[Puppet Users] Create resource if it doesn't exist, but do not update it if it does already exist

On Thu, Nov 13, 2014 at 10:00 AM, Kris Knigga wrote:

I've been poring through documentation and haven't found anything yet, so
I'll throw the question out here.

With puppet, is there a way to define a resource in such a way that when
applied to a client for the first time it is created, but if the resource
already exists on the client nothing is changed? Specifically, I'd like to
do this with users.

Here is my situation: in the past my organization has poorly managed user
UIDs across machines (multiple users in puppet with the same UID, creating
users in puppet that conflict with system users' UIDs, etc). This resulted
in numerous, frustrating UID conflicts. I've been working on cleaning this
up, but the mass renumbering of important existing users has all sorts of
production-impacting risks. What I'd like to do is tell puppet to create
these users with their new, conflict-free UIDs on new machines but have it
not touch users that are already created on existing machines. This will
allow us to use a slow, methodical approach to fixing the UIDs on old
machines to help mitigate the risks.

Any thoughts are appreciated.

Kris

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b64d9e28-e58d-46de-b1ea-a5db0b2890fd%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/b64d9e28-e58d-46de-b1ea-a5db0b2890fd%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.

On Thu, Nov 13, 2014 at 10:21 AM, Doug Forster wrote:

The best option I have found is creating a custom fact for local users.

# This custom fact pulls out all local users from the /etc/passwd file
# and returns the collection as a comma-separated list.

Facter.add(:local_users) do
setcode do
users = Array.new
File.open("/etc/passwd").each do |line|
next if line.match(/^\s|^#|^$/)
users << line.split(':').first
end
users.join(',')
end
end

Then you can find out if the user is on the box in your manifest with:
$user_exists = $name in split($::local_users, ',')

The other added benefit is you now have a custom fact for all servers that
gets stored in puppetdb.

On 11/13/2014 06:00 PM, Kris Knigga wrote:
I've been poring through documentation and haven't found anything yet,
so I'll throw the question out here.

With puppet, is there a way to define a resource in such a way that
when applied to a client for the first time it is created, but if the
resource already exists on the client nothing is changed?
Specifically, I'd like to do this with users.

Here is my situation: in the past my organization has poorly managed
user UIDs across machines (multiple users in puppet with the same UID,
creating users in puppet that conflict with system users' UIDs, etc).
This resulted in numerous, frustrating UID conflicts. I've been
working on cleaning this up, but the mass renumbering of important
existing users has all sorts of production-impacting risks. What I'd
like to do is tell puppet to create these users with their new,
conflict-free UIDs on new machines but have it not touch users that
are already created on existing machines. This will allow us to use a
slow, methodical approach to fixing the UIDs on old machines to help
mitigate the risks.

Any thoughts are appreciated.

Kris