Puppet users - Nov 2010 - selectors in type defaults

Hi all,

I''d like to define a selecto when defining "user" type
default:

        User { 
                ensure          => present,
                provider        => useradd,
                managehome      => $name ? {
                        /^at/ 	=> true,
                        default => false,
                }
        }

It is not working and I have not found any place that says that it is
possible.

Anyone knows if this is possible? and if yes, what am I doing wrong?

TIA,
Arnau

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Nov 09, 2010 at 10:46:07AM +0100, Arnau Bria
wrote:
> Hi all,
> 
> I''d like to define a selecto when defining "user" type
default:
> 
>         User { 
>                 ensure          => present,
>                 provider        => useradd,
>                 managehome      => $name ? {
>                         /^at/ 	=> true,
>                         default => false,
>                 }
>         }
> 
> It is not working and I have not found any place that says that it is
> possible.
> 
> Anyone knows if this is possible? and if yes, what am I doing wrong?
You could do this using a define.  A resource default isn''t some kind
of macro that is invoked whenever an instance of the resource is
evaluated; the code of the defaults declaration is evaluated in place,
when it is first encountered.  $name doesn''t exist at the time you
declare the defaults.  (You''re lucky you didn''t do this inside
a code
block where $name is meaningful, or your error would have been hidden
and produced bizarre side effects).

To do what you want, the way you want to it, you would need to create a
my_user define and put the code in there.  However, there''s no need to
do it this way at all.  What''s wrong with just having

	User {
		ensure => ''present'',
		provider => ''useradd'',
		managed => false
	}

and then

	user { ''at'':
		managed => true
	}

Is there some reason you don''t want that?  Hmm.  Are you perhaps
working under the mistaken assumption that a User defaults declaration
will affect all users on the box?  Because the truth is that it will
only affect any users explicitly declared in your Puppet manifests.

-- 
Bruce

It is impolite to tell a man who is carrying you on his shoulders that
his head smells.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, 9 Nov 2010 10:36:12 +0000
Bruce Richardson wrote:

Hi Bruce,

[...]
> You could do this using a define.  
I thought so.
> A resource default isn''t some kind of macro that is invoked
whenever
> an instance of the resource is evaluated; the code of the defaults
> declaration is evaluated in place, when it is first encountered.
> $name doesn''t exist at the time you declare the defaults. 
(You''re
> lucky you didn''t do this inside a code block where $name is
> meaningful, or your error would have been hidden and produced bizarre
> side effects).
Well, I''m doing this changes on test hosts :-) 
> To do what you want, the way you want to it, you would need to create
> a my_user define and put the code in there.  However, there''s no
need
> to do it this way at all.  What''s wrong with just having
> 
> 	User {
> 		ensure => ''present'',
> 		provider => ''useradd'',
> 		managed => false
> 	}
> 
> and then
> 
> 	user { ''at'':
> 		managed => true
> 	}
> 
> Is there some reason you don''t want that?  Hmm.  Are you perhaps
> working under the mistaken assumption that a User defaults declaration
> will affect all users on the box?  Because the truth is that it will
> only affect any users explicitly declared in your Puppet manifests.
No, I''m not assuming that it will affect all users.

I have a script that "translates" nis users into puppet users (we
don''t
want nis services in our nodes, but use autofs for its homes... long
history) So all users already have their homes if autofs is started.
But I''d like to "change" some nis users homes from that
shared area and
create them locally.

So, I was wondering if I could define some regexpr at user default
for creating homes for those special users.

If it''s not possible I''ll add some file (dir) type for
creating
those homes... it''s not a big deal, I asked cause I wanted to
understand type defaults better.

Thanks for you reply.

Cheers,
Arnau

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Nov 9, 4:53 am, Arnau Bria <arnaub...@pic.es> wrote:
> I have a script that "translates" nis users into puppet users (we
don''t
> want nis services in our nodes, but use autofs for its homes... long
> history) So all users already have their homes if autofs is started.
> But I''d like to "change" some nis users homes from that
shared area and
> create them locally.
>
> So, I was wondering if I could define some regexpr at user default
> for creating homes for those special users.
>
> If it''s not possible I''ll add some file (dir) type for
creating
> those homes... it''s not a big deal, I asked cause I wanted to
> understand type defaults better.
I''m not sure you''ve fully appreciated Bruce''s remarks
and advice.  No,
you cannot use resource defaults to achieve what you want directly,
but if the User/managehome property would have been a suitable
approach as a default then it is just as suitable when specified per-
user.  In other words, why not this:

User {
    ensure => present,
    provider => useradd,
    managehome => false
}

user { "alice":
    # ...
    home => "/autohome/alice"
}

user { "bob":
    # ...
    home => "/home/bob",
    managehome => true
}

If you have resource declarations for all the users whose homedir you
want managed, and especially if those are special cases anyway, then
that''s exactly the case for overriding the default managehome value
for those users.

Yes, you can set up File resources for the homedirs if you want to
manage them directly through Puppet, but you don''t have to do.


With that said, if your system relies on PAM, as it probably does,
then you can make PAM create homedirs as necessary when users log in.
That might be even more convenient for you.  Some Linux distributions
even provide a nice GUI for setting this up, so that you don''t need to
directly tweak your PAM configuration.  (On RHEL/CentOS 5, it''s at
System->Administration->Authentication/Options/[Create home
directories on the first login].)  If you prefer to tweak the PAM
configuration manually then you would want to insert the
pam_mkhomedir.so module early in the "session" chain of the login
service.  See the docs for more detail.


Cheers,

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, 9 Nov 2010 06:24:21 -0800 (PST)
jcbollinger jcbollinger wrote:

> I''m not sure you''ve fully appreciated Bruce''s
remarks and advice.  No,
Yes, I did.

I was playing at test instance, and had some options when wanted to
create home for certain users:

1.-) modify our local script that translates nis-users. add some case
statement that adds managehome=>true.

2.-) add case at type default (which is $HEADER in our script)

I choose 2, I did not work, I wanted to ask and undesrtand "type
defaults" a little more. 



I do use the code you and Bruce show. i.e.:
class computing_ssh {

        File {
                ensure  => present,
                owner   => ''root'',
                group   => ''root'',
                mode    => 644,
        }
[...]
                ''sshd_config'' :
                        name    => ''/etc/ssh/sshd_config'',
                        mode    => 400,

[...]


Thanks for the pam explanation, didn''t know.

Anyway, I''ll leave our local script as it is, add some file entry for
those homes, and modify the script when I have more time.

> Cheers,
> John
Thanks for your reply,
Arnau

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.