Robin Lee Powell
2011-Feb-17 14:37 UTC
[Puppet Users] Distributing user configs from a central host?
I have a central server, that happens to be the puppetmaster, that has various users on it. I would like to copy out their information (name, uid, password, .bashrc, etc) to all my other hosts, but I want to let the users change their stuff on that host, so I don''t want to just stick it in puppet. My inclination is to just make a script that runs through the passwd file and generates puppet instructions out, and also copies the user files in question into a place in the puppetmaster directories. Is there a more-idiomatic way to do that? -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Joe McDonagh
2011-Feb-17 15:48 UTC
Re: [Puppet Users] Distributing user configs from a central host?
You can use content => file("/etc/passwd") for example to serve out the content from the master''s etc passwd. On 02/17/2011 09:37 AM, Robin Lee Powell wrote:> I have a central server, that happens to be the puppetmaster, that > has various users on it. I would like to copy out their information > (name, uid, password, .bashrc, etc) to all my other hosts, but I > want to let the users change their stuff on that host, so I don''t > want to just stick it in puppet. > > My inclination is to just make a script that runs through the passwd > file and generates puppet instructions out, and also copies the user > files in question into a place in the puppetmaster directories. > > Is there a more-idiomatic way to do that? > > -Robin > >-- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode "When the going gets weird, the weird turn pro." -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2011-Feb-17 17:30 UTC
Re: [Puppet Users] Distributing user configs from a central host?
You could use the resource description tool, in a generate call in the appropriate resource, to have puppet ruun the process of rebuilding the appropriate manifest content on demand. (Probably needs a little scripting wrapped around it to get the content in the right format.) For the file content I would add another fileserver mount for /home on that system, then serve the content into the appropriate target location. That way you don''t need to copy anything, including the data about the users, in a static fashion. Regards, Daniel -- Puppet Labs Developer –http://puppetlabs.com Daniel Pittman <daniel@puppetlabs.com> Contact me via gtalk, email, or phone: +1 (877) 575-9775 Sent from a mobile device. Please forgive me if this is briefer than usual. On Feb 17, 2011 6:45 AM, "Robin Lee Powell" <rlpowell@digitalkingdom.org> wrote:> > I have a central server, that happens to be the puppetmaster, that > has various users on it. I would like to copy out their information > (name, uid, password, .bashrc, etc) to all my other hosts, but I > want to let the users change their stuff on that host, so I don''t > want to just stick it in puppet. > > My inclination is to just make a script that runs through the passwd > file and generates puppet instructions out, and also copies the user > files in question into a place in the puppetmaster directories. > > Is there a more-idiomatic way to do that? > > -Robin > > > -- > http://singinst.org/ : Our last, best hope for a fantastic future. > Lojban (http://www.lojban.org/): The language in which "this parrot > is dead" is "ti poi spitaki cu morsi", but "this sentence is false" > is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ > > -- > You received this message because you are subscribed to the Google Groups"Puppet Users" group.> To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email topuppet-users+unsubscribe@googlegroups.com.> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Robin Lee Powell
2011-Feb-17 23:18 UTC
Re: [Puppet Users] Distributing user configs from a central host?
On Thu, Feb 17, 2011 at 09:30:33AM -0800, Daniel Pittman wrote:> You could use the resource description tool, in a generate call in the > appropriate resource, to have puppet ruun the process of rebuilding the > appropriate manifest content on demand. (Probably needs a little scripting > wrapped around it to get the content in the right format.)I''m not following that at all, I''m afraid; especially "the resource description tool"; can you give me an example?> For the file content I would add another fileserver mount for > /home on that system, then serve the content into the appropriate > target location.An interesting idea, but I can see some decently heavy security issues there, and I''m sufficiently ignorant of puppet''s security model to be afraid of them. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2011-Feb-18 19:29 UTC
Re: [Puppet Users] Distributing user configs from a central host?
On Thu, Feb 17, 2011 at 15:18, Robin Lee Powell <rlpowell@digitalkingdom.org> wrote:> On Thu, Feb 17, 2011 at 09:30:33AM -0800, Daniel Pittman wrote: > >> You could use the resource description tool, in a generate call in the >> appropriate resource, to have puppet ruun the process of rebuilding the >> appropriate manifest content on demand. (Probably needs a little scripting >> wrapped around it to get the content in the right format.) > > I''m not following that at all, I''m afraid; especially "the resource > description tool"; can you give me an example?So, if you want puppet to manage the user stuff, and to update a manifest to reflect changes on one system later you can use ''puppet resource user'' to list all users known on the system, or ''puppet resource user daniel'' to get details on just daniel. That outputs a resource blob in puppet manifest format that you can stick into a manifest somewhere to have puppet manage that user on other systems. Basically, "tell me what would make this resource".>> For the file content I would add another fileserver mount for >> /home on that system, then serve the content into the appropriate >> target location. > > An interesting idea, but I can see some decently heavy security > issues there, and I''m sufficiently ignorant of puppet''s security > model to be afraid of them.As I understood it you already proposed coping those files, which means that you are not really opening any more security issues by doing it from the source rather than copying the source. (Puppet is a read-only file server, if that helps. :) Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <daniel@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Robin Lee Powell
2011-Feb-19 18:18 UTC
Re: [Puppet Users] Distributing user configs from a central host?
On Fri, Feb 18, 2011 at 11:29:12AM -0800, Daniel Pittman wrote:> On Thu, Feb 17, 2011 at 15:18, Robin Lee Powell > <rlpowell@digitalkingdom.org> wrote: > > On Thu, Feb 17, 2011 at 09:30:33AM -0800, Daniel Pittman wrote: > > > >> You could use the resource description tool, in a generate call in the > >> appropriate resource, to have puppet ruun the process of rebuilding the > >> appropriate manifest content on demand. (Probably needs a little scripting > >> wrapped around it to get the content in the right format.) > > > > I''m not following that at all, I''m afraid; especially "the resource > > description tool"; can you give me an example? > > So, if you want puppet to manage the user stuff, and to update a > manifest to reflect changes on one system later you can use ''puppet > resource user'' to list all users known on the system, or ''puppet > resource user daniel'' to get details on just daniel. > > That outputs a resource blob in puppet manifest format that you can > stick into a manifest somewhere to have puppet manage that user on > other systems. Basically, "tell me what would make this resource".That is absolutely fascinating; I didn''t know about that at all. I thought it might be nice to find out more about it, at which point I noticed that "man puppet" on my system is almost totally useless: Usage: puppet command space separated arguments Available commands are: agent, apply, cert, describe, doc, filebucket, kick, master, queue, resource and there appears to be no man pages for most of those commands. Is local documentation for this stuff distributed anymore? I''m on Debian with puppet package 2.6.2-4 I *did* find http://docs.puppetlabs.com/guides/tools.html , which says to read the man pages, but doesn''t say what they''re called. -_- Ah. It looks like what I want in "man ralsh" and "man pi" and similar, even though "pi file" doesn''t work but "puppet describe file" does. That''s a bit unfortunate. If someone can tell me what repo to patch against, I could generate a patch to turn things into git-style man pages, i.e. "man puppet-describe".> >> For the file content I would add another fileserver mount for > >> /home on that system, then serve the content into the appropriate > >> target location. > > > > An interesting idea, but I can see some decently heavy security > > issues there, and I''m sufficiently ignorant of puppet''s security > > model to be afraid of them. > > As I understood it you already proposed coping those files, which > means that you are not really opening any more security issues by > doing it from the source rather than copying the source. (Puppet is a > read-only file server, if that helps. :)I would only be copying selected files; .bashrc, for example. That''s very different from allowing access, even read-only, to everything in a user''s home dir. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2011-Feb-19 18:23 UTC
Re: [Puppet Users] Distributing user configs from a central host?
On Sat, Feb 19, 2011 at 10:18 AM, Robin Lee Powell <rlpowell@digitalkingdom.org> wrote:> I thought it might be nice to find out more about it, at which point > I noticed that "man puppet" on my system is almost totally useless: > > Usage: puppet command space separated arguments Available > commands are: agent, apply, cert, describe, doc, filebucket, kick, > master, queue, resource > > and there appears to be no man pages for most of those commands. Is > local documentation for this stuff distributed anymore? > > I''m on Debian with puppet package 2.6.2-4 > > I *did* find http://docs.puppetlabs.com/guides/tools.html , which > says to read the man pages, but doesn''t say what they''re called. > -_- > > Ah. It looks like what I want in "man ralsh" and "man pi" and > similar, even though "pi file" doesn''t work but "puppet describe > file" does. That''s a bit unfortunate. > > If someone can tell me what repo to patch against, I could generate > a patch to turn things into git-style man pages, i.e. "man > puppet-describe".Actually if you have a look at the puppet-dev list, you''ll see Nick F just posted a bunch of patches to sort all this out. It''s been bugging us for a while, and we''ve got an awesome setup going now. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Matthew Macdonald-Wallace
2011-Feb-19 18:42 UTC
Re: [Puppet Users] Distributing user configs from a central host?
On Thu, 2011-02-17 at 06:37 -0800, Robin Lee Powell wrote:> I have a central server, that happens to be the puppetmaster, that > has various users on it. I would like to copy out their information > (name, uid, password, .bashrc, etc) to all my other hosts, but I > want to let the users change their stuff on that host, so I don''t > want to just stick it in puppet. > > My inclination is to just make a script that runs through the passwd > file and generates puppet instructions out, and also copies the user > files in question into a place in the puppetmaster directories. > > Is there a more-idiomatic way to do that?I''d be tempted to use Puppet to manage the user accounts (virtualise the resources and then realise them on each host/node-type as appropriate) then just mount /home on each server from the same NFS mountpoint. You could even use puppet to manage the mountpoint, and that way you''re managing the things that you need to from a System Administrators Point of View and leaving the things such as ensuring consistency of ~ across multiple systems to a shared-storage device - exactly the task they were invented for! Kind regards, Matt (who often over-engineers a solution to things and sometimes thinks others are doing the same! ;) ) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nick Fagerlund
2011-Feb-21 19:36 UTC
[Puppet Users] Re: Distributing user configs from a central host?
On Feb 19, 10:23 am, Nigel Kersten <ni...@puppetlabs.com> wrote:> ... Nick F > just posted a bunch of patches to sort all this out.Yeah. This isn''t shipping until 2.7, but if you want it immediately, grab the generated manpages from here (https://github.com/puppetlabs/ puppet/tree/next/man/man8) and drop the static files in your MANPATH. Or just run the commands with --help, which is where the text of these manpages comes from. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.