We have several webservers that we are going to manage with puppet. We want to make sure the users are the same on all of them. My plan was to create a separate manifest for each user within a users module. However if someone changes their password one one server how do we make sure that puppet doesn''t overwrite that info? Also we want to propagates that password change to the other servers. Therefore putting information the password hash or age of the password in the manifest doesn''t seem like it will work. How is this supposed to be done? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DJnPtUOMw6kJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Trevor Vaughan
2012-May-21 19:12 UTC
Re: [Puppet Users] Managing Users over multiple servers
This is not something that you generallyl want to do with Puppet since Puppet is better utilized for ''consistency over time'' applications (with some exceptions). A tool, such as LDAP or Kerberos will probably serve your purposes much better over time. Trevor On Mon, May 21, 2012 at 3:08 PM, lth <ltharris@gmail.com> wrote:> We have several webservers that we are going to manage with puppet. We want > to make sure the users are the same on all of them. > > My plan was to create a separate manifest for each user within a users > module. However if someone changes their password one one server how do we > make sure that puppet doesn''t overwrite that info? Also we want to > propagates that password change to the other servers. Therefore putting > information the password hash or age of the password in the manifest doesn''t > seem like it will work. > > How is this supposed to be done? > > Thanks in advance. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/DJnPtUOMw6kJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
LDAP is something we''ve been considering and will probably be implementing that sooner than later. However while that takes care of the 100s of regular web users, we still don''t think we want our 8-10 system administrators to be doing that. So we''re still have the problem of trying to get puppet to handle them as well as pick up changes and propagate them. On Monday, May 21, 2012 3:12:12 PM UTC-4, Trevor Vaughan wrote:> > This is not something that you generallyl want to do with Puppet since > Puppet is better utilized for ''consistency over time'' applications > (with some exceptions). > > A tool, such as LDAP or Kerberos will probably serve your purposes > much better over time. > > Trevor > > On Mon, May 21, 2012 at 3:08 PM, lth <ltharris@gmail.com> wrote: > > We have several webservers that we are going to manage with puppet. We > want > > to make sure the users are the same on all of them. > > > > My plan was to create a separate manifest for each user within a users > > module. However if someone changes their password one one server how do > we > > make sure that puppet doesn''t overwrite that info? Also we want to > > propagates that password change to the other servers. Therefore putting > > information the password hash or age of the password in the manifest > doesn''t > > seem like it will work. > > > > How is this supposed to be done? > > > > Thanks in advance. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/DJnPtUOMw6kJ. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > tvaughan@onyxpoint.com > > -- This account not approved for unencrypted proprietary information -- >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/szGNJ7gHdx4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On May 21, 2:40 pm, lth <lthar...@gmail.com> wrote:> LDAP is something we''ve been considering and will probably > be implementing that sooner than later. However while that takes care of > the 100s of regular web users, we still don''t think we want our 8-10 system > administrators to be doing that. So we''re still have the problem of trying > to get puppet to handle them as well as pick up changes and propagate them.Puppet will not "pick up changes and propagate them." That''s exactly opposite to its designed mode of operation. You could, however, set up a system that makes password changes go first to some central file on the Puppetmaster, to be rolled out from there to all nodes. Password changes that bypassed that mechanism would still be overwritten. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.