Hi list,
I am familiar with virt_users and virt_groups but thought it might be
easier in our environment to describe our users on our node like shown
here:
http://itand.me/using-puppet-to-manage-users-passwords-and-ss
To that end I changed things a bit and have the following code:
/etc/puppet/modules/users/manifests/definitions/add_user.pp
define add_user($uid,$pword,$groups) {
include virt_users
include virt_groups
if tagged(dba) {
realize( Group["postgres"])
}
if tagged(www) {
realize( Group ["hw-datarx"], Group["hw-datarw"])
}
if tagged("build") {
realize( Group["hitw"], Group["hwbackup"],
Group["hitw-tasks"],
Group["hw-datarx"] )
realize( User["hitw"],
User["hwbackup"],
User["feeds"],
User["hwsrc"] )
}
$username = $title
user { $username:
comment => "puppet created account for $username",
home => "/home/$username",
shell => "/bin/bash",
uid => $uid,
password => $pword,
groups => $groups,
}
group { $username:
gid => $uid,
require => User[$username]
}
file { "/home/$username":
ensure => directory,
owner => $username,
group => $username,
mode => 750,
require => [User[$username], Group[$username]],
source => "puppet:///modules/users/home/$username"
}
file { "/home/$username/.ssh":
ensure => directory,
owner => $username,
group => $username,
mode => 700,
require => File["/home/$username/"]
}
file { "/home/$username/.ssh/authorized_keys":
ensure => file,
owner => $username,
group => $username,
mode => 600,
require => File["/home/$username/"],
source => "puppet:///modules/users/home/$username/.ssh/
authorized_keys"
}
}
This seemed pretty good because I could manage certain files out of
the home directories and assign them to groups.
I then describe a user to create like so:
class buildManagers {
add_user { bobj:
pword => ''removed'',
uid => removed,
groups => [ ''hitw'', ''hitw-tasks'' ]
}
}
Which I then include on my node:
node blah inherits blah.blah {
include buildManagers
}
This all works a treat. Now to the problem I have. I want to be able
to install all the users described in buildManagers but maybe change
one or two of the groups one of the users has on a per node basis.
If I describe my node as:
node blah inherits blah.blah {
include buildManagers
add_user { bobj:
....
groups => [''hitw'', ''hitw-tasks'',
''anothergroup'']
}
I get that the user is already defined. Basically what if I want bobj
to be described one way on one host, a different way on another and
everything else has the default account? Is there a way around this
without scrapping the way I set out to do it? Can I override just
their account on one or two nodes somehow without effecting the way I
would normally describe them?
I''m using puppet 25.5.
Cheers,
DenMat
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
denmat
2010-Sep-08 04:16 UTC
Re: [Puppet Users] Help with defining users and groups on hosts
replying to my own post so that anyone that has a similar issue can benefit:
So if I had a class called buildManagers that I wanted to have
different groups to the default set I would do the following:
class buildOperators inherits buildManagers {
realize ( Group ["some_default_virt_group", "extragroup1",
"extragroupN"] )
realize ( User["some_default_virt_user"] )
Add_user["usernameone","usernametwo"] { groups => [
''wheel'',
''extragroup1'', ''extragroupN'' ] }
}
So the node that has this user/group combo would have the following:
node blah {
include buildManagers
}
node blahblah inherits blah {
# the override
include buildOperators
}
so on node blahblah, the default groups are overridden with:
id usernameone
uid=1001(usernameone) gid=1001(usernameone)
groups=1001(usernameone),10(wheel),531(extragroup1),530(extragroupN)
easy once you know how :)
reference: http://docs.puppetlabs.com/guides/language_tutorial.html
On Tue, Aug 17, 2010 at 11:54 AM, denmat <tu2bgone@gmail.com>
wrote:> Hi list,
>
> I am familiar with virt_users and virt_groups but thought it might be
> easier in our environment to describe our users on our node like shown
> here:
>
> http://itand.me/using-puppet-to-manage-users-passwords-and-ss
>
> To that end I changed things a bit and have the following code:
>
> /etc/puppet/modules/users/manifests/definitions/add_user.pp
>
> define add_user($uid,$pword,$groups) {
> include virt_users
> include virt_groups
>
> if tagged(dba) {
> realize( Group["postgres"])
> }
> if tagged(www) {
> realize( Group ["hw-datarx"], Group["hw-datarw"])
> }
> if tagged("build") {
> realize( Group["hitw"], Group["hwbackup"],
Group["hitw-tasks"],
> Group["hw-datarx"] )
> realize( User["hitw"],
> User["hwbackup"],
> User["feeds"],
> User["hwsrc"] )
> }
>
> $username = $title
>
> user { $username:
> comment => "puppet created account for $username",
> home => "/home/$username",
> shell => "/bin/bash",
> uid => $uid,
> password => $pword,
> groups => $groups,
> }
>
> group { $username:
> gid => $uid,
> require => User[$username]
> }
>
> file { "/home/$username":
> ensure => directory,
> owner => $username,
> group => $username,
> mode => 750,
> require => [User[$username], Group[$username]],
> source => "puppet:///modules/users/home/$username"
> }
>
> file { "/home/$username/.ssh":
> ensure => directory,
> owner => $username,
> group => $username,
> mode => 700,
> require => File["/home/$username/"]
> }
>
> file { "/home/$username/.ssh/authorized_keys":
> ensure => file,
> owner => $username,
> group => $username,
> mode => 600,
> require => File["/home/$username/"],
> source => "puppet:///modules/users/home/$username/.ssh/
> authorized_keys"
> }
> }
>
> This seemed pretty good because I could manage certain files out of
> the home directories and assign them to groups.
>
> I then describe a user to create like so:
>
> class buildManagers {
>
> add_user { bobj:
> pword => ''removed'',
> uid => removed,
> groups => [ ''hitw'', ''hitw-tasks''
]
> }
> }
>
> Which I then include on my node:
> node blah inherits blah.blah {
> include buildManagers
> }
>
> This all works a treat. Now to the problem I have. I want to be able
> to install all the users described in buildManagers but maybe change
> one or two of the groups one of the users has on a per node basis.
>
> If I describe my node as:
>
> node blah inherits blah.blah {
> include buildManagers
> add_user { bobj:
> ....
> groups => [''hitw'', ''hitw-tasks'',
''anothergroup'']
> }
>
> I get that the user is already defined. Basically what if I want bobj
> to be described one way on one host, a different way on another and
> everything else has the default account? Is there a way around this
> without scrapping the way I set out to do it? Can I override just
> their account on one or two nodes somehow without effecting the way I
> would normally describe them?
>
> I''m using puppet 25.5.
>
> Cheers,
>
> DenMat
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.