masson
Version:
Module execution engine for cluster deployments.
104 lines (86 loc) • 2.05 kB
Markdown
The module accept the following properties:
* `profile` (object)
Object where keys are the script filename and values are the script content.
* `limits` (object)
* `groups` (object)
* `reboot` (boolean)
Reboot the system in case selinux was modified, default is "false"
* `selinux` (boolean|string)
Activate or desactivate SeLinux, accepted values are "enforcing", "permissive" and "disabled"
* `users` (object)
```json
{
"selinux": true,
"reboot": true,
"limits": {
"memlock": {
"hard": 130
}
},
"profile": {},
"groups": {},
"users": {}
}
```
```json
{
"selinux": true,
"reboot": true,
"limits": {
"nproc": 2048,
"nofile": {
"soft": 2048,
"hard": 4096
}
},
"profile": {
"tmout.sh": "export TMOUT=0"
},
"groups": {
"my_group": {
"uid": 2300,
"system": true
}
},
"users": {
"my_user": {
"uid": 2301,
"gid": "my_user",
"groups": ["my_group"],
"system": true
"shell": "/bin/bash"
}
}
}
```
export default (service) ->
options = service.options
options.selinux ?= true
options.selinux = 'enforcing' if options.selinux is true
options.selinux = 'disabled' if options.selinux is false
throw Error "Invalid option \"options.selinux\": #{JSON.stringify options.selinux}" unless options.selinux in ['enforcing', 'permissive', 'disabled']
options.sysctl ?= {}
options.limits ?= {}
options.limits.memlock ?= {}
options.limits.memlock.hard ?= 130
options.groups ?= {}
for name, group of options.groups
group.name ?= name
options.users ?= {}
for name, user of options.users
user.name ?= name
user.home ?= '/root' if name is 'root'
options