargyle ALL=(ALL) NOPASSWD: ALL",
}

The sudo::conf ‘web’ line creates a sudoers rule to ensure that members of the web group can run any command using sudo. This resource creates a configuration fragment file to define this rule in /etc/sudoers.d/.

The sudo::conf ‘jargyle’ line creates a sudoers rule to ensure that the user jargyle can run any command using sudo. This resource creates a configuration fragment to define this rule in /etc/sudoers.d/. It's called something like 60_jargyle.

  • Save and exit the file.

  • On your master, ensure that there are no errors:

puppet parser validate site.pp
  • The parser returns nothing if there are no errors.

  • From the command line on your agent, run 

Puppet: puppet agent -t
  • That’s it! You have successfully applied sudo and privileges classes to nodes.

  • To confirm it worked, run the following command on an agent:

sudo -l -U jargyle 
  • The results should resemble the following:

Matching Defaults entries for jargyle on this host: !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/usr/local/bin\:/sbin\:/bin\:/usr/sbin\:/usr/bin User jargyle may run the following commands on this host: (ALL) NOPASSWD: ALL

For more information on using puppet to manage sudo users you could have a look at: https://puppet.com/blog/module-of-week-saz-sudo-manage-sudo-configuration

answered Jul 30 by Sirajul
• 40,980 points

Related Questions In Puppet

+5 votes
2 answers

How To Deploy Windows Server Using Puppet?

Deploying windows server through Puppet is similar ...READ MORE

answered Mar 26, 2018 in Puppet by shubham
• 6,890 points
360 views
+1 vote
1 answer

Steps to trigger puppet agent from jenkins

Heyy @Hannah,  First, you need to create Jenkins slave, ...READ MORE

answered Dec 16, 2018 in Puppet by Kiyara
768 views
0 votes
1 answer

Ram requirements for puppet installation

4 GB would be less for proper ...READ MORE

answered Dec 19, 2018 in Puppet by Alan
31 views
0 votes
1 answer
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
245 views
0 votes
1 answer
0 votes
1 answer

Puppet: error on running sudo puppet agent -t

The puppetmaster process is the one attempting ...READ MORE

answered Aug 6 in Puppet by Sirajul
• 40,980 points
34 views
0 votes
1 answer