similar to: Using puppet to change passwords on nix systems

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

Hello, I have number of classes that deal with user management and I''ve run into a snag with needing to extend/modify either the user or group types. I''m using theforeman as an ENC. The class structure I have is something like the following. users::common users::dev users::prod etc... users::{dev, prod} do not use inheritance. Almost all node include users::common.

Hi everyone, I currently have a giant file with default variables I use in a lot of my modules and I override those at the node level if I need to. I thought I would give porting that data into a hiera setup. I worked out how to specify my data sources and started to make a go at moving some of my variables in the default data file. I thought heira would be smart and set a variable to undef if

Hi, I''d like to maintain netgroup entries in the /etc/passwd, /etc/shadow files to allow all unix admins loging access and default setup nologin for every non-authorized user. +@unixoperators:x::::: +:x:::::/opt/script/nologin I saw a thread about this online, but not a definitive resolution - not sure if the user resource type is the right way to implement this currently or to try to

Hi Guys, I am new to puppet and trying to figure out what is the best way to manage a password for a specific user in the /etc/shadow file. Most of my users are being authenticated to kerberos but there is a need to set a local password for this one account. What would be the best method to do this via puppet? I have built my own rpm''s in the past using the chpasswd command but

I would like to ''exec'' an installation script ''onlyif'' an installation directory is empty. I tried using following bash one-liner however it didn''t work: <code> exec{$one_install_script: require => File[$one_install_script], onlyif => "[ \"$(/bin/ls -A $one_location)\" ] && exit 1 || exit 0" }

Hello, I am in the process of "trying out" Puppet, and so far, it is going really well, and I can see a clear line of how we can use it internally. I do have one question though with regard to the using the onlyif parameter of the exec command (as per here http://docs.puppetlabs.com/references/latest/type.html#exec). Ideally, what I would like to do is to only run a PowerShell exec

Bryan -- I''m using the puppet augeas plugin at http://git.et.redhat.com/?p=ace.git;a=blob;f=modules/augeas/plugins/puppet/type/augeas.rb;h=2346c37d724d7607ed4e09b0413700bec2b7cbed;hb=HEAD I''m running into a behavior that I wouldn''t expect. I''d like to confirm an entry in sysctl.conf by changing the value if necessary or appending the key/value if it

The following function is based on code I found here in an earlier thread. define sudoer() { augeas { "sudo${name}": context => "/files/etc/sudoers", changes => [ "set spec[last() + 1]/user ${name}", "set spec[last()]/host_group/host ALL", "set spec[last()]/host_group/command NOPASSWD: ALL", "set

Here is my situation: 1. We use Active directory (LDAP) to store all user info which is retrieved from linux 2. A home directory is not created until the first time the user logs into the linux system I am using the ssh_authorized_key type to push out my ssh keys to every system. However, because I haven''t logged into every system at least once. Puppet errors out due to a missing

I was wondering how Puppet relates to the DMTF''s CIM. AFAICT there is a clear connection between the two, but I see very little discussion on the topic on the list. Thanks, Cameron. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to

Hi, today I''m stupid. How can I negate the test for execs onlyif? I want to run the exec onlyif command returns 1. regards, Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the

Here''s what I''m using: exec { "cert-fix": command => "curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt", onlyif => "test -e /etc/pki/tls/certs/ca-bundle.crt", } But it keeps on failing: > [default] Running Puppet with /tmp/vagrant-puppet/manifests/acid.pp... > Parameter onlyif failed: ''test -e

I''ve just tried this (we assume /opt/jetty-6.1.26 already exists): file { "/opt/jetty-6.1.26": owner => "jetty", group => "users", recurse => true, } ... but it''s taking an *age*. What''s the Right Way? Cheers, Robert. -- You received this message because you are subscribed to the Google Groups

We need to manage /etc/passwd where there would be one line at the very end of the file to restrict access to all users not explictly allowed: +::::::/sbin/nologin If using delete_lines and append_if_no_such_lines (similar to this one at http://www.debian-administration.org/articles/528) to manage access control, each time a few new users got appended to /etc/passwd file, the above line would be

Does anyone have a technique for performing an exec the first time puppetd runs but then reverting to refreshonly => true state for subsequent runs? The basic idea is: file { "/etc/foo": notify => Exec["bar"] } exec { "bar": command => "Do stuff to /etc/foo", refreshonly => true } Should I use a fact that is unset based on a

unfortunately, we keep getting this warns into the system log by puppet masters: " [...] Unrecognised escape sequence ''\<CHAR>'' in file <PATH> [...] " but then everything works fine; also, without using escapes, catalogs dont work on agents. What can we do to avoid these kind of errors in master syslogs? Please ,let us know ASAP and tell us if this

Hi, I have a template file which I would like to append to an existing file (in this case I wish to add a few lines to /etc/motd). Unless I''ve missed it, it does not appear that file has an append option. Is there an easy way copy to the end of a file Thanks Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google

Hi, Is it possible to get response of a command from puppet ? For example if I run "nginx -t" it would give some details about the configurations i.e. if configuration has some error then which file has the error ! Regards -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving