Puppet users - Sep 2011 - What came first, the user or the group?

Hi,
I have inherited some code to create users that doesn''t work when
removing
users . . .  it''s listed below.  It works for adding users, but when it
comes to removing users I get:
err: /Stage[main]/Common/Common::Mkuser[oshi.apen]/Group[oshi.apen]/ensure:
change from present to absent failed: Could not delete group oshi.apen:
Execution of ''/usr/sbin/groupdel oshi.apen'' returned 8:
groupdel: cannot
remove the primary group of user ''oshi.apen''

User requires the Group to be defined, which, again, works for adding users,
but not removing.  My instinct is to have a condition test for remove/add
and set the dependencies from there, but that seems klunky and inelegant.
Anyone have any better code for adding/removing users?  A suggestion?

Thanks a lot,
Guy

define common::mkuser (
  $uid,
  $gid        = undef,
  $group      = undef,
  $shell      = "/bin/bash",
  $home       = undef,
  $ensure     = "present",
  $managehome = true,
  $dotssh     = "ensure",
  $comment    = "created via puppet",
  $groups     = undef,
  $password   = undef,
  $symlink    = undef,
  $mode       = undef
) {

  # if gid is unspecified, match with uid
  if $gid {
    $mygid = $gid
  } else {
    $mygid = $uid
  } # fi $gid

  # if home is unspecified, use /home/<username>
  if $home {
    $myhome = $home
  } else {
    $myhome = "/home/${name}"
  } # fi $home

  # if group is unspecified, use the username
  if $group {
    $mygroup = $group
  } else {
    $mygroup = $name
  } # fi $group

  if $password {
    $mypassword = $password
  } else {
    $mypassword = ''!!''
  } # fi $password

  # create user
  user { $name:
    uid        => $uid,
    gid        => $mygid,
    shell      => $shell,
    groups     => $groups,
    password   => $password,
    managehome => $managehome,
    home       => $myhome,
    ensure     => $ensure,
    comment    => $comment,
    require    => Group[$name],
  } # user

  group { $name:
    gid    => $mygid,
    name   => $mygroup,
    ensure => $ensure,
  } # group

  # if link is passed a symlink will be used for ensure => , else we will
make it a directory
  if $symlink {
    #$myEnsure = $symlink
    $myEnsure = ''symlink''
  } else {
    $myEnsure = ''directory''
  } # fi $symlink

  # if mode is unspecified, use 0700
  if $mode {
    $myMode = $mode
  } else {
    $myMode = ''0700''
  } # fi $mode

  if $myEnsure == ''symlink'' {
    # link home dir
    file { "$myhome":
        ensure  => symlink,
        target  => $symlink,
        mode    => $myMode,
        owner   => $name,
        group   => $name,
        require => User["$name"],
    } # file

  } else {
    # create home dir
    file { "$myhome":
        #ensure  => $myEnsure,
        ensure  => directory,
        mode    => $myMode,
        owner   => $name,
        group   => $name,
        require => User["$name"],
    } # file
  } # fi $myensure

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, 01 Sep 2011 12:14:51 -0400, Guy Matz wrote:
> 
> Hi,
> I have inherited some code to create users that doesn''t work when
removing
> users . . .  it''s listed below.  It works for adding users, but
when it
> comes to removing users I get:
> err: /Stage[main]/Common/Common::Mkuser[oshi.apen]/Group[oshi.apen]/ensure:
> change from present to absent failed: Could not delete group oshi.apen:
> Execution of ''/usr/sbin/groupdel oshi.apen'' returned 8:
groupdel: cannot
> remove the primary group of user ''oshi.apen''
> 
> User requires the Group to be defined, which, again, works for adding
users,
> but not removing.  My instinct is to have a condition test for remove/add
> and set the dependencies from there, but that seems klunky and inelegant.
> Anyone have any better code for adding/removing users?  A suggestion?
> 
> Thanks a lot,
> Guy
> 
Don''t really have anything to help you directly right now, but this
kind
of problem isn''t just limited to users & groups, though
it''s certainly
the most common.  The problem is that Puppet really only has one way to
specify a dependency (resource A must come before resource B).  We do
have plans to address this, but it''s a little ways off (months, not
years).

The idea is to add "above" & "below" style relationships
(think building
blocks).  When applying resources that are building/creating you need to
go from the bottom up, and when applying resources that are
destroying/removing, you need to go from the top down.

It''s currently listed as the "Above/below relationships" item
in the
Open Source Team''s roadmap[1].

[1] http://projects.puppetlabs.com/projects/puppet/wiki/Road_map

-- 
Jacob Helwig
,----
| Join us for PuppetConf, September 22nd and 23rd in Portland, OR
| http://bit.ly/puppetconfsig
`----