Puppet users - Sep 2012 - deleting virtual users

Moin,
I started to virtualise user. Works fine so far.
Playing a bit a problem popped up.

given:
User ''ahab'' realized on a bunch of nodes node01 .. node08.

How do I delete a realized user on a node?
I was hoping to do something like
realize(User[''ahab'']){ensure => absent }
As this is not working, I wonder how to delete a realized virtual user.

Regards
Erkan


-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Realizing doesn''t allow overrides. To remove the user:

@user ahab { ensure => absent }
realize User[''ahab'']

This may mean you need to use inheritence for the class the user is defined in,
creating a child class for the nodes you want to remove him on.

On Sep 26, 2012, at 11:53 AM, erkan yanar wrote:
> Moin,
> I started to virtualise user. Works fine so far.
> Playing a bit a problem popped up.
> 
> given:
> User ''ahab'' realized on a bunch of nodes node01 ..
node08.
> 
> How do I delete a realized user on a node?
> I was hoping to do something like
> realize(User[''ahab'']){ensure => absent }
> As this is not working, I wonder how to delete a realized virtual user.
> 
> Regards
> Erkan
> 
> 
> -- 
> über den grenzen muß die freiheit wohl wolkenlos sein
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Sep 26, 2012 at 12:00:10PM -0700, Jo Rhett
wrote:
> Realizing doesn''t allow overrides. To remove the user:
> 
> @user ahab { ensure => absent }
> realize User[''ahab'']
> 
> This may mean you need to use inheritence for the class the user is defined
in, creating a child class for the nodes you want to remove him on.
> 
Oha,
that sounds like putting a lot of thinking building the configuration system.

thx a lot
erkan

-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

[snip]

How do I delete a realized user on a node?
> I was hoping to do something like
> realize(User[''ahab'']){ensure => absent }
> As this is not working, I wonder how to delete a realized virtual user.
>
If you use resource collection instead of the realize function, you can
override the attributes. This should work:

User <| title == ''ahab'' |> { ensure => absent }

Kind regards,

k

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Sep 27, 2012 at 12:11:54AM +0200, Kristof Willaert
wrote:
> Hi,
> 
> [snip]
> 
> How do I delete a realized user on a node?
> > I was hoping to do something like
> > realize(User[''ahab'']){ensure => absent }
> > As this is not working, I wonder how to delete a realized virtual
user.
> >
> 
> If you use resource collection instead of the realize function, you can
> override the attributes. This should work:
> 
> User <| title == ''ahab'' |> { ensure => absent }
> 
Hihaa!
Great Thx Kristof

-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, September 26, 2012 2:15:27 PM UTC-5, erkules
wrote:
>
> On Wed, Sep 26, 2012 at 12:00:10PM -0700, Jo Rhett wrote: 
> > Realizing doesn''t allow overrides. To remove the user: 
> > 
> > @user ahab { ensure => absent } 
> > realize User[''ahab''] 
> > 
> > This may mean you need to use inheritence for the class the user is 
> defined in, creating a child class for the nodes you want to remove him on.
> > 
>
> Oha, 
> that sounds like putting a lot of thinking building the configuration 
> system. 
>
>
Indeed, yes.  It is a complex task, and thinking is required.

Note, by the way, that virtualization really doesn''t have much to do
with
this particular issue.  There are basically two ways to remove users with 
Puppet:

   1. The fairly safe way: manage the user, setting ensure => absent.  That 
   ''ensure'' parameters could be set on the actual resource
declaration,
   perhaps conditionally, or it could be overridden later, such as via a 
   collection.
   2. The simple, but rather dangerous, way: use the
''resources''
   metaresource to declare that all unmanaged, non-system user accounts should 
   be purged from the system.  This has the potential to bite you -- hard -- 
   but it has the advantage that all you have to do is stop realizing a user 
   or else not declare him at all to have him removed.

Note that even approach (1) I designate only "fairly" safe.  It is
that
because you explicitly specify all user removals, but nothing can change 
the fact that removing users is inherently risky.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ywnSOVHpDyMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Sep 26, 2012, at 3:11 PM, Kristof Willaert wrote:
> How do I delete a realized user on a node?
> I was hoping to do something like
> realize(User[''ahab'']){ensure => absent }
> As this is not working, I wonder how to delete a realized virtual user.
> 
> If you use resource collection instead of the realize function, you can
> override the attributes. This should work:
> 
> User <| title == ''ahab'' |> { ensure => absent }

I must have overlooked this. I thought that objects couldn''t be changed
after creation without using inheritence?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hoi  John,

On Thu, Sep 27, 2012 at 06:09:28AM -0700, jcbollinger
wrote:
> 
> 
> On Wednesday, September 26, 2012 2:15:27 PM UTC-5, erkules wrote:
> >
> > On Wed, Sep 26, 2012 at 12:00:10PM -0700, Jo Rhett wrote: 
> > > Realizing doesn''t allow overrides. To remove the user: 
> > > 
> > > @user ahab { ensure => absent } 
> > > realize User[''ahab''] 
> > > 
> > > This may mean you need to use inheritence for the class the user
is
> > defined in, creating a child class for the nodes you want to remove
him on.
> > > 
> >
> > Oha, 
> > that sounds like putting a lot of thinking building the configuration 
> > system. 
> >
> >
> Indeed, yes.  It is a complex task, and thinking is required.
> 
> Note, by the way, that virtualization really doesn''t have much to
do with
> this particular issue.  There are basically two ways to remove users with 
> Puppet:
> 
>    1. The fairly safe way: manage the user, setting ensure => absent. 
That
>    ''ensure'' parameters could be set on the actual
resource declaration,
>    perhaps conditionally, or it could be overridden later, such as via a 
>    collection.
ok,
>    2. The simple, but rather dangerous, way: use the
''resources''
>    metaresource to declare that all unmanaged, non-system user accounts
should
>    be purged from the system.  This has the potential to bite you -- hard
--
>    but it has the advantage that all you have to do is stop realizing a
user
>    or else not declare him at all to have him removed.
I confess I like that idea.
> 
> Note that even approach (1) I designate only "fairly" safe.  It
is that
> because you explicitly specify all user removals, but nothing can change 
> the fact that removing users is inherently risky.
> 
thx a lot
erkan

-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

This may not fit your requirements but a slightly safer alternative 
might be set your old users'' shells to /bin/false and null out their 
password, rather than delete them. A small added bonus is if your UIDs 
are never reused then all your UIDs will resolve to user accounts, which 
can be helpful later down the track if you want to know who owned which 
file, rather than it just be an unresolved UID number.

On 27/09/12 20:52, erkan yanar wrote:
> Hoi  John,
>
> On Thu, Sep 27, 2012 at 06:09:28AM -0700, jcbollinger wrote:
>>
>> On Wednesday, September 26, 2012 2:15:27 PM UTC-5, erkules wrote:
>>> On Wed, Sep 26, 2012 at 12:00:10PM -0700, Jo Rhett wrote:
>>>> Realizing doesn''t allow overrides. To remove the user:
>>>>
>>>> @user ahab { ensure => absent }
>>>> realize User[''ahab'']
>>>>
>>>> This may mean you need to use inheritence for the class the
user is
>>> defined in, creating a child class for the nodes you want to remove
him on.
>>> Oha,
>>> that sounds like putting a lot of thinking building the
configuration
>>> system.
>>>
>>>
>> Indeed, yes.  It is a complex task, and thinking is required.
>>
>> Note, by the way, that virtualization really doesn''t have much
to do with
>> this particular issue.  There are basically two ways to remove users
with
>> Puppet:
>>
>>     1. The fairly safe way: manage the user, setting ensure =>
absent.  That
>>     ''ensure'' parameters could be set on the actual
resource declaration,
>>     perhaps conditionally, or it could be overridden later, such as via
a
>>     collection.
> ok,
>
>>     2. The simple, but rather dangerous, way: use the
''resources''
>>     metaresource to declare that all unmanaged, non-system user
accounts should
>>     be purged from the system.  This has the potential to bite you --
hard --
>>     but it has the advantage that all you have to do is stop realizing
a user
>>     or else not declare him at all to have him removed.
> I confess I like that idea.
>
>> Note that even approach (1) I designate only "fairly" safe. 
It is that
>> because you explicitly specify all user removals, but nothing can
change
>> the fact that removing users is inherently risky.
>>
> thx a lot
> erkan
>

-- 
Luke Bigum
Senior Systems Engineer

Information Systems
Ph: +44 (0) 20 3192 2520
luke.bigum@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN


FX and CFDs are leveraged products that can result in losses exceeding
your deposit.  They are not suitable for everyone so please ensure you
fully understand the risks involved.  The information in this email is not
directed at residents of the United States of America or any other
jurisdiction where trading in CFDs and/or FX is restricted or prohibited
by local laws or regulations.

The information in this email and any attachment is confidential and is
intended only for the named recipient(s). The email may not be disclosed
or used by any person other than the addressee, nor may it be copied in
any way. If you are not the intended recipient please notify the sender
immediately and delete any copies of this message. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is
strictly forbidden.

LMAX operates a multilateral trading facility.  Authorised and regulated 
by the Financial Services Authority (firm registration number 509778) and
is registered in England and Wales (number 06505809). 
Our registered address is Yellow Building, 1A Nicholas Road, London, W11
4AN.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.