diff --git a/README.md b/README.md index cca34a0..bc979e3 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,11 @@ Configures usage of the http_proxy environment variable. There is not default for this setting. ####`manage_ssh [optional]` -Configures whether or not to allow the module to manage the SSH service/package. +Configures whether or not to allow the module to manage the SSH service/package. +The default is *true*. + +####`manage_repo [optional]` +Configures whether or not to allow the module to add/manage the apt/yum repository. The default is *true*. ####`manage_pam [optinal]` diff --git a/manifests/apt.pp b/manifests/apt.pp index a530060..38a586e 100644 --- a/manifests/apt.pp +++ b/manifests/apt.pp @@ -18,30 +18,31 @@ } package { $duo_unix::duo_package: - ensure => $package_state, - require => [ - File[$repo_file], - Exec['Duo Security GPG Import'], - Exec['duo-security-apt-update'] - ] + ensure => $package_state } - file { $repo_file: - owner => 'root', - group => 'root', - mode => '0644', - content => "deb ${repo_uri}/${::operatingsystem} ${::lsbdistcodename} main", - notify => Exec['duo-security-apt-update'] - } + if $duo_unix::manage_repo { + file { $repo_file: + owner => 'root', + group => 'root', + mode => '0644', + content => "deb ${repo_uri}/${::operatingsystem} ${::lsbdistcodename} main", + notify => Exec['duo-security-apt-update'], + before => Package[$duo_unix::duo_package] + } - exec { 'duo-security-apt-update': - command => '/usr/bin/apt-get update', - refreshonly => true - } + exec { 'duo-security-apt-update': + command => '/usr/bin/apt-get update', + refreshonly => true, + require => File[$repo_file], + before => Package[$duo_unix::duo_package] + } - exec { 'Duo Security GPG Import': - command => '/usr/bin/apt-key add /etc/apt/DEB-GPG-KEY-DUO', - unless => '/usr/bin/apt-key list | grep "Duo Security"', - notify => Exec['duo-security-apt-update'] + exec { 'Duo Security GPG Import': + command => '/usr/bin/apt-key add /etc/apt/DEB-GPG-KEY-DUO', + unless => '/usr/bin/apt-key list | grep "Duo Security"', + notify => Exec['duo-security-apt-update'], + before => Package[$duo_unix::duo_package] + } } } diff --git a/manifests/init.pp b/manifests/init.pp index 61104e4..8076284 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,6 +21,7 @@ $accept_env_factor = 'no', $manage_ssh = true, $manage_pam = true, + $manage_repo = true, $pam_unix_control = 'requisite', $package_version = 'installed', ) { diff --git a/manifests/yum.pp b/manifests/yum.pp index c1c3738..33b5c69 100644 --- a/manifests/yum.pp +++ b/manifests/yum.pp @@ -27,15 +27,18 @@ $releasever = '$releasever' } else { $os = $::operatingsystem - $releasever = '$releasever' + $releasever = $::operatingsystemmajrelease } - yumrepo { 'duosecurity': - descr => 'Duo Security Repository', - baseurl => "${repo_uri}/${os}/${releasever}/\$basearch", - gpgcheck => '1', - enabled => '1', - require => File['/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO']; + if $duo_unix::manage_repo { + yumrepo { 'duosecurity': + descr => 'Duo Security Repository', + baseurl => "${repo_uri}/${os}/${releasever}/\$basearch", + gpgcheck => '1', + enabled => '1', + require => File['/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO'], + before => Package[$duo_unix::duo_package]; + } } if $duo_unix::manage_ssh { @@ -46,7 +49,7 @@ package { $duo_unix::duo_package: ensure => $package_state, - require => [ Yumrepo['duosecurity'], Exec['Duo Security GPG Import'] ]; + require => [ Exec['Duo Security GPG Import'] ]; } exec { 'Duo Security GPG Import':