Hi,
I'm currently evaluating puppet for use in our server environment (2+
physical machines and something over a dozen xen instances). I want to
use it mainly for managing the ssh keys and creating and maintaining
accounts for the developers and admins (which work in like 3 groups).
So i got three groups of users (admin, test, production) or
something.
The current picture in my head like that:
(client) --ssh--> (us...@login.example.com) --ssh-->
(us...@{production,test}.example.com)
All ssh connections should be authenticated via either Public Key auth
or password. But i would prefer public key auth as this is the main
reason for us to move to puppet instead of manually managing
everything... From the login.example.com box the users should be able
to log on to their machines - preferably via public key auth - and
then allowed to use sudo to gain root rights if they are in the
appropriate group. Not every user is allowed to logon onto all
machines, e.g. a common dev would not have root rights on our
production servers with billing information on it...
I read up on user and group creation and ssh key distribution. The
only thing i cant wrap my head around is how i should handle
passwords. Until the point where sudo comes in I wont need any
passwords at all in everyday use but allowing the users to simply sudo
without a password seems a bit strange to me. So the users would need
a password. Or I could simply allow root login to our dev/test/
production machines from login.example.com thus eliminating the need
for sudo and the passwords.
Is that possible to do with puppet or have I any weird ideas in there?
I'm open for suggestions.
Greetings,
Andreas Mohrhard
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
