On Wednesday, September 26, 2012 2:15:27 PM UTC-5, erkules wrote:
>
> On Wed, Sep 26, 2012 at 12:00:10PM -0700, Jo Rhett wrote:
> > Realizing doesn't allow overrides. To remove the user:
> >
> > @user ahab { ensure => absent }
> > realize User['ahab']
> >
> > This may mean you need to use inheritence for the class the user is
> defined in, creating a child class for the nodes you want to remove him on.
> >
>
> Oha,
> that sounds like putting a lot of thinking building the configuration
> system.
>
>
Indeed, yes. It is a complex task, and thinking is required.
Note, by the way, that virtualization really doesn't have much to do with
this particular issue. There are basically two ways to remove users with
Puppet:
1. The fairly safe way: manage the user, setting ensure => absent. That
'ensure' parameters could be set on the actual resource declaration,
perhaps conditionally, or it could be overridden later, such as via a
collection.
2. The simple, but rather dangerous, way: use the 'resources'
metaresource to declare that all unmanaged, non-system user accounts should
be purged from the system. This has the potential to bite you -- hard --
but it has the advantage that all you have to do is stop realizing a user
or else not declare him at all to have him removed.
Note that even approach (1) I designate only "fairly" safe. It is that
because you explicitly specify all user removals, but nothing can change
the fact that removing users is inherently risky.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ywnSOVHpDyMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
