Puppet users and groups are fiddly. My current not implemented thinking is to
use ldap and manage pam_groups via puppet on the hosts to get the granularity.
More thinking out loud than anything else.
Den
On 12/07/2012, at 6:03, Jo Rhett <jrh...@netconsonance.com> wrote:
> I'm fighting with a ticklish issue. We have some groups and users that only
> belong on some systems. So we made all users virtual and then realize them in
> classes specific to those system types. This works quite well for the users,
> but not for the groups. When you specify a user, you have to list all the
> groups they are in.
> groups => ['support',ops','dev'],
>
> Obviously some groups aren't realized on all systems, so this produces an
> error when usermod is run.
> '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod:
> unknown group dev
> usermod: unknown group dev
>
> So I tried to get smarter, and put logic to add the group to each member
> under the appropriate class
> Class users::dev inherits users {
> User['jrhett'] { groups +> ['dev'] }
> }
>
> This works… almost. It works for all instances where the user is only
> subclassed once. But if I do the same technique in multiple classes I get
>
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Parameter 'groups' is already set on User_and_key[jrhett] by
> #<Puppet::Resource::Type:0x7f4feed2d828> at
> /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at
> /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
>
> So how can this be achieved, short of using an exec with an unless doing
> another exec to determine if the group exists?
>
> --
> Jo Rhett
> Net Consonance : net philanthropy to improve open source and internet
> projects.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
