[Puppet Users] user::virtual and selectivly removing users

Tue, 03 Nov 2009 18:06:24 -0800 

Hello...

 I have an existing puppet infrastructure, part of which manages adding
and removing users from our servers.  Now I would like to manage users
in a way similar to the best practices
http://reductivelabs.com/trac/puppet/wiki/PuppetBestPractice#managing-users 
guide, with different combinations of users on different servers.  something 
like; admins, managers, dba, developers, qa.  On different server types like; 
restricted, database, general, web, mail, etc.

 Now my problem is that I currently have every user on every server (for
legacy reasons) and need to either add or remove users based on the
above classifications.  My test structure looks something like:

define manage-user (...) {
# takes name, uid, etc.  to create user with local defaults
# tests for NFS home dirs to manage home or not, etc.
}

class all-users {
# calls @manage-user with name, uid, etc creating a virtual user call
}

class admins {
 User { ensure => present }
 realize each admin via Manage-user["username"]
}

class dbas {
 realize each admin via Manage-user["username"]
}

class managers|devel|qa like above {}

Now the hard part, something like this does not work:


class dbas::remove {
 # doesn't work
 User { ensure => absent }
 include dbas
}



if ( ( $hostname == "foo") or ( $some-fact == "bar") ) { 
 # none of these combinations will work
 User { ensure => present }
 include admins
 User { ensure => absent }
 include dbas::remove
 include developers
 etc.
}




Has anyone run into a similar need or developed a solution for this
problem?




p.s. FWIW , PCI compliance sucks



-- 
Christopher McCrory
 "The guy that keeps the servers running"
 
chris...@pricegrabber.com
 http://www.pricegrabber.com
 
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense.  I tried it.  Only tinfoil works.



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to