replying to my own post so that anyone that has a similar issue can benefit:
So if I had a class called buildManagers that I wanted to have
different groups to the default set I would do the following:
class buildOperators inherits buildManagers {
realize ( Group ["some_default_virt_group", "extragroup1", "extragroupN"] )
realize ( User["some_default_virt_user"] )
Add_user["usernameone","usernametwo"] { groups => [ 'wheel',
'extragroup1', 'extragroupN' ] }
}
So the node that has this user/group combo would have the following:
node blah {
include buildManagers
}
node blahblah inherits blah {
# the override
include buildOperators
}
so on node blahblah, the default groups are overridden with:
id usernameone
uid=1001(usernameone) gid=1001(usernameone)
groups=1001(usernameone),10(wheel),531(extragroup1),530(extragroupN)
easy once you know how :)
reference: http://docs.puppetlabs.com/guides/language_tutorial.html
On Tue, Aug 17, 2010 at 11:54 AM, denmat <tu2bg...@gmail.com> wrote:
> Hi list,
>
> I am familiar with virt_users and virt_groups but thought it might be
> easier in our environment to describe our users on our node like shown
> here:
>
> http://itand.me/using-puppet-to-manage-users-passwords-and-ss
>
> To that end I changed things a bit and have the following code:
>
> /etc/puppet/modules/users/manifests/definitions/add_user.pp
>
> define add_user($uid,$pword,$groups) {
> include virt_users
> include virt_groups
>
> if tagged(dba) {
> realize( Group["postgres"])
> }
> if tagged(www) {
> realize( Group ["hw-datarx"], Group["hw-datarw"])
> }
> if tagged("build") {
> realize( Group["hitw"], Group["hwbackup"], Group["hitw-tasks"],
> Group["hw-datarx"] )
> realize( User["hitw"],
> User["hwbackup"],
> User["feeds"],
> User["hwsrc"] )
> }
>
> $username = $title
>
> user { $username:
> comment => "puppet created account for $username",
> home => "/home/$username",
> shell => "/bin/bash",
> uid => $uid,
> password => $pword,
> groups => $groups,
> }
>
> group { $username:
> gid => $uid,
> require => User[$username]
> }
>
> file { "/home/$username":
> ensure => directory,
> owner => $username,
> group => $username,
> mode => 750,
> require => [User[$username], Group[$username]],
> source => "puppet:///modules/users/home/$username"
> }
>
> file { "/home/$username/.ssh":
> ensure => directory,
> owner => $username,
> group => $username,
> mode => 700,
> require => File["/home/$username/"]
> }
>
> file { "/home/$username/.ssh/authorized_keys":
> ensure => file,
> owner => $username,
> group => $username,
> mode => 600,
> require => File["/home/$username/"],
> source => "puppet:///modules/users/home/$username/.ssh/
> authorized_keys"
> }
> }
>
> This seemed pretty good because I could manage certain files out of
> the home directories and assign them to groups.
>
> I then describe a user to create like so:
>
> class buildManagers {
>
> add_user { bobj:
> pword => 'removed',
> uid => removed,
> groups => [ 'hitw', 'hitw-tasks' ]
> }
> }
>
> Which I then include on my node:
> node blah inherits blah.blah {
> include buildManagers
> }
>
> This all works a treat. Now to the problem I have. I want to be able
> to install all the users described in buildManagers but maybe change
> one or two of the groups one of the users has on a per node basis.
>
> If I describe my node as:
>
> node blah inherits blah.blah {
> include buildManagers
> add_user { bobj:
> ....
> groups => ['hitw', 'hitw-tasks', 'anothergroup']
> }
>
> I get that the user is already defined. Basically what if I want bobj
> to be described one way on one host, a different way on another and
> everything else has the default account? Is there a way around this
> without scrapping the way I set out to do it? Can I override just
> their account on one or two nodes somehow without effecting the way I
> would normally describe them?
>
> I'm using puppet 25.5.
>
> Cheers,
>
> DenMat
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
