Long term we plan to use LDAP or AD, but in the mean time we are
considering to use puppet.
Most machines only have 3 to 6 users (admins and developers).

My thought was to fully manage new machines and to use puppet to be able to
disable existing users in pre-existing machines.
Is that a reasonable approach or is it best to do the work get user
management for now completely under puppet?

I found an "adduser" function so I was planning.
adduser user-1
adduser user-n

for the "fully" managed
The adduser would look like
name => "First Last",
uid => "1000",
password => 'Password-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "ssh-key"}

For the "partially" managed was thinking of using a subset of that, but
when I tried to put the adduser calls in a second base node got an error
about Duplicate declaration.

The adduser function I am using:
--------------- adduser --------------
define adduser ($name, $uid, $password, $shell, $groups, $sshkeytype,

$homedir = $kernel ? {
   'SunOS' => '/export/home',
   default => '/home'

  $username = $title
  user { $username:
   comment => "$name",
   home => "$homedir/$username",
   shell => "$shell",
   uid => $uid,
   gid => $uid,
   managehome => 'true',
   password => "$password",
   groups => $groups

  group { $username:
   gid => "$uid"

  ssh_authorized_key{ $username:
   user => "$username",
   ensure => present,
   type => "$sshkeytype",
   key => "$sshkey",
   name => "$username"
--------------- adduser --------------

The base node
node base-web
   include ubuntu-openntpd
   import "../functions/adduser.pp"

adduser {user1:
name => "first last",
uid => "1000",
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"

adduser {user-n:
name => "first last",
uid => "10##", <--whatever end number
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
postedJun 8, '13 at 8:53p
activeJun 8, '13 at 8:53p

1 user in discussion

Francisco Reyes: 1 post



site design / logo © 2022 Grokbase