I''ve got an Apache module and a Nagios module which
"require"s the
Apache module, in the Nagios module we need to add the apache user to
the nagios group, what would be the best most scalable method to do
this? Assuming we might have other modules for webapps which need to
add the apache user to other groups in the future?!
The actual apache user is created by the httpd package (on RedHat) but
in the Apache module can we just manage the user with something like :
user { "apache":
    uid => 48,
    gid => 48,
    groups => "apache",
}
and then in the Nagios module do
User["apache"]{ groups +> "nagios" }
? Or is there a better way?
Cheers!
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Feb 24, 6:59 am, Rus Hughes <russell.hug...@gmail.com> wrote:> I''ve got an Apache module and a Nagios module which "require"s the > Apache module, in the Nagios module we need to add the apache user to > the nagios group, what would be the best most scalable method to do > this? Assuming we might have other modules for webapps which need to > add the apache user to other groups in the future?! > > The actual apache user is created by the httpd package (on RedHat) but > in the Apache module can we just manage the user with something like : > > user { "apache": > uid => 48, > gid => 48, > groups => "apache", > > } > > and then in the Nagios module do > > User["apache"]{ groups +> "nagios" } > > ? Or is there a better way? > > Cheers!We do this by defining the service account as a virtual user and realizing/overriding when necessary. For your example: @user { "apache": uid => 48, gid => 48, groups => "apache", } Then in your nagios module: Realize(User["apache"]) User["apache"] { groups +> "nagios" } Don''t forget to realize it in your apache module too. :) -adam -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Gliwinski
2010-Feb-25  12:37 UTC
Re: [Puppet Users] Re: Correct user management across modules
On Wednesday 24 Feb 2010 16:33:59 atom wrote:> On Feb 24, 6:59 am, Rus Hughes <russell.hug...@gmail.com> wrote: > > I''ve got an Apache module and a Nagios module which "require"s the > > Apache module, in the Nagios module we need to add the apache user to > > the nagios group, what would be the best most scalable method to do > > this? Assuming we might have other modules for webapps which need to > > add the apache user to other groups in the future?! > > > > The actual apache user is created by the httpd package (on RedHat) but > > in the Apache module can we just manage the user with something like : > > > > user { "apache": > > uid => 48, > > gid => 48, > > groups => "apache", > > > > } > > > > and then in the Nagios module do > > > > User["apache"]{ groups +> "nagios" } > > > > ? Or is there a better way? > > > > Cheers! > > We do this by defining the service account as a virtual user and > realizing/overriding when necessary. For your example: > > @user { "apache": > uid => 48, > gid => 48, > groups => "apache", > } > > Then in your nagios module: > > Realize(User["apache"]) > User["apache"] { groups +> "nagios" } > > Don''t forget to realize it in your apache module too. :) > > -adam >Do you define your virtual users in global scope? I.e. in site.pp or in some module/class? The reason I''m asking is because I had some trouble overriding parameters of resources (even virtual) declared in another class or especially a define. Thanks, Michael -- Michael Gliwinski Henderson Group Information Services 9-11 Hightown Avenue, Newtownabby, BT36 4RT Phone: 028 9034 3319 ********************************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to the email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement leter or contract. If you have received this email in error please notify support@henderson-group.com John Henderson (Holdings) Ltd Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland, BT36 4RT. Registered in Northern Ireland Registration Number NI010588 Vat No.: 814 6399 12 ********************************************************************************* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2010-Feb-26  19:37 UTC
[Puppet Users] Re: Correct user management across modules
On Feb 25, 6:37 am, Michael Gliwinski <Michael.Gliwin...@henderson- group.com> wrote:> Do you define your virtual users in global scope? I.e. in site.pp or in some > module/class? The reason I''m asking is because I had some trouble overriding > parameters of resources (even virtual) declared in another class or especially > a define.To the best of my knowledge, you can only override resource parameters in a subclass of the class that declares the resource. Perhaps you can also override properties of resources declared at global scope, but I don''t generally recommend global resources, even virtual ones. You might be able to achieve what you want something like this (completely untested): # A class containing virtual declarations of all your users class user::virtual { # ... @user { "apache": uid => 48, gid => 48, groups => "apache", } # ... } # A class in your nagios module that # exists solely to override User["apache"] class nagios::apache::user inherits user::virtual { User["apache"] { groups +> "nagios } } # Apache-related nagios settings class nagios::apache { include "nagios::apache::user" realize User["apache"] # ... } Good luck, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2010-Feb-26  19:43 UTC
[Puppet Users] Re: Correct user management across modules
Come to think of it, the issue of using virtual resources is orthogonal to that of overriding resource properties. You don''t need to make your users virtual to override their parameters, but you do need to put the override into a subclass of the declaring class. Be sure to include the subclass in your manifest. It is harmless to include the base class as well. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Gliwinski
2010-Mar-08  15:48 UTC
Re: [Puppet Users] Re: Correct user management across modules
On Friday 26 Feb 2010 19:43:22 jcbollinger wrote:> Come to think of it, the issue of using virtual resources is > orthogonal to that of overriding resource properties. You don''t need > to make your users virtual to override their parameters, but you do > need to put the override into a subclass of the declaring class. Be > sure to include the subclass in your manifest. It is harmless to > include the base class as well. >Yes, it doesn''t matter if they''re virtual or not indeed. What you suggested in previous email works very well with classes and that''s what I''m using if possible, however there are certain cases where I''m declaring resources in a define. So far I found no way to override parameters of such resources, is there any? -- Michael Gliwinski Henderson Group Information Services 9-11 Hightown Avenue, Newtownabby, BT36 4RT Phone: 028 9034 3319 ********************************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to the email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement leter or contract. If you have received this email in error please notify support@henderson-group.com John Henderson (Holdings) Ltd Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland, BT36 4RT. Registered in Northern Ireland Registration Number NI010588 Vat No.: 814 6399 12 ********************************************************************************* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.