Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hfm/puppet-octopass

Puppet module for octopass, management linux user and authn with the org/team on GitHub
https://github.com/hfm/puppet-octopass

github idp ldap linux name-resolution nss octopass puppet

Last synced: 15 days ago
JSON representation

Puppet module for octopass, management linux user and authn with the org/team on GitHub

Host: GitHub
URL: https://github.com/hfm/puppet-octopass
Owner: hfm
Created: 2018-07-25T14:22:52.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-12-12T19:02:09.000Z (about 6 years ago)
Last Synced: 2024-12-19T11:09:59.992Z (about 2 months ago)
Topics: github, idp, ldap, linux, name-resolution, nss, octopass, puppet
Language: Ruby
Homepage: https://hfm.github.io/puppet-octopass/
Size: 138 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md

Awesome Lists containing this project

README

        # puppet-octopass [![Build Status](https://travis-ci.org/hfm/puppet-octopass.svg?branch=master)](https://travis-ci.org/hfm/puppet-octopass) [![Puppet Forge](https://img.shields.io/puppetforge/v/hfm/octopass.svg?style=flat-square)](https://forge.puppetlabs.com/hfm/octopass)

#### Table of Contents

1. [Description](#description)

2. [Setup - The basics of getting started with octopass](#setup)

    * [Setup requirements](#setup-requirements)

3. [Usage - Configuration options and additional functionality](#usage)

    * [Configuring modules in Puupet](#configuring-modules-in-puppet)

    * [Configuring modules from Hiera](#configuring-modules-from-hiera)

4. [Limitations - OS compatibility, etc.](#limitations)

5. [Development - Guide for contributing to the module](#development)

## Description

The octopass module handles installing and configuring [octopass](https://github.com/linyows/octopass).

## Setup

### Setup Requirements

The octopass module requires the following puppet module:

- [puppetlabs-stdlib](https://forge.puppet.com/puppetlabs/stdlib): version 4.6.x or newer

- [puppetlabs-apt](https://forge.puppet.com/puppetlabs/apt): version 4.x (only Debian-based distributions).

note: puppetlabs-apt is soft dependencies. If you are installing on Debian systems, you will need to configure appropriate versions of this module.

## Usage

### Configuring modules in Puppet

To set up the octopass in Puppet codes, you can configure like the following:

```puppet

class { '::octopass':

  token        => 'iad87dih122ce66a1e20a751664c8a9dkoak87g7',

  organization => 'yourorganization',

  team         => 'yourteam',

}

```

### Configuring modules from Hiera

To set up octopass using Hiera, you declare `include ::octopass` in puppet manifests and configure in Hiera like the following:

```puppet

include ::octopass

```

```yaml

---

octopass::token: iad87dih122ce66a1e20a751664c8a9dkoak87g7

octopass::organization: yourorganization

octopass::team: yourteam

```

#### Configure with owner/repository

If you want to use a repository instead of team, you'd set `owner` and `repository`:

```yaml

octopass::token: iad87dih122ce66a1e20a751664c8a9dkoak87g7

octopass::owner: hfm

octopass::repository: puppet-octopass

```

#### Change group name

If you want to use other name of group than team or repository, you'd set `group`:

```yaml

octopass::token: iad87dih122ce66a1e20a751664c8a9dkoak87g7

octopass::organization: yourorganization

octopass::team: yourteam

octopass::group: othergroupname

```

#### For GitHub Enterprise

With GitHub Enterprise, you'd change `endpoint`:

```yaml

octopass::endpoint: 'https://git.yourorg.com'

```

#### Combination with other modules

Octopass in production requires [nsswitch.conf](http://man7.org/linux/man-pages/man5/nsswitch.conf.5.html) for resolving name, and sshd and [PAM](http://man7.org/linux/man-pages/man5/pam.conf.5.html) like the following:

```puppet

include ::octopass

# https://forge.puppet.com/trlinkin/nsswitch

include ::nsswitch

# https://forge.puppet.com/ghoneycutt/ssh

include ::ssh

# https://forge.puppet.com/herculesteam/augeasproviders_pam

pam { 'Set sss entry to system-auth auth':

  ensure    => present,

  service   => 'sshd',

  type      => 'auth',

  control   => 'requisite',

  module    => 'pam_exec.so',

  arguments => ['quiet', 'expose_authtok', '/usr/bin/octopass', 'pam'],

}

```

```yaml

---

octopass::token: iad87dih122ce66a1e20a751664c8a9dkoak87g7

octopass::organization: yourorganization

octopass::team: yourteam

nsswitch::octopass:

  - files

  - octopass

  - sss

nsswitch::passwd: "%{alias('nsswitch::octopass')}"

nsswitch::shadow: "%{alias('nsswitch::octopass')}"

nsswitch::group: "%{alias('nsswitch::octopass')}"

ssh::sshd_authorized_keys_command: '/usr/bin/octopass'

ssh::sshd_authorized_keys_command_user: 'root'

ssh::sshd_use_pam: 'yes'

```

## Limitations

See `operatingsystem_support` in [metadata.json](./metadata.json)

## Development

### Running tests

The octopass puppet module contains tests for both [rspec-puppet](http://rspec-puppet.com) (unit tests) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) (acceptance tests) to verify functionality. For detailed information on using these tools, please see their respective documentation.

#### Testing quickstart

- Unit tests:

```console

$ bundle install

$ bundle exec rake

```

- Acceptance tests:

```console

# Set your DOCKER_HOST variable

$ eval "$(docker-machine env default)"

# List available beaker nodesets

$ bundle exec rake beaker_nodes

centos7

stretch

xenial

# Run beaker acceptance tests

$ BEAKER_set=debian9 bundle exec rake beaker

```