That's great if you have centralized and co-hosted infrastructure and are
willing to accept the dependancy. Given that this is a small need for a small
number of users on a very small amount of systems (like 3 out of hundreds)
without a centralized backbone between them, implementing LDAP makes little
sense.
On Jul 12, 2012, at 12:52 AM, Denmat wrote:
> Puppet users and groups are fiddly. My current not implemented thinking is to
> use ldap and manage pam_groups via puppet on the hosts to get the
> granularity.
>
> More thinking out loud than anything else.
>
> Den
>
> On 12/07/2012, at 6:03, Jo Rhett <jrh...@netconsonance.com> wrote:
>
>> I'm fighting with a ticklish issue. We have some groups and users that only
>> belong on some systems. So we made all users virtual and then realize them
>> in classes specific to those system types. This works quite well for the
>> users, but not for the groups. When you specify a user, you have to list all
>> the groups they are in.
>> groups => ['support',ops','dev'],
>>
>> Obviously some groups aren't realized on all systems, so this produces an
>> error when usermod is run.
>> '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod:
>> unknown group dev
>> usermod: unknown group dev
>>
>> So I tried to get smarter, and put logic to add the group to each member
>> under the appropriate class
>> Class users::dev inherits users {
>> User['jrhett'] { groups +> ['dev'] }
>> }
>>
>> This works… almost. It works for all instances where the user is only
>> subclassed once. But if I do the same technique in multiple classes I get
>>
>> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
>> Parameter 'groups' is already set on User_and_key[jrhett] by
>> #<Puppet::Resource::Type:0x7f4feed2d828> at
>> /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at
>> /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
>>
>> So how can this be achieved, short of using an exec with an unless doing
>> another exec to determine if the group exists?
>>
>> --
>> Jo Rhett
>> Net Consonance : net philanthropy to improve open source and internet
>> projects.
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
