Hi, I have installed Puppet puppet-0.23.2-1.el4 & puppet-server-0.23.2-1.el4. Now trying to configure. I have a basic config which changes the sudo permission of the file. Currently I am using the puppet server as client. Now I wanted to add all my hosts some linux some unix. So was looking for a config syntax whioh can create groups. Like IT = [ host-1, host2, shost3 ] Eng = [ Eng1, Eng2, Eng3 ] So when looking at the nodes syntax, below. I didn''t find a way to group the host, rather it depends on a class. node ''salmon.testing.com'' inherits default { include mysql } This is my first question & other question is how can I make user management & groups management in *nix servers easy rather then writing scripts. Is there a plugin or template for these. Any response is much appreciated. Thanks for the time. -- _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Digant C Kasundra
2007-Sep-29 01:03 UTC
Re: Host groups config in puppet & User Management.
--On Friday, September 28, 2007 11:53:48 AM -0700 Deepak Naidu <dnaidu@silverspringnet.com> wrote:> Hi, > > I have installed Puppet puppet-0.23.2-1.el4 & > puppet-server-0.23.2-1.el4. > > Now trying to configure. I have a basic config which changes the sudo > permission of the file. > Currently I am using the puppet server as client. Now I wanted to add > all my hosts some linux some unix. So was looking for a config syntax > whioh can create groups. > > Like IT = [ host-1, host2, shost3 ] > > Eng = [ Eng1, Eng2, Eng3 ] > > So when looking at the nodes syntax, below. I didn''t find a way to group > the host, rather it depends on a class. > > > > node ''salmon.testing.com'' inherits default { > include mysql > }That is correct. Puppet doesn''t approach node definitions by groups, but relies on classes. So, rather than describing what properties a group has and then defining members of the group, you want to define classes and include them in your nodes, or inherit from the proper template class. For instance, we have a genericwebserver class: class genericwebserver { include apache2, awstats, php } node web1 inherits genericwebserver {} node web2 inherits genericwebserver {} ... node webx inherits genericwebserver {}> This is my first question & other question is how can I make user > management & groups management in *nix servers easy rather then writing > scripts. > > Is there a plugin or template for these. > > Any response is much appreciated. Thanks for the time.I''m not sure I understand the question. Puppet can manage users and groups (user and group are both native types). There is a script on the Best Practices page that converts password files into virtual users that you can then realize as needed (the Best Practice guide goes through a good way to lay this out). -- Digant C Kasundra <digant@stanford.edu> Technical Lead, ITS Unix Systems and Applications, Stanford University
Hey Thanks but I figured out a workaround for so called groups (with no group names). Here is the example. sudo & userhome are classes node host1, host2,, host3, host4, host5 { include sudo include userhome } Also regarding useradd & creadting home directories. Here''s what I did. Created a function & class as below. ======[ FUNCTION ]====== $host1# cat /etc/puppet/manifests/functions/user_homedir.pp # user_homedir.pp define user_homedir ($group, $fullname) { user { "$name": ensure => present, comment => "$fullname", gid => "$group", groups => $ingroups, membership => minimum, shell => "/bin/bash", home => "/home/$name", } exec { "$name homedir": command => "/usr/sbin/useradd $name; /bin/cp -R /etc/skel /home/$name; /bin/chown -R $name:$group /home/$name", creates => "/home/$name", require => User[$name], } } ========[CLASSES]====== $host1# cat /etc/puppet/manifests classes/user_homedir.pp class userhome { user_homedir { "legacy": group => "cvs", fullname => "Legacy", } } Then called class userhome in the site.pp config file under the node. Hope it helps someone. -- Deepak -----Original Message----- From: puppet-users-bounces@madstop.com [mailto:puppet-users-bounces@madstop.com] On Behalf Of Digant C Kasundra Sent: Friday, September 28, 2007 6:03 PM To: Puppet User Discussion Subject: Re: [Puppet-users] Host groups config in puppet & User Management. --On Friday, September 28, 2007 11:53:48 AM -0700 Deepak Naidu <dnaidu@silverspringnet.com> wrote:> Hi,>> I have installed Puppet puppet-0.23.2-1.el4 &> puppet-server-0.23.2-1.el4.>> Now trying to configure. I have a basic config which changes the sudo> permission of the file.> Currently I am using the puppet server as client. Now I wanted to add> all my hosts some linux some unix. So was looking for a config syntax> whioh can create groups.>> Like IT = [ host-1, host2, shost3 ]>> Eng = [ Eng1, Eng2, Eng3 ]>> So when looking at the nodes syntax, below. I didn''t find a way togroup> the host, rather it depends on a class.>>>> node ''salmon.testing.com'' inherits default {> include mysql> }That is correct. Puppet doesn''t approach node definitions by groups, but relies on classes. So, rather than describing what properties a group has and then defining members of the group, you want to define classes and include them in your nodes, or inherit from the proper template class. For instance, we have a genericwebserver class: class genericwebserver { include apache2, awstats, php } node web1 inherits genericwebserver {} node web2 inherits genericwebserver {} ... node webx inherits genericwebserver {}> This is my first question & other question is how can I make user> management & groups management in *nix servers easy rather thenwriting> scripts.>> Is there a plugin or template for these.>> Any response is much appreciated. Thanks for the time.I''m not sure I understand the question. Puppet can manage users and groups (user and group are both native types). There is a script on the Best Practices page that converts password files into virtual users that you can then realize as needed (the Best Practice guide goes through a good way to lay this out). -- Digant C Kasundra <digant@stanford.edu> Technical Lead, ITS Unix Systems and Applications, Stanford University _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Digant C Kasundra
2007-Sep-29 06:22 UTC
Re: Host groups config in puppet & User Management.
--On Friday, September 28, 2007 6:24 PM -0700 Deepak Naidu <dnaidu@silverspringnet.com> wrote:> define user_homedir ($group, $fullname) > > { > > user { "$name": > > ensure => present, > > comment => "$fullname", > > gid => "$group", > > groups => $ingroups, > > membership => minimum, > > shell => "/bin/bash", > > home => "/home/$name", > > } > > > > exec { "$name homedir": > > command => "/usr/sbin/useradd $name; /bin/cp -R /etc/skel > /home/$name; /bin/chown -R $name:$group /home/$name", > > creates => "/home/$name", > > require => User[$name], > > } > > }That''s an interesting approach. The user type actually uses useradd so the exec is only necessary to copy the skel files, and even that isn''t necessary if you define the home dir and require it so that it exists: define user_homedir ($group, $fullname) { file ( "/home/$name": ensure => directory } user { "$name": ... require => "/home/$name" } } You would actually want to to specify in file that the owner is the user but that means it won''t work on the first run since the user isn''t created yet, which is a problem (I wish puppet''s internal user add created the directory, but it doesn''t use the call that create a dir if it doesn''t exist). Generally, you want to avoid using execs, b/c "the Puppet way" is to not expose or rely on the underlying mechanics of how to manage the system, but to represent in the abstract manner of the puppet manifest.