Rakhesh Sasidharan
2011-Apr-29 13:52 UTC
[Puppet Users] Adding already defined users to a group when its created
Hi, I''m new to Puppet. Started using it about a week ago and absolutely loving it! I''m trying to do something which I am not sure if possible or whether I am even approaching it the right way. What I want to do is that by default I want all my machines to have a certain user account created and added to the users group. That''s easy. Next, I want certain machines to have the SSH server package installed (again, easy), the SSH config file copied over (easy), a group called sshusers created (easy), and then the above mentioned user accounts be added to this group. I am stuck at the last bit. One obvious solution I can think of is to have an Exec definition where I define the SSH server package to add this user to the group. But that doesn''t feel too "neat" to me, so I was wondering if there''s a better way of declaring/ defining the fact that when the group is created such and such users are added to it - perhaps using virtual resources or something? Any ideas, please enlighten! Thanks, Rakhesh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rakhesh Sasidharan
2011-May-01 07:16 UTC
Re: [Puppet Users] Adding already defined users to a group when its created
On Fri, 29 Apr 2011 17:52 +0400, "Rakhesh Sasidharan" <puppet@rakhesh.net> wrote:> Hi, > > I''m new to Puppet. Started using it about a week ago and absolutely > loving it! > > I''m trying to do something which I am not sure if possible or whether I > am even approaching it the right way. > > What I want to do is that by default I want all my machines to have a > certain user account created and added to the users group. That''s easy. > Next, I want certain machines to have the SSH server package installed > (again, easy), the SSH config file copied over (easy), a group called > sshusers created (easy), and then the above mentioned user accounts be > added to this group. I am stuck at the last bit. > > One obvious solution I can think of is to have an Exec definition where > I define the SSH server package to add this user to the group. But that > doesn''t feel too "neat" to me, so I was wondering if there''s a better > way of declaring/ defining the fact that when the group is created such > and such users are added to it - perhaps using virtual resources or > something? > > Any ideas, please enlighten! >No suggestions, anyone? Regards. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Denmat
2011-May-01 11:05 UTC
Re: [Puppet Users] Adding already defined users to a group when its created
Hi, Sorry, just so I''m clear. You want create a user and a user group, and then add that user to an sshuser group? Can you create the user with all those groups by default? I don''t see why it has to be so complicated unless you have something really specific you''re trying to do. If you want to make it more complicated I would add something like: users.pp .... if Class[sshclassname] { $groups = "sshusers" ... groups => $groups ... } Where you would declare the ssh class for the node then test for the declaration when you create the user. You can also use a selector if you like. Not sure if this is best practice though, but easier than custom facts or execs. Cheers, Den On 01/05/2011, at 17:16, "Rakhesh Sasidharan" <puppet@rakhesh.net> wrote:> On Fri, 29 Apr 2011 17:52 +0400, "Rakhesh Sasidharan" > <puppet@rakhesh.net> wrote: >> Hi, >> >> I''m new to Puppet. Started using it about a week ago and absolutely >> loving it! >> >> I''m trying to do something which I am not sure if possible or whether I >> am even approaching it the right way. >> >> What I want to do is that by default I want all my machines to have a >> certain user account created and added to the users group. That''s easy. >> Next, I want certain machines to have the SSH server package installed >> (again, easy), the SSH config file copied over (easy), a group called >> sshusers created (easy), and then the above mentioned user accounts be >> added to this group. I am stuck at the last bit. >> >> One obvious solution I can think of is to have an Exec definition where >> I define the SSH server package to add this user to the group. But that >> doesn''t feel too "neat" to me, so I was wondering if there''s a better >> way of declaring/ defining the fact that when the group is created such >> and such users are added to it - perhaps using virtual resources or >> something? >> >> Any ideas, please enlighten! >> > > No suggestions, anyone? > > Regards. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rakhesh Sasidharan
2011-May-01 12:04 UTC
Re: [Puppet Users] Adding already defined users to a group when its created
Hi,> Sorry, just so I''m clear. > > You want create a user and a user group, and then add that user to an > sshuser group?Yes. I want the user and users group to be always created. And the user added to the sshusers group only when the sshusers group exists (which happens when Puppet installs the SSH server package).> Can you create the user with all those groups by default? I don''t see why > it has to be so complicated unless you have something really specific > you''re trying to do.Of course I can. :) I am just trying to complicate things so I learn more of Puppet that way. My initial attempts at doing it were by creating the groups on all machines and adding the user to that group on all machines, but once I got the hang of things and wanted to try more complicated stuff I thought why not try this.> If you want to make it more complicated I would add something like: > > users.pp > .... > if Class[sshclassname] { > $groups = "sshusers" > ... > groups => $groups > ... > } > > Where you would declare the ssh class for the node then test for the > declaration when you create the user. You can also use a selector if you > like.Cool! Thanks for that. Hadn''t realized it was possible to test whether a class is included. That would do the trick. In the syntax above, I take it you meant: if defined(Class[sshclassname]) { ... } instead of if Class[sshclassname] { ... }> Not sure if this is best practice though, but easier than custom facts or > execs.Definitely! Thanks for the suggestion. Regards, Rakhesh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-May-02 10:32 UTC
Re: [Puppet Users] Adding already defined users to a group when its created
On 05/01/2011 01:05 PM, Denmat wrote:> Hi, > > Sorry, just so I''m clear. > > You want create a user and a user group, and then add that user to an sshuser group? > > Can you create the user with all those groups by default? I don''t see why it has to be so complicated unless you have something really specific you''re trying to do. > > If you want to make it more complicated I would add something like: > > users.pp > .... > if Class[sshclassname] { > $groups = "sshusers" > ... > groups => $groups > ... > } > > Where you would declare the ssh class for the node then test for the declaration when you create the user. You can also use a selector if you like. > > Not sure if this is best practice though, but easier than custom facts or execs.Hi, that would probably be if defined(Class[...]) { } though, which is hacky and prone to ordering problems - the group membership will end up flapping. What''s needed here is class inheritance: class default_user { user { "defaultaccount": ... } } class default_user::ssh inherits default_user { User["defaultaccount"] { groups +> "sshusers" } } Then the SSH class will include default_user::ssh. Done. Notice the use of the "plusignment" syntax in the resource override. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.