Puppet users - Nov 2010 - managing normal users with Puppet

What are the recommended practices for adding regular users with a
specific group and password ? I''d like to add new users to a cluster,
and also to append an existing ssh key to authorized_keys on all the
cluster nodes for some users.

This is the best user add solution I''ve found so far, but it
doesn''t
quite do everything I want :

http://itand.me/using-puppet-to-manage-users-passwords-and-ss

I''m looking for a way to do something like:

class users {
@user { "ajolie":
  ensure => "present",
  uid => "1001",
  group => "1550",
  comment => "Tomb Raider",
  home => "/home/ajolie",
  managehome => true,
  password => "aaaaaaaaabbbbbbbbbccccccccc01010",
  }

@user { "nextuser":
...
 password => "aaaaaabbbbccccccddddd01",
 }
}

Does Puppet handle passwords with something already built-in? If not,
is it in future plans?
Would love to have one file that has all the user info in it,
including encrypted passwords.

Played with making a setpasswd script that used a specific encrypted
password:
-----
#!/bin/bash
#setpass.sh:
copyfrom=existingusername
encpass=`grep $copyfrom /etc/shadow | cut -f 2 -d : `
/usr/sbin/usermod -p "$encpass" $username
-------
but then I have to copy that script out to all nodes first.

Any better suggestions?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Nov 5, 9:19 am, Mark_SysAdm <timetra...@gmail.com>
wrote:
> What are the recommended practices for adding regular users with a
> specific group and password ? I''d like to add new users to a
cluster,
> and also to append an existing ssh key to authorized_keys on all the
> cluster nodes for some users.
>
> This is the best user add solution I''ve found so far, but it
doesn''t
> quite do everything I want :
>
> http://itand.me/using-puppet-to-manage-users-passwords-and-ss
>
> I''m looking for a way to do something like:
>
> class users {
> @user { "ajolie":
>   ensure => "present",
>   uid => "1001",
>   group => "1550",
>   comment => "Tomb Raider",
>   home => "/home/ajolie",
>   managehome => true,
>   password => "aaaaaaaaabbbbbbbbbccccccccc01010",
>   }
>
> @user { "nextuser":
> ...
>  password => "aaaaaabbbbccccccddddd01",
>  }
>
> }
>
> Does Puppet handle passwords with something already built-in? If not,
> is it in future plans?
> Would love to have one file that has all the user info in it,
> including encrypted passwords.
>
> Played with making a setpasswd script that used a specific encrypted
> password:
> -----
> #!/bin/bash
> #setpass.sh:
> copyfrom=existingusername
> encpass=`grep $copyfrom /etc/shadow | cut -f 2 -d : `
> /usr/sbin/usermod -p "$encpass" $username
> -------
> but then I have to copy that script out to all nodes first.
>
> Any better suggestions?
http://forge.puppetlabs.com/ghoneycutt/generic

That module shows how I handle users. You define them all in one place
and then realize them as needed. You can specify password hashes, but
those can be brute forced, so you would want to build security around
who can access your puppet code. Below is a snippet of how it works.

# Sample Usage:
#   # create apachehup user and realize it
#   @mkuser { "apachehup":
#       uid        => "32001",
#       gid        => "32001",
#       home       => "/home/apachehup",
#       managehome => "true",
#       comment    => "Apache Restart User",
#       dotssh     => "true",
#   } # @mkuser
#
#   realize Generic::Mkuser[apachehup]

-g

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

In this context i have a question.

I migrate an autoyast settings into Puppet modules. Originally users
are created in the autoyast file for SLES9.

Following setting i have for one of my user.

<encrypted config:type="boolean">true</encrypted>

Unfortuniatially i can''t find such a flag as a parameter for the
puppet ''user'' resource.

Christian

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Nov 15, 8:41 am, Christian <berwangerchrist...@googlemail.com>
wrote:
> <encrypted config:type="boolean">true</encrypted>
>
> Unfortuniatially i can''t find such a flag as a parameter for the
> puppet ''user'' resource.
A wider audience will be available to help if you explain what that
setting actually means.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.