On 4/30/14, 11:06 AM, Sans wrote:
> Hi all,
>
> I have users module, which I don't control but include in my manifest to
> setup user(s) on my system. This is something I have in one of the .pp
> files:
>
> class users::productupport {
> @group { 'productsupport':
> gid => '1553',
> }
> @produser { 'jake_s':
> user => 'jake_s',
> uid => '5001',
> group => 'productsupport',
> comment => 'Jake Sully',
> .....
> }
> @produser { 'nina_g':
> ....
> }
>
>
> and in my manifest, I realize that information like this:
>
> sudoers::snippet {
> 'productsupport':
> group => 'productsupport',
> rights => ['ALL'];
> }
> Users::Produser <| group == productsupport |>
>
>
>
> I have four environments and not all user-group are required on all the
> environment. How can I do the from hiera? I'm planing to have this in my
> hiera files:
>
> /*test.yaml:*/
> user_group:
> - productsupport
> - mondev
>
> /*stage.yaml:*/
> user_group:
> - productsupport
> - idreport
>
>
>
> but then I cannot figure out how I can use user_group to create the
> group of users. Any help/pointer?
> Just one thing to note: changing anything in the users module not really
> an option for me but I'm open to any suggestion(s) if it makes thing
> even better.
>
> Best!
Hi Sans,
I have code available[1] that does exactly this. You could put a level
in hiera.yaml such as
- environments/%{environment}
and then in each file (environments/stage.yaml and
environments/test.yaml) put the users that should be realized.
Though coding aside, from a sysadmin standpoint why you are doing this
seems quite odd. I would recommend realizing all the users in all
environments, which is effectively what happens when you use a directory
service, and then lock down which users can access the system depending
on the environment. If you go that route, check out my pam module[2].
Instead of describing users in different levels of hiera, you would
describe them all in one level of hiera and at the environment level you
would put what groups are allowed to login.
[1] - https://github.com/ghoneycutt/puppet-module-common#commonmkuser-define
[2] - https://github.com/ghoneycutt/puppet-module-pam/#allowed_users
BR,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/536183CB.6030105%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.
