On Nov 15, 12:27 pm, Stephan <stephan.eckwei...@admin.ox.ac.uk> wrote:
> Hi Justin,
>
> > So I'd like to avoid having to type the user titles in the call to
> > users::create. Is there a way to do this using the 'User <| group ==
> > 'ssh' |>' syntax to select what I want?
>
> Unfortunately the spaceship operator can't contain anything other than
> == and !=, and doesn't accept anything but simple variables.
> Actually I doubt User <| group == 'ssh' |> will work that well. During
> past tests I did, it only found the first member of an array. So if
> you had a user defined like this:
>
> users::define_ssh {'jspies':
> [...]
> group => ['group1','ssh'],
>
> }
>
> it wouldn't be realized by User <| group == 'ssh' |>, because ssh is
> at the second position of the group parameter. Maybe that wasn't
> discovered yet over at this wiki you mentioned.
>
> Or do I need to just define an
>
> > array in the sshusers.pp file and pass the array to the users::create?
>
> May I ask what your reason is for not ensuring that users should be
> present right away? Sounds like you want to add all your new users
> right away. In this case you don't have to have separate user::define
> and user::create groups. Would be enough just to have the ensure =>
> present inside the user::define and then include or require it in your
> node, eg. your default node.
Hi Stephan, thanks for the reply. The example I'm following / using is
http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns
Great question regarding 'why', and it made me think hard about what
I'm trying to accomplish.
My reason for not realizing users immediately is because I wanted to
define a user in one place (sshusers.pp) and then realize those users
on most (but not all) of my servers (let's say there are 20 servers.)
So the users are defined virtually in sshusers.pp using the
users::define_ssh and then they are realized (inside of each node
definition) using users::create based on which users go on each
server. I would prefer to add users to a group and then in the node
definition, specify to the server 'ensure that all users who are a
member of group ssh are created'. A better example, perhaps, would be
if you think in terms of a DBA group. I only want to add the DBA
users, who are in the DBA group, to the database servers.
So for a web server node, I would have 'user::create{ User <| group ==
'webservers' |>: ensure => present }' and 'user::create{ User <| group
== 'dba' |>: ensure => absent }'. That would create the web server
admins on the web server, and ensure the DBA users were not there
(admittedly, I'm not sure what the results would be if I had one user
in both groups). On the DB server, I would just reverse the value of
the ensure parameter so that the web server users are not created and
the DBA users are created.
I am not stuck on the use of the spaceship syntax, it was just my
starting point. I was hoping to just extract an array of users some
how and pass that to the users::create definition. I am also open to
suggestions on how to better structure this if I'm going off in some
crazy direction. I am new to Puppet and am still getting a grasp on
how it works and how to properly code up classes and defines.
Thanks again.
>
> Hope that helps
> Stephan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
