Hi people.
After some reading, I think I have some sort of coherent thought about how to
handle users and groups, being a first time Puppet user though I figured
I''d ask for some criticism before I go ahead.
I''ll use the /modules/user module as per the BP-doc, and store all the
users and groups in one file/class.
Then I''ll have two(for now at least) classes in separate files,
basically these will be admins and non-admins, and node classes will then
inherit these as needed(I expect most nodes will only need the admins and
possibly some application accounts).
Somethingl like so(no I''m not trying to write real puppet code, just a
brief description, so I know this won''t work as is ;-) :
virtual.pp
class user::virtual
# Groups first for the sake of order
@group admin...
@group notadmin...
...
# Users now
@user {"user1": gid => "admin" ...}
@user {"user2": gid => "notadmin" ...}
...
admins.pp
class user::admins inherits user::virtual
realize ( Group["admin"], User["user1"] )
nonadmins.pp
class user::notadmins inherits user::virtual
realize ( Group["notadmin", User["user2"] )
And the base node class will include the user::admin class, and so forth.
As for application accounts and such, I figured I''d stick these in
classes of their own in one manifest(say appusers.pp or some such).
Basically what I''m asking, does this seem sane to more experienced
people, or am I setting myself up for pain?
Regards
Johan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> Basically what I''m asking, does this seem sane to more experienced people, or am I setting myself up for pain?I do it pretty much like that, and it works for me. A couple things, though: 1) unless you intend for your user::admins and user::notadmins classes to override properties of your virtual users, they should "include" the user::virtual class instead of inheriting from it (the BP example notwithstanding) 2) your virtual User declarations should each "require" the appropriate Group to ensure that it is present before any of its users are managed. (The relative order in which you declare or realize them cannot ensure this.) The groups being declared virtually does not pose a problem for that. Cheers, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Dear Sunner, Good Morning ! I am shiva . Right now i m working with Puppet User Management Module. And i saw your post the same kind of module i looking for. Its very usefull if you share you user module to me, Thanks Thanks & Regards, Shiva... On Thursday, November 25, 2010 12:54:50 AM UTC-6, Sunner wrote:> Hi people. > After some reading, I think I have some sort of coherent thought about how > to handle users and groups, being a first time Puppet user though I figured > I''d ask for some criticism before I go ahead. > > I''ll use the /modules/user module as per the BP-doc, and store all the > users and groups in one file/class. > Then I''ll have two(for now at least) classes in separate files, basically > these will be admins and non-admins, and node classes will then inherit > these as needed(I expect most nodes will only need the admins and possibly > some application accounts). > Somethingl like so(no I''m not trying to write real puppet code, just a > brief description, so I know this won''t work as is ;-) : > > virtual.pp > class user::virtual > # Groups first for the sake of order > @group admin... > @group notadmin... > ... > > # Users now > @user {"user1": gid => "admin" ...} > @user {"user2": gid => "notadmin" ...} > ... > > > admins.pp > class user::admins inherits user::virtual > realize ( Group["admin"], User["user1"] ) > > > nonadmins.pp > class user::notadmins inherits user::virtual > realize ( Group["notadmin", User["user2"] ) > > And the base node class will include the user::admin class, and so forth. > As for application accounts and such, I figured I''d stick these in classes > of their own in one manifest(say appusers.pp or some such). > > Basically what I''m asking, does this seem sane to more experienced people, > or am I setting myself up for pain? > > Regards > Johan > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DM5V98czFJgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.