Francisco Reyes
2013-Jun-08 20:53 UTC
[Puppet Users] Handling users in different environments
Long term we plan to use LDAP or AD, but in the mean time we are
considering to use puppet.
Most machines only have 3 to 6 users (admins and developers).
My thought was to fully manage new machines and to use puppet to be able to
disable existing users in pre-existing machines.
Is that a reasonable approach or is it best to do the work get user
management for now completely under puppet?
I found an "adduser" function so I was planning.
base-node
adduser user-1
....
adduser user-n
for the "fully" managed
The adduser would look like
name => "First Last",
uid => "1000",
password => ''Password-hash'',
shell => "/bin/bash",
groups => [''sudo''],
sshkeytype => "ssh-dss",
sshkey => "ssh-key"}
For the "partially" managed was thinking of using a subset of that,
but
when I tried to put the adduser calls in a second base node got an error
about Duplicate declaration.
The adduser function I am using:
--------------- adduser --------------
define adduser ($name, $uid, $password, $shell, $groups, $sshkeytype,
$sshkey){
$homedir = $kernel ? {
''SunOS'' => ''/export/home'',
default => ''/home''
}
$username = $title
user { $username:
comment => "$name",
home => "$homedir/$username",
shell => "$shell",
uid => $uid,
gid => $uid,
managehome => ''true'',
password => "$password",
groups => $groups
}
group { $username:
gid => "$uid"
}
ssh_authorized_key{ $username:
user => "$username",
ensure => present,
type => "$sshkeytype",
key => "$sshkey",
name => "$username"
}
}#add
--------------- adduser --------------
The base node
node base-web
{
include ubuntu-openntpd
import "../functions/adduser.pp"
}
adduser {user1:
name => "first last",
uid => "1000",
password => ''pass-hash'',
shell => "/bin/bash",
groups => [''sudo''],
sshkeytype => "ssh-dss",
sshkey => "key"
}
...
adduser {user-n:
name => "first last",
uid => "10##", <--whatever end number
password => ''pass-hash'',
shell => "/bin/bash",
groups => [''sudo''],
sshkeytype => "ssh-dss",
sshkey => "key"
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.