Current build status for master branch:
- Overview
- Module Description - What the module does and why it is useful
- Setup - Getting started with remctl
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
The remctl module installs, configures, and manages the command definitions and Access Control Lists for remctl.
The remctl module handles installing remctl with relatively standard defaults. It also installs xinetd to handle the daemon. Lastly, it allows for easy ACL and command definition.
If any nonstandard configuration is needed, the remctl class may be invoked with any required options; however, just applying an ACL or command will implicitly install the server and daemon. Standard usage might look like this:
remctl::server::acl { 'accounts':
principals => [
{
'principal' => '[email protected]',
'deny' => true,
},
{
'file' => '/etc/remctl/acl/admins',
},
'deny:[email protected]',
{
'principal' => 'service/[email protected]',
},
'service/[email protected]',
],
}
remctl::server::command { 'accounts':
executable_path => '/usr/local/bin',
commands => [
{
'subcommand' => 'create',
'executable' => 'doaccount',
'acl' => ['/etc/acl/group1','/etc/acl/group3'],
},
{
'subcommand' => 'delete',
'executable' => 'doaccount',
'acl' => '/etc/acl/group3',
},
{
'subcommand' => 'view',
'executable' => 'doaccount',
'acl' => 'ANYUSER',
},
{
'subcommand' => 'password',
'executable' => 'dopasswd',
'options' => { 'logmask' => '3', },
'acl' => '/etc/acl/group1',
},
{
'command' => 'printing',
'subcommand' => 'ALL',
'executable' => '/usr/bin/printthing',
'acl' => '/etc/acl/group2',
},
'other do /usr/local/bin/otherthing /etc/acl/group1',
]
}Note that the commands and ACL definitions may include hashes, allowing verbosity, or strings, allowing compactness. The strings must be valid lines for the respective listing; see man remctld(8) for proper syntax.
Installs the remctl client. On RedHat this is in the same package as the remctl
server program, while on Debian it has its own package. Use this class to
install just the client program (remctl) without installing and configuring
the remctl server (remctld).
(optionally Array of) String: defaults to 'remctl' on RedHat and 'remctl-client' on Debian. The name of the package for the remctl client.
String: defaults to 'latest'. The ensure state of the remctl client package.
For the remctl base class, each of the options for the puppetlabs/xinetd class is broken out as xinetd_{optionname}. Additionally, each option for puppetlabs/xinetd::service is broken out as remctl_xinetd_{optionname}. Aside: perhaps this naming scheme isn't the best. If you'd like to change it, see the contribution guide at the bottom of this document!
The unique options for the base class follow. The defaults are all based on RHEL6; similar defaults are in place for other distributions. If your distro isn't included, feel free to contribute! Again, just see the end of the document for more info.
String: defaults to '/etc/remctl/acl'. The directory that remctl ACLs are stored in.
String: defaults to '/etc/remctl/conf.d'. The directory the command module's command listing files are stored in.
String: defaults to '/etc/remctl.conf'. The file that the remctl daemon reads from; this file only contains an 'include $remctl::server::confdir'.
Boolean: defaults to true. Whether to install the 'remctl' package(s).
(optionally Array of) String: defaults to 'remctl' on RedHat and 'remctl-server' on Debian. The name of the package for the remctl server.
String: defaults to 'latest'. The ensure state of the remctl server package.
Array of String: defaults to ['/etc/remctl']. A list of folders to ensure exist for this class; used for the parent folders of $remctl::server::acldir and $remctl::server::confdir.
There is only one, required, parameter for the acl definition. The title of the remctl::server::acl is the filename for the ACL under the directory $remctl::server::acldir.
Array of ( String | Hash ). Required. An ordered list of principals to insert into the ACL. Valid hash options below. Note that there are no required parameters, but at least one of ( file | principal | gput | pcre | regex ) should be declared. Deny is used against one of these other types as well. If a string is used, it must be a valid line as per man remctld(8).
Boolean: false if unset. If set and set to true, deny this principal access.
String. Filename of ACL to additionally include.
String. Global Privileged User Table type. See man remctld(8). Unsupported in standard RHEL6 install; use only if you know your version supports it.
Regex|String. A Perl-compatible regular expression. See man remctld(8) for more info.
String. The name of a specific principal to allow (the most common option). If allowing all users, use '
Regex|String. Likely an alias for pcre, this is, just as it says on the tin, a regular expression.
There are two parameters for the command definition. The title of the remctl::server::command{} is the filename for the configuration file under $remctl::server::configdir that these commands are inserted into.
String. Optional. The default path for the executables. Note that if no executable_path is given, and a command listing's executable isn't a fully qualified path, the manifest fails. Note that this is not a search path, but a single directory.
Array of ( String | Hash ). Required. An ordered list of commands to insert into the command listing. Valid hash options below. If using a string, it must be a valid line as per man remctld(8).
String: defaults to the title of the remctl::server::command call. Required. The name of the command to allow from the remote client.
String. Required. A subcommand name that can allow for different command options upon calling. To expect no subcommand, use 'EMPTY', and to allow any subcommand, use 'ALL'.
String. Required. If not a fully qualified path, defaults to "$remctl::server::command::executable_path/$executable" if $remctl::server::command::executable_path is set; otherwise (if it's not a fully qualified path), the manifest fails. This is the executable called by remctl when this command and subcommand are encountered.
Hash of 'option'=>value | String. Optional. For the list of valid option=value pairs, see man remctld(8). String is not parsed for validity, but should be valid, as 'option1=value1 option2=value2'.
String | Array of String. Required. Fully-qualified path(s) for the ACL file(s) that list principals to allow for this command. Note that this may also be a single 'princ:someuser' or 'ANYUSER'. Basically, any valid line for an acl, as in man remctld(8).
This module has only been tested on RHEL6 so far; to add support for your distribution, contribute sane defaults as per the contribution note, below.
To request a feature or report a bug, use the project's Github issue tracker.
If you want to take a stab at the feature or bug yourself, or one that's already in the tracker, fork the repo, do some stuff, make sure that the specs are updated (and that rspec doesn't fail), and submit a pull request.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent