On Fri, Jan 14, 2011 at 2:23 AM, luke.bigum <luke.bi...@fasthosts.co.uk> wrote: > Hi Adam, > > Shame you can't use LDAP or NIS ;) But anyway... >
Yes it makes me sad. I'd really, really, really like to use ldap but my hands are tied. --snip-- > > Lastly, what you're trying to do is complex, especially with Puppet's > "declare once" feature. I tried to do a similar thing with adding and > removing root SSH keys for users: having business groups of staff that > any module could arbitrarily 'turn on'. It turned into a massive > schamozzle of run levels and multiple classes/defines per user. In the > end I just said to myself "this is ridiculous, there's got to be a > better way", found RIP's concat module and never looked back :) That's > not the best idea with things like /etc/passwd, /etc/shadow and /etc/ > group as any software you install (MySQL, Postgtres, etc) has local > users in it which you'd have to try manage, but just proposing there > might be a completely different way of achieving what you want. > > Hope that helps, > > -Luke > For now, I wrote a function that I pass a list of all the groups to. It will explode that to a list of unique users that I then pass to my previously mentioned resources. This seems to be working well so far. I think that feature request http://projects.puppetlabs.com/issues/2084 to auto-realize required resources would further simplify things. Thank for all the tips. It's given me a bit more to work on. -Adam -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
