Hello...
On Tue, 2009-11-03 at 17:00 -0800, Russ Allbery wrote: > Christopher <chris...@pricegrabber.com> writes: > > > I have an existing puppet infrastructure, part of which manages adding > > and removing users from our servers. Now I would like to manage users > > in a way similar to the best practices > > http://reductivelabs.com/trac/puppet/wiki/PuppetBestPractice#managing-users > > guide, with different combinations of users on different servers. > > something like; admins, managers, dba, developers, qa. On different > > server types like; restricted, database, general, web, mail, etc. <snip> > > If you turn on purging for user resources, any users not explicitly added > to that server will be automatically deleted by Puppet unless they're in > the UID range for system users. > > resources { user: purge => true } > > Then you don't have to generate removal rules for users, just make sure > that you have all the users defined that you want. > W00t! , you da' man! I've been testing this for the past several hours, works as described. from the code: newparam(:unless_system_user) do desc "This keeps system users from being purged. By default, it does not purge users whose UIDs are less than or equal to 500, but you can specify a different UID as the inclusive limit." ... if current_values[resource.property(:uid)] <= self[:unless_system_user] </code> >From what I remember (and after looking at the RH docs on users) , UIDs from 1-499 are for system users, and UIDs from 500 and up are for regular users. Luke, James, et al.: Is it a bug that the code uses less than or equal to 500? I would think it should be less than 500 ( no equal ). I could use resources { user: purge => true , unless_system_user => "499" } , but IMHO , 'less than' in the puppet code would be better. yes? no? maybe? -- Christopher McCrory "The guy that keeps the servers running" chris...@pricegrabber.com http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
