I currently have something set up for users like this:
virt_users.pp
class virt_my_users {
@user { "user1":
ensure => "present",
uid => "1001",
gid => "users",
comment => "user1",
home => "/home/user1",
shell => "/bin/bash"
}
@user { "user2":
ensure => "present",
uid => "1002",
gid => "users",
comment => "user2",
home => "/home/user2",
shell => "/bin/bash"
}
}
users.pp
class prod_users {
include virt_my_users
realize(
Group["users"],
User["user1"],
User["user2"],
)
}
site.pp
node host1 inherits default {
include prod_users
}
And I wanted to do something similar with the keys, defining the keys
for everyone in one place and then using it for several users on
multiple nodes. For instance the postgres user on some nodes might
have keys from developers and dba's but only a limited number of
people in the production environment.
All this is currently managed with some sh/awk scripts. We basically
have a file with a key. These keyfiles are grouped up into something
legible such as 'sysadmins' or 'dbas'. Then we have a node definition
containing the users on that node and the groups of keys to be
deployed to the users.
Ideally I would like something where I could have
node host1 inherits default {
include prod_users
}
class prod_users {
realize User['user1']
realize Sshkeys['user1'] # this bit would expand the groups of
keys and deploy them to user1
}
Hope that makes some sense to people :) I always have the option of
leaving the sh/awk solution as is so it's not top on my list but it
would be nice to manage everything from one place.
On Nov 23, 2:06 pm, seph <s...@directionless.org> wrote:
> You could do something with a define. But I'm not really sure what your
> use case is. Can you give an example?
>
> seph
>
>
>
> sysboy <sys...@gmail.com> writes:
> > Hi all,
>
> > I want to use puppet to distribute keys to multiple users. I wanted
> > to do something like we have already:
>
> > - define a key per real person
> > - define groups containing several keys, people can be in multiple
> > groups
> > - deploy these groups of keys to specific users
>
> > however it looks like the ssh_authorized_key resource ties a key and a
> > user together so it looks like I fall at the first hurdle:
>
> > @ssh_authorized_key { "joe.bloggs":
> > ensure => "present",
> > key =>"AAAAB....=",
> > type => "ssh-rsa",
> > user => "root" <<<<< I don't want this
> > }
>
> > I was hoping to realize a groups of these keys and somehow tie them to
> > users. Any ideas?
>
> > --
>
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group
> > athttp://groups.google.com/group/puppet-users?hl=.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=.
