I am creating authentication module which basically copies files like passwd, shadow and group etc from puppet server to agent on specified location
below is my manifest file init.pp
class auth (
$groups = $auth::params::groups,
$users = $auth::params::users,
$default_shell = $auth::params::default_shell,
) inherits auth::params {
include stdlib
notify { 'Hello World': }
# defined type for arrays of files with a common root directory and permissions
define auth::file_array(
$root_dir,
$owner = 'root',
$group = 'root',
$mode = '0644',
) {
# validations
if ($root_dir == undef) {
fail("auth::file_array ${name} root_dir is undefined")
}
# push file, puppet:/// forces pull from Puppet server being used
file { $name:
ensure => file,
owner => $owner,
group => $group,
path => "/${root_dir}/${name}",
source => "puppet:///modules/auth/${root_dir}/${name}",
mode => $mode,
}
}
# 0644 files
auth::file_array { ['krb5.conf', 'nsswitch.conf', 'group', 'pam_smb.conf', 'pam.d/gdm-password', 'pam.d/kdm', 'pam.d/login', 'pam.d/sshd', 'pam.d/su', 'pam.d/system-auth', 'pam.d/system-auth-ac', 'passwd', 'sysconfig/authconfig']:
root_dir => 'etc',
}
# 0600 files
auth::file_array { ['shadow', 'gshadow']:
root_dir => 'etc',
mode => '0000',
}
# defined type for dynamic management of /etc/group
define auth::dynamic_group() {
$group = $name
$gid = $auth::groups[$group]['gid']
$users = $auth::groups[$group]['users']
# create groups
group { $group:
ensure => present,
gid => $gid,
require => File['group', 'gshadow'],
}
# purge group before adding members
augeas { "purge_${group}":
context => "/files/etc/group/${group}",
changes => [
'rm user',
],
require => Group[$group],
}
# force unique resource titles (same user may be in multiple groups)
$group_users = prefix($users, "${group}_")
# add all members
dynamic_group::member { $group_users:
group => $group,
require => Augeas["purge_${group}"],
}
}
# defined type for lower-level work supporting dynamic management of /etc/group
define auth::dynamic_group::member($group) {
# validations
if( $group == undef ) {
fail("auth::dynamic_group::member $name group is undefined")
}
# strip group name to get user
$user = regsubst($name, "^${group}_", '')
# add user to group
augeas { "${group}_${user}":
context => "/files/etc/group/${group}",
changes => [
"ins user after *[self::gid or self::user][last()]",
"set user[last()] ${user}",
],
}
}
# get group names from hash parameter
$group_names = keys($auth::groups)
# create groups, can't use create_resources here
auth::dynamic_group { $group_names:
before => Exec['fix_gshadow'],
}
# force sync w/ /etc/gshadow, in case users newgrp
exec { 'fix_gshadow':
command => 'grpconv',
path => ['/usr/bin', '/usr/sbin'],
}
# defined type for hostname specific user overrides
# this can force removal of accounts on specific machines, changing passwords, ...
define auth::hostname_user_override(
$pattern,
$user,
$groups,
$ensure = 'present',
$shell = $auth::default_shell,
$password = '!!',
) {
# validations
if( $pattern == undef ) {
fail("auth::user_override $name pattern undefined")
}
if( $user == undef ) {
fail("auth::user_override $name user undefined")
}
if( $groups == undef ) {
fail("auth::user_override $name groups undefined")
}
if( regexp_match_variable($::hostname, $pattern)) {
user { $name:
ensure => $ensure,
name => $user,
groups => $groups,
shell => $shell,
password => $password,
require => File['passwd', 'shadow'],
}
}
}
create_resources(auth::hostname_user_override, $user_overrides)
}
param.pp
class auth::params {
$groups = {
'owner' => {
'gid' => '102',
'users' => $::fqdn ? {
default => $::machine_owner ? {
undef => [],
"" => [],
default => [$::machine_owner],
},
},
},
'qpadm' => {
'gid' => '1000',
'users' => $::fqdn ? {
default => $::machine_owner ? {
undef => [],
"" => [],
default => [$::machine_owner],
},
},
},
'docker' => {
'gid' => '2000',
'users' => $::fqdn ? {
default => $::machine_owner ? {
undef => [],
"" => [],
default => [$::machine_owner],
},
},
},
'sasl' => {
'gid' => '6235',
'users' => $::fqdn ? {
/pd-dcm-test-[12]\.eng\.qpass\.net/ => $::machine_owner ? {
undef => ['ganeshna', 'sukeshk'],
"" => ['ganeshna', 'sukeshk'],
default => [$::machine_owner, 'ganeshna', 'sukeshk'],
},
default => $::machine_owner ? {
undef => [],
"" => [],
default => [$::machine_owner],
},
},
},
}
# $user_overrides is for hostname_user_override management
$user_overrides = {
'bpainter_remove_root_password' => {
pattern => 'bpainter',
user => 'root',
groups => 'root',
},
}
# default shell for modifying/creating user accounts
$default_shell = '/bin/bash'
}
I called this module in node.pp as
include auth
But when I run the puppet agent -t on agent node I am getting below error
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'auth::file_array' (file: /etc/puppetlabs/code/environments/production/modules/auth/manifests/init.pp, line: 30, column: 2) on node testmachine.example.com
puppet server version is 7.28.0
Note: Same code is running on puppet version 3.8.7