Hi,
I''ve read puppet isn''t great at handling lots of users, but
I''ve got a
small user base and all my servers are geographically distributed and
hidden behind various firewalls/vpns, making them unsuitable for
centralised authentication that requires a constant connection (eg.
LDAP).
We''ve previously just distributed /etc/passwd and /etc/group files,
but I''m hoping that we could build something better into our new
Puppet deployments. Unfortunately, I''m getting the following error
when I try to add a user to multiple groups. This seems like quite a
simple requirement (aren''t they always?) ... so, I''m wondering
whether
I just completely misunderstand the use of the ''+>''
operator, or if
I''m thinking about this the wrong way.
Any help gratefully received!
Thanks,
Bryan
Below code snippet also available at http://pastie.org/556860.
[root@testnode]# puppetd
err: Could not retrieve catalog: Parameter ''groups'' is already
set on
User[bryan] by user::groupA
________________________________________________________________________
**site.pp**
node testnode {
include user::groupA
include user::groupB
}
class user::groupA inherits user::virtual {
User["bryan"] { groups +> "groupA" }
User["bob"] { groups +> "groupA" }
realize(
Group["groupA"],
User["bryan"],
User["bob"],
)
}
class user::groupB inherits user::virtual {
User["harry"] { groups +> "groupB" }
User["bryan"] { groups +> "groupB" }
realize(
Group["groupB"],
User["harry"],
User["bryan"],
)
}
class user::virtual {
@user { "bryan":
uid => 1001,
gid => 1001,
}
@user { "bob":
uid => 1002,
gid => 1002,
}
@user { "harry":
uid => 1003,
gid => 1003,
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Try using: ingroups => [''wheel'', ''devel''] On Jul 23, 2009, at 13:18, Bryan Ross <bryan@liquidstate.net> wrote:> > Hi, > > I''ve read puppet isn''t great at handling lots of users, but I''ve got a > small user base and all my servers are geographically distributed and > hidden behind various firewalls/vpns, making them unsuitable for > centralised authentication that requires a constant connection (eg. > LDAP). > > We''ve previously just distributed /etc/passwd and /etc/group files, > but I''m hoping that we could build something better into our new > Puppet deployments. Unfortunately, I''m getting the following error > when I try to add a user to multiple groups. This seems like quite a > simple requirement (aren''t they always?) ... so, I''m wondering whether > I just completely misunderstand the use of the ''+>'' operator, or if > I''m thinking about this the wrong way. > > Any help gratefully received! > > Thanks, > Bryan > > > Below code snippet also available at http://pastie.org/556860. > > [root@testnode]# puppetd > err: Could not retrieve catalog: Parameter ''groups'' is already set on > User[bryan] by user::groupA > ________________________________________________________________________> **site.pp** > node testnode { > include user::groupA > include user::groupB > } > > class user::groupA inherits user::virtual { > User["bryan"] { groups +> "groupA" } > User["bob"] { groups +> "groupA" } > > realize( > Group["groupA"], > User["bryan"], > User["bob"], > ) > } > > class user::groupB inherits user::virtual { > User["harry"] { groups +> "groupB" } > User["bryan"] { groups +> "groupB" } > > realize( > Group["groupB"], > User["harry"], > User["bryan"], > ) > } > > class user::virtual { > @user { "bryan": > uid => 1001, > gid => 1001, > } > > @user { "bob": > uid => 1002, > gid => 1002, > } > > @user { "harry": > uid => 1003, > gid => 1003, > } > } > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
> Try using: ingroups => [''wheel'', ''devel'']I was hoping to keep my users organised in neat classes as per the Best Practices documentation, rather than have to define all the groups a specific user is in all in a single place. However, as you point out, it is a valid work around. I presume ''ingroups'' is just an alias for ''groups''? Its not mentioned in the Type Reference documentation, but I tried it, and it seems to display the same functionality as the ''groups'' property. Generally speaking, am I thinking about the ''+>'' in the right way? If you cant update and add to properties of virtual resources, then I''m struggling to find a use for it? Or, do I need to perhaps need to add a dependency to ensure that I realize() my virtual resource after I''ve changed its properties? Cheers, Bryan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---