On 8/20/14 11:45 PM, Gregory Orange wrote:
> How do people manage users? I'm slowly marching toward LDAP (someone
> recently suggested FreeIPA, not sure if it's relevant), but trying to
> stave it off for the time being. I've read a few blogs and posts on the
> topic, but nothing clear comes out - except that if one gets too
> complicated, one should move to a proper user management system!
>
> I have a 'util::user' class to create individual users, and a
> 'users($profile)' class which uses 'util::user' to create sets of users
> and groups.
>
> If a group exists for a machine, then users who are assigned to that
> group should be in it. Otherwise, they're not put in that group (because
> that would give an error). I achieve this in 'users' with this code:
>
> case $profile {
> 'profile1': {
> $_management = 'management'
> $_dataentry = 'dataentry'
> $_users_grp = 'users'
> $_accounts = 'accounts'
> }
> 'profile2': {
> }
> 'profile3': {
> $_rel_m = 'releasemasters'
> }
> default: {
> fail("Unsupported users profile ${profile}")
> }
>
> then users are created with e.g.
> util::user 'username' ...
> groups => [$_users_grp, $_rel_m, $_dataentry]
>
> and the util::user class strips out any undefs or blanks.
>
> It all works quite nicely, but I'd like to clean up this last portion of
> it with a nicer way of saying "if the group exists (or is defined by
> Puppet to exist) on this machine, and the user is to be put in this
> group, then put the user in this group on this machine".
>
> Any suggestions?
>
> TIA,
> Greg.
>
> PS: I discovered tags the other day, and now use that in 'users' to
> instantiate the right users and groups for a machine based on $profile.
> Clean and easy to follow.
>
Hi Greg,
Directory services like LDAP are definitely something to look into and
can really make life simpler.
Here[1] is the code that I use to manage local users. You could use it
for your scenario by placing users in different levels in Hiera and
keying off the profile.
[1] - https://github.com/ghoneycutt/puppet-module-common#commonmkuser-define
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53F63E5C.9030308%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.
