Andreas Dvorak
2013-Oct-08 11:15 UTC
[Puppet Users] user management define once an add if required on server
Dear all
I am looking for a solution for a module to define alle possible user and
then install the one or more user from that module if needed on a server,
but not all of them.
My idea is something like this. Can I define a user in the nodes.pp at a
special Server to install that user?
init.pp
class admin_user::group {
group { "group1":
gid => "888",
ensure => present,
}
}
class admin_user {
include admin_user::group, admin_user::list
}
list.pp with many user like this
class admin_user::list {
admin_user::useradd { "test1":
comment => "test1",
uid => "1032",
gid => "888",
shell => "/bin/bash",
password =>
''$6$QMhC7iyQ$CeUQnyZRaqzUp1/jkH61SaE7gz/'',
sshkeytype => "rsa",
sshkey =>
"AAAAB3NzaC1yc2EAAAABIwAAA4gZcD7cxU7Yu2Gs4iL5bycu1nSb0/U4rGLe5OipRtqkwkfk93KX/i6N8=",
}
admin_user::useradd { "test2":
comment => "test2",
uid => "2012",
gid => "888",
shell => "/bin/bash",
password =>
''$6$0vY.Ob.b$uF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1'',
sshkeytype => "rsa",
sshkey =>
"AAAAB3NzaC1yc2EAA/QtjZcPsaAhdZMsNU9xJ0Hb1VX3+vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF"
}
}
and useradd.pp
define admin_user::useradd ( $comment, $uid, $group, $gid, $password,
$shell, $sshkeytype, $sshkey) {
include admin_user::group
$username = $title
user { $username:
ensure => present,
comment => "$comment",
uid => "$uid",
gid => "$gid",
shell => "$shell",
home => "/home/$username",
managehome => true,
forcelocal => true,
password => "$password",
require => Group["baaderadm"],
}
ssh_authorized_key { $username:
user => "$username",
type => "$sshkeytype",
key => "$sshkey",
require => User["$username"],
}
}
nodes.pp
node ''vm6742.muc.baag'' inherits base {
$user = "test1"
include jre17_32bit
}
Maybe I need to split the list.pp in separate files for every user, but I
do not know how to request a specific user.
Maybe something like that: include addmin_user::test1
I could create a modul for every user and add it to a server, but I think
that is not a good solution.
Best regards
Andreas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Johan De Wit
2013-Oct-08 11:42 UTC
Re: [Puppet Users] user management define once an add if required on server
Have a look at virtual resources. When needed, you can realize them. The puppet cookbook has a chapter explaining this On 10/08/2013 01:15 PM, Andreas Dvorak wrote:> Dear all > > I am looking for a solution for a module to define alle possible user > and then install the one or more user from that module if needed on a > server, but not all of them. > My idea is something like this. Can I define a user in the nodes.pp at > a special Server to install that user? > > init.pp > class admin_user::group { > group { "group1": > gid => "888", > ensure => present, > } > } > > class admin_user { > include admin_user::group, admin_user::list > } > > list.pp with many user like this > > class admin_user::list { > admin_user::useradd { "test1": > comment => "test1", > uid => "1032", > gid => "888", > shell => "/bin/bash", > password => ''$6$QMhC7iyQ$CeUQnyZRaqzUp1/jkH61SaE7gz/'', > sshkeytype => "rsa", > sshkey => > "AAAAB3NzaC1yc2EAAAABIwAAA4gZcD7cxU7Yu2Gs4iL5bycu1nSb0/U4rGLe5OipRtqkwkfk93KX/i6N8=", > } > > admin_user::useradd { "test2": > comment => "test2", > uid => "2012", > gid => "888", > shell => "/bin/bash", > password => ''$6$0vY.Ob.b$uF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1'', > sshkeytype => "rsa", > sshkey => > "AAAAB3NzaC1yc2EAA/QtjZcPsaAhdZMsNU9xJ0Hb1VX3+vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF" > } > } > > and useradd.pp > define admin_user::useradd ( $comment, $uid, $group, $gid, $password, > $shell, $sshkeytype, $sshkey) { > include admin_user::group > $username = $title > > user { $username: > ensure => present, > comment => "$comment", > uid => "$uid", > gid => "$gid", > shell => "$shell", > home => "/home/$username", > managehome => true, > forcelocal => true, > password => "$password", > require => Group["baaderadm"], > } > > ssh_authorized_key { $username: > user => "$username", > type => "$sshkeytype", > key => "$sshkey", > require => User["$username"], > } > } > > nodes.pp > > node ''vm6742.muc.baag'' inherits base { > $user = "test1" > include jre17_32bit > } > > Maybe I need to split the list.pp in separate files for every user, > but I do not know how to request a specific user. > Maybe something like that: include addmin_user::test1 > > I could create a modul for every user and add it to a server, but I > think that is not a good solution. > > Best regards > Andreas > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out.-- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP0000006) _________________________________________________________ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile +32 (0)474/42 40 73 BELGIUM http://www.open-future.be _________________________________________________________ Next Events: Extending Puppet Training 2013 | http://www.open-future.be/extending-puppet-training-8-till-11th-october Puppet Fundamentals Training | http://www.open-future.be/puppet-fundamentals-training-15-till-17th-october Puppet Advanced Training | https://www.open-future.be/puppet-advanced-training-12-till-14th-november Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-18-till-20th-november Zabbix Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-21-till-22nd-november Puppet Fundamentals Training | http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Andreas Dvorak
2013-Oct-08 12:11 UTC
Re: [Puppet Users] user management define once an add if required on server
Hi Johan,
thank you for the hint with virtual resources.
Here is my solution
cat init.pp
class accounts {
@accounts::virtual {''test1'':
comment => "test1",
uid => "1056",
gid => "880",
group => "baader",
shell => "/bin/bash",
password => ''$1$6hsRON8i7w5JncJDROnjh51'',
sshkeytype => "rsa",
sshkey => "",
}
@accounts::virtual {''test2'':
comment => "test2",
uid => "1058",
gid => "880",
group => "baader",
shell => "/bin/bash",
password => ''$1$RuV4YCYT$KXDWuNtU9B1'',
sshkeytype => "rsa",
sshkey => "",
}
}
cat virtual.pp
define accounts::virtual ( $comment, $uid, $group, $gid, $password, $shell,
$sshkeytype, $sshkey) {
$username = $title
group { $group:
gid => "$gid",
ensure => present,
}
user { $username:
ensure => present,
comment => "$comment",
uid => "$uid",
gid => "$gid",
shell => "$shell",
home => "/home/$username",
managehome => true,
forcelocal => true,
password => "$password",
require => Group["$group"],
}
ssh_authorized_key { $username:
user => "$username",
type => "$sshkeytype",
key => "$sshkey",
require => User["$username"],
}
}
node ''vm6741.muc.baag'' inherits base {
include accounts
realize (Accounts::Virtual[''test2''])
}
Best regards
Andreas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Andreas Dvorak
2013-Oct-08 13:21 UTC
[Puppet Users] Re: user management define once an add if required on server
Hi, there is a problem If I want to add a second user with the same group to the same server I get this error: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Group[baader] is already declared in file /etc/puppet/git/modules/accounts/manifests/virtual.pp at line 7; cannot redeclare on node vm6741.muc.baag Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run How can I solve this? Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
jcbollinger
2013-Oct-09 13:27 UTC
[Puppet Users] Re: user management define once an add if required on server
On Tuesday, October 8, 2013 8:21:43 AM UTC-5, Andreas Dvorak wrote:> > Hi, > > there is a problem > > If I want to add a second user with the same group to the same server I > get this error: > > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Duplicate declaration: Group[baader] is already declared in file > /etc/puppet/git/modules/accounts/manifests/virtual.pp at line 7; cannot > redeclare on node vm6741.muc.baag > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > How can I solve this? > >Puppet does not allow two declared resources having the same type and the same name or title. In your case, you get multiple declarations when two users are assigned to the same group because you (re)declare the group for each user assigned to it. Thus, the solution is to move the group declarations outside your accounts::virtual definition. If you wish, you can use virtual resources here, too, to avoid assigning unneeded groups to the target node. Example: class accounts::groups { Group { ensure => present } @group { ''group1'': gid => 1234; ''group2'': gid => 2345; #... ''groupN'': gid => 6789; } } define accounts::virtual($group, #... ) { include ''accounts::groups'' user { ${title}: ensure => present, gid => $group, require => Group[$group], # ... } realize Group[$group] # ... } If you have many distinct groups, however, then you will likely find that it is easier and safer to record them in an external file instead of modifying your manifests every time you want to manage groups. This is what hiera() is for. It can be used directly or via Puppet''s automatic data binding mechanism to feed data to Puppet, such as all your (group name, gid) pairs. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Andreas Dvorak
2013-Oct-10 14:32 UTC
[Puppet Users] Re: user management define once an add if required on server
Great, thank you the good example. Now I am happy Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.