Hello Im just been working with puppet, the first usecase i have is to set up a system to create users and then push ssh keys on this machines in the create users .ssh files. I just started with puppet so i am a bit cluesless, Can someone push me in the right direction? Im having a centos enviorment. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
So first my variable problem and now mcollective hates me. system RHEL6.1 (default EPEL and PuppetLabs RPMs) I am running mcollective 1.2.1 when I do mco I get this: The Marionette Collective version 1.2.1 /usr/bin/mco: command (options) Known commands: I.E. no application are being registered. When I look at the libdir: ls /usr/libexec/mcollective mcollective inside that is: ls mcollective/ agent application audit connector facts registration security and inside applications: ls application/ controller.rb facts.rb find.rb help.rb inventory.rb ping.rb rpc.rb yes just default ones nothing fancy. So how come does the mco not registering ANY apps? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Yes, if noone else does, I can sanitize an example from our environment, but I''ll have to be back in the office. On Dec 10, 2011 4:44 PM, "Ola" <anton.lothman@gmail.com> wrote:> > Hello > Im just been working with puppet, the first usecase i have is to set > up a system to create users and then push ssh keys on this machines in > the create users .ssh files. I just started with puppet so i am a bit > cluesless, Can someone push me in the right direction? > Im having a centos enviorment. > > -- > You received this message because you are subscribed to the Google Groups"Puppet Users" group.> To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email topuppet-users+unsubscribe@googlegroups.com.> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> Yes, if noone else does, I can sanitize an example from our environment, > but I''ll have to be back in the office.This is how we do that: (learned from puppet btw) create module users: I will put a line +++++BEGIN and -----END around files to show boundaries. Don''t put those lines in your files ;-) file: manifests/init.pp: watch out with the purge rule in resource! it removes all users that are not defined!!! +++++BEGIN class users { } class users::resources { resources { ''user'': purge => false, unless_system_user => true; } } -----END another file: manifests/account.pp this is the "script" that actually generates account and (if present) a ssh key file +++++BEGIN define users::account($realname, $password, $uid, $othergroups=[], $gid, $key='''', $keytype=''ssh-rsa'', $name, $ensure=present, shell=''/bin/ bash'', managehome=''true'', allowdupe=''false'', homeprefix=''/home'', $functie='''' ) { if ($ensure == absent and $name == ''root'') { fail(''will not delete root user'') } File { owner => $name, group => $name, mode => ''0600'' } $home = $name ? { ''root'' => ''/root'', default => "${homeprefix}/${name}", } user { $name: ensure => $ensure, uid => $uid, gid => $group, password => $password, comment => "$realname", groups => $othergroups, shell => "$shell", home => $home, require => Group["$group"], allowdupe => $allowdupe, managehome => $managehome; } case $ensure { absent: { file { $home: ensure => $ensure, force => true, recurse => true, } if ( $group == $name ) { group { "$group": ensure => $ensure; } } } present: { file { "$home": ensure => directory; "$home/.bash_logout": ensure => present, source => "puppet:///users/.bash_logout"; } if $key { file { "$home/.ssh": ensure => directory; } ssh_authorized_key { "$name": user => $name, require => File["$home/.ssh"], key => $key, type => $keytype, ensure => $ensure; } } } } } -----END Another file: manifests/groups.pp Here you can define as much groups as you like. we chose to create those groups on all our servers. You can choose to change this to a system similar to the way users are realized off course. +++++BEGIN class users::groups { Group { ensure => present } group { "groupname": gid => 500; } -----END Another file: manifests/userlist: This file should contain a list of all your users with their info (pass and ssh key) etc +++++BEGIN /* call users::account with following parameters: these are mandatory: $name # Loginname $password # md5 encrypted pass $uid # userid (should be >500) $gid # optional groupid $realname # users full name these are optional: $othergroups=[] # array of additional groups $key # SSH key without comment $keytype # ssh key type these defaults can be overriden: $ensure=present shell=''/bin/bash'' managehome=''true'' homeprefix=''/home'' allowdupes=''false'' keytype=''ssh-rsa'' EXAMPLE: @users::account { "dork": name => "dork", uid => 9000, gid => 9000, realname => "dork is a dork", password => ''hashed password here'', othergroups => [ "blaat", "dorks" ], key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", keytype => "ssh-dsa", } */ class users::userlist { include users::groups @users::account { "root": uid => "0", gid => "0", realname => "root", password => ''hashed password here''; "dork": name => "dork", uid => 9000, gid => 9000, realname => "dork is a dork", password => ''hashed password here'', othergroups => [ "blaat", "dorks" ], key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", keytype => "ssh-dsa"; } -----END and then: manifests/some_name (This realizes the users that are member of some groups) +++++BEGIN class users::some_name { Users::Account <| (othergroups == ''some_group'' or othergroups =''some_other_group'') |> } -----END Each server should include users::userlist and users::some_name if you like you can include , users::resources and then all users will be removed unless they are specified. good luck -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks! do i need any includes or similar to "Install" this? On 12 Dec, 10:55, Alexander Swen <alex.s...@gmail.com> wrote:> > Yes, if noone else does, I can sanitize an example from our environment, > > but I''ll have to be back in the office. > > This is how we do that: (learned from puppet btw) > > create module users: > I will put a line +++++BEGIN and -----END around files to show > boundaries. Don''t put those lines in your files ;-) > > file: manifests/init.pp: > watch out with the purge rule in resource! it removes all users that > are not defined!!! > +++++BEGIN > class users { > > } > > class users::resources { > resources { ''user'': > purge => false, > unless_system_user => true; > }} > > -----END > > another file: manifests/account.pp > this is the "script" that actually generates account and (if present) > a ssh key file > +++++BEGIN > define users::account($realname, $password, $uid, $othergroups=[], > $gid, $key='''', $keytype=''ssh-rsa'', $name, $ensure=present, shell=''/bin/ > bash'', managehome=''true'', allowdupe=''false'', homeprefix=''/home'', > $functie='''' ) { > if ($ensure == absent and $name == ''root'') { > fail(''will not delete root user'') > } > File { owner => $name, group => $name, mode => ''0600'' } > > $home = $name ? { > ''root'' => ''/root'', > default => "${homeprefix}/${name}", > } > > user { $name: > ensure => $ensure, > uid => $uid, > gid => $group, > password => $password, > comment => "$realname", > groups => $othergroups, > shell => "$shell", > home => $home, > require => Group["$group"], > allowdupe => $allowdupe, > managehome => $managehome; > } > > case $ensure { > absent: { > file { $home: > ensure => $ensure, > force => true, > recurse => true, > } > if ( $group == $name ) { > group { "$group": > ensure => $ensure; > } > } > } > present: { > file { > "$home": > ensure => directory; > "$home/.bash_logout": > ensure => present, > source => "puppet:///users/.bash_logout"; > } > if $key { > file { > "$home/.ssh": > ensure => directory; > } > ssh_authorized_key { "$name": > user => $name, > require => File["$home/.ssh"], > key => $key, > type => $keytype, > ensure => $ensure; > } > } > } > }} > > -----END > > Another file: manifests/groups.pp > Here you can define as much groups as you like. we chose to create > those groups on all our servers. You can choose to change this to a > system similar to the way users are realized off course. > +++++BEGIN > class users::groups { > Group { ensure => present } > group { > "groupname": > gid => 500;} > > -----END > > Another file: manifests/userlist: > This file should contain a list of all your users with their info > (pass and ssh key) etc > +++++BEGIN > /* > > call users::account with following parameters: > > these are mandatory: > $name # Loginname > $password # md5 encrypted pass > $uid # userid (should be >500) > $gid # optional groupid > $realname # users full name > > these are optional: > $othergroups=[] # array of additional groups > $key # SSH key without comment > $keytype # ssh key type > > these defaults can be overriden: > $ensure=present > shell=''/bin/bash'' > managehome=''true'' > homeprefix=''/home'' > allowdupes=''false'' > keytype=''ssh-rsa'' > > EXAMPLE: > @users::account { > "dork": > name => "dork", > uid => 9000, > gid => 9000, > realname => "dork is a dork", > password => ''hashed password here'', > othergroups => [ "blaat", "dorks" ], > key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W > +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", > keytype => "ssh-dsa", > > } > > */ > > class users::userlist { > include users::groups > @users::account { > "root": > uid => "0", > gid => "0", > realname => "root", > password => ''hashed password here''; > "dork": > name => "dork", > uid => 9000, > gid => 9000, > realname => "dork is a dork", > password => ''hashed password here'', > othergroups => [ "blaat", "dorks" ], > key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W > +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", > keytype => "ssh-dsa";} > > -----END > > and then: manifests/some_name > (This realizes the users that are member of some groups) > +++++BEGIN > class users::some_name { > Users::Account <| (othergroups == ''some_group'' or othergroups => ''some_other_group'') |>} > > -----END > > Each server should include users::userlist and users::some_name > if you like you can include , users::resources and then all users will > be removed unless they are specified. > > good luck-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Also, where is the decleration wich server the key is going declared? On Dec 12, 10:55 am, Alexander Swen <alex.s...@gmail.com> wrote:> > Yes, if noone else does, I can sanitize an example from our environment, > > but I''ll have to be back in the office. > > This is how we do that: (learned from puppet btw) > > create module users: > I will put a line +++++BEGIN and -----END around files to show > boundaries. Don''t put those lines in your files ;-) > > file: manifests/init.pp: > watch out with the purge rule in resource! it removes all users that > are not defined!!! > +++++BEGIN > class users { > > } > > class users::resources { > resources { ''user'': > purge => false, > unless_system_user => true; > }} > > -----END > > another file: manifests/account.pp > this is the "script" that actually generates account and (if present) > a ssh key file > +++++BEGIN > define users::account($realname, $password, $uid, $othergroups=[], > $gid, $key='''', $keytype=''ssh-rsa'', $name, $ensure=present, shell=''/bin/ > bash'', managehome=''true'', allowdupe=''false'', homeprefix=''/home'', > $functie='''' ) { > if ($ensure == absent and $name == ''root'') { > fail(''will not delete root user'') > } > File { owner => $name, group => $name, mode => ''0600'' } > > $home = $name ? { > ''root'' => ''/root'', > default => "${homeprefix}/${name}", > } > > user { $name: > ensure => $ensure, > uid => $uid, > gid => $group, > password => $password, > comment => "$realname", > groups => $othergroups, > shell => "$shell", > home => $home, > require => Group["$group"], > allowdupe => $allowdupe, > managehome => $managehome; > } > > case $ensure { > absent: { > file { $home: > ensure => $ensure, > force => true, > recurse => true, > } > if ( $group == $name ) { > group { "$group": > ensure => $ensure; > } > } > } > present: { > file { > "$home": > ensure => directory; > "$home/.bash_logout": > ensure => present, > source => "puppet:///users/.bash_logout"; > } > if $key { > file { > "$home/.ssh": > ensure => directory; > } > ssh_authorized_key { "$name": > user => $name, > require => File["$home/.ssh"], > key => $key, > type => $keytype, > ensure => $ensure; > } > } > } > }} > > -----END > > Another file: manifests/groups.pp > Here you can define as much groups as you like. we chose to create > those groups on all our servers. You can choose to change this to a > system similar to the way users are realized off course. > +++++BEGIN > class users::groups { > Group { ensure => present } > group { > "groupname": > gid => 500;} > > -----END > > Another file: manifests/userlist: > This file should contain a list of all your users with their info > (pass and ssh key) etc > +++++BEGIN > /* > > call users::account with following parameters: > > these are mandatory: > $name # Loginname > $password # md5 encrypted pass > $uid # userid (should be >500) > $gid # optional groupid > $realname # users full name > > these are optional: > $othergroups=[] # array of additional groups > $key # SSH key without comment > $keytype # ssh key type > > these defaults can be overriden: > $ensure=present > shell=''/bin/bash'' > managehome=''true'' > homeprefix=''/home'' > allowdupes=''false'' > keytype=''ssh-rsa'' > > EXAMPLE: > @users::account { > "dork": > name => "dork", > uid => 9000, > gid => 9000, > realname => "dork is a dork", > password => ''hashed password here'', > othergroups => [ "blaat", "dorks" ], > key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W > +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", > keytype => "ssh-dsa", > > } > > */ > > class users::userlist { > include users::groups > @users::account { > "root": > uid => "0", > gid => "0", > realname => "root", > password => ''hashed password here''; > "dork": > name => "dork", > uid => 9000, > gid => 9000, > realname => "dork is a dork", > password => ''hashed password here'', > othergroups => [ "blaat", "dorks" ], > key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W > +ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas", > keytype => "ssh-dsa";} > > -----END > > and then: manifests/some_name > (This realizes the users that are member of some groups) > +++++BEGIN > class users::some_name { > Users::Account <| (othergroups == ''some_group'' or othergroups => ''some_other_group'') |>} > > -----END > > Each server should include users::userlist and users::some_name > if you like you can include , users::resources and then all users will > be removed unless they are specified. > > good luck-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.