How do people manage users? I'm slowly marching toward LDAP (someone
recently suggested FreeIPA, not sure if it's relevant), but trying to
stave it off for the time being. I've read a few blogs and posts on the
topic, but nothing clear comes out - except that if one gets too
complicated, one should move to a proper user management system!
I have a 'util::user' class to create individual users, and a
'users($profile)' class which uses 'util::user' to create sets
of users
and groups.
If a group exists for a machine, then users who are assigned to that
group should be in it. Otherwise, they're not put in that group (because
that would give an error). I achieve this in 'users' with this code:
case $profile {
'profile1': {
$_management = 'management'
$_dataentry = 'dataentry'
$_users_grp = 'users'
$_accounts = 'accounts'
}
'profile2': {
}
'profile3': {
$_rel_m = 'releasemasters'
}
default: {
fail("Unsupported users profile ${profile}")
}
then users are created with e.g.
util::user 'username' ...
groups => [$_users_grp, $_rel_m, $_dataentry]
and the util::user class strips out any undefs or blanks.
It all works quite nicely, but I'd like to clean up this last portion of
it with a nicer way of saying "if the group exists (or is defined by
Puppet to exist) on this machine, and the user is to be put in this
group, then put the user in this group on this machine".
Any suggestions?
TIA,
Greg.
PS: I discovered tags the other day, and now use that in 'users' to
instantiate the right users and groups for a machine based on $profile.
Clean and easy to follow.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53F56B48.2030301%40calorieking.com.
For more options, visit https://groups.google.com/d/optout.