Hmm, I see. We went another avenue. We create all users on all systems
and then let another instance decide which users to let log in to
which machine. RADIUS servers or Kerberos servers are capable of this.
But depending on the surroundings this might be overkill.
So I agree that for you the spaceship makes sense. But am afraid won't
be of much help. Am still struggling myself to get my head around it,
and must admit, am not really overly impressed by it so far. But rule
1 with open source: "contribute nothing, expect nothing"
On Nov 15, 7:30 pm, Justin Spies <jus...@thespies.org> wrote:
> On Nov 15, 12:27 pm, Stephan <stephan.eckwei...@admin.ox.ac.uk> wrote:
>
>
>
>
>
>
>
>
>
> > Hi Justin,
>
> > > So I'd like to avoid having to type the user titles in the call to
> > > users::create. Is there a way to do this using the 'User <| group ==
> > > 'ssh' |>' syntax to select what I want?
>
> > Unfortunately the spaceship operator can't contain anything other than
> > == and !=, and doesn't accept anything but simple variables.
> > Actually I doubt User <| group == 'ssh' |> will work that well. During
> > past tests I did, it only found the first member of an array. So if
> > you had a user defined like this:
>
> > users::define_ssh {'jspies':
> > [...]
> > group => ['group1','ssh'],
>
> > }
>
> > it wouldn't be realized by User <| group == 'ssh' |>, because ssh is
> > at the second position of the group parameter. Maybe that wasn't
> > discovered yet over at this wiki you mentioned.
>
> > Or do I need to just define an
>
> > > array in the sshusers.pp file and pass the array to the users::create?
>
> > May I ask what your reason is for not ensuring that users should be
> > present right away? Sounds like you want to add all your new users
> > right away. In this case you don't have to have separate user::define
> > and user::create groups. Would be enough just to have the ensure =>
> > present inside the user::define and then include or require it in your
> > node, eg. your default node.
>
> Hi Stephan, thanks for the reply. The example I'm following / using
> ishttp://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_P...
>
> Great question regarding 'why', and it made me think hard about what
> I'm trying to accomplish.
>
> My reason for not realizing users immediately is because I wanted to
> define a user in one place (sshusers.pp) and then realize those users
> on most (but not all) of my servers (let's say there are 20 servers.)
> So the users are defined virtually in sshusers.pp using the
> users::define_ssh and then they are realized (inside of each node
> definition) using users::create based on which users go on each
> server. I would prefer to add users to a group and then in the node
> definition, specify to the server 'ensure that all users who are a
> member of group ssh are created'. A better example, perhaps, would be
> if you think in terms of a DBA group. I only want to add the DBA
> users, who are in the DBA group, to the database servers.
>
> So for a web server node, I would have 'user::create{ User <| group ==
> 'webservers' |>: ensure => present }' and 'user::create{ User <| group
> == 'dba' |>: ensure => absent }'. That would create the web server
> admins on the web server, and ensure the DBA users were not there
> (admittedly, I'm not sure what the results would be if I had one user
> in both groups). On the DB server, I would just reverse the value of
> the ensure parameter so that the web server users are not created and
> the DBA users are created.
>
> I am not stuck on the use of the spaceship syntax, it was just my
> starting point. I was hoping to just extract an array of users some
> how and pass that to the users::create definition. I am also open to
> suggestions on how to better structure this if I'm going off in some
> crazy direction. I am new to Puppet and am still getting a grasp on
> how it works and how to properly code up classes and defines.
>
> Thanks again.
>
>
>
>
>
>
>
>
>
> > Hope that helps
> > Stephan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
