FAQ
Long term we plan to use LDAP or AD, but in the mean time we are
considering to use puppet.
Most machines only have 3 to 6 users (admins and developers).

My thought was to fully manage new machines and to use puppet to be able to
disable existing users in pre-existing machines.
Is that a reasonable approach or is it best to do the work get user
management for now completely under puppet?

I found an "adduser" function so I was planning.
base-node
adduser user-1
....
adduser user-n

for the "fully" managed
The adduser would look like
name => "First Last",
uid => "1000",
password => 'Password-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "ssh-key"}

For the "partially" managed was thinking of using a subset of that, but
when I tried to put the adduser calls in a second base node got an error
about Duplicate declaration.

The adduser function I am using:
--------------- adduser --------------
define adduser ($name, $uid, $password, $shell, $groups, $sshkeytype,
$sshkey){

$homedir = $kernel ? {
   'SunOS' => '/export/home',
   default => '/home'
  }

  $username = $title
  user { $username:
   comment => "$name",
   home => "$homedir/$username",
   shell => "$shell",
   uid => $uid,
   gid => $uid,
   managehome => 'true',
   password => "$password",
   groups => $groups
  }

  group { $username:
   gid => "$uid"
  }

  ssh_authorized_key{ $username:
   user => "$username",
   ensure => present,
   type => "$sshkeytype",
   key => "$sshkey",
   name => "$username"
  }
}#add
--------------- adduser --------------

The base node
node base-web
{
   include ubuntu-openntpd
   import "../functions/adduser.pp"
}

adduser {user1:
name => "first last",
uid => "1000",
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"
}

...
adduser {user-n:
name => "first last",
uid => "10##", <--whatever end number
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"
}

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 8, '13 at 8:53p
activeJun 8, '13 at 8:53p
posts1
users1
websitepuppetlabs.com

1 user in discussion

Francisco Reyes: 1 post

People

Translate

site design / logo © 2022 Grokbase