Ask Your Question

How to manage user accounts?

asked 2013-04-15 03:05:25 -0600

deric gravatar image

I'd like to manage user's accounts with puppet, however I didn't find any suitable module for this. I don't want to use LDAP or any sort of centralized authentication. Puppet should ensure that few admin accounts will be present at all servers. I don't care about uid or gid for user accounts, important is adding ssh key to authorized keys and adding user to some groups sudo, etc.

The best way would be using hiera for this, so that I can easily decide which users will be at which group of servers. What's the ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2013-04-17 16:56:35 -0600

deric gravatar image

updated 2016-02-16 03:58:35 -0600

The best solution I've found so far is using this module:


It allows you to define different settings for various locations, platforms, groups of servers etc.

Usage example:

     comment: "John Doe"
     groups: ["sudo"]
     shell: "/bin/bash"
     pwhash: '$6$wVWsmNcN$t4G3kuGyWvdtQ.X51jZGPdSZaB.5wA/6FSeRBWmHxCKBdiLIK35lyK3y0'
     uid: 1002
     gid: 1002
      type: "ssh-rsa"
      comment: "john@pc"
      key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDIRsDur48bb8kTvrtg9uSzu722964xQ+4Pnu...
edit flag offensive delete link more



I'm interested in how people are managing the deletion of user accounts with this module. Any ideas?

maxwell gravatar imagemaxwell ( 2013-04-19 03:23:57 -0600 )edit

I've built similar setups for SSH keys (with varying degrees of success). It's pretty common to have an "ensure" parameter on your class which can then be used ...(more)

Ancillas gravatar imageAncillas ( 2013-04-19 09:20:10 -0600 )edit

That's a good idea, it's not supported yet, but it shouldn't be hard to implement.

deric gravatar imagederic ( 2013-04-19 11:24:10 -0600 )edit

Purging the users should be doable with that module (it's still a regular 'user' resource in a define, uid are important, put your user in a controlled range and ...(more)

Julien R. gravatar imageJulien R. ( 2013-05-10 00:09:09 -0600 )edit
   resources { 'user':
     purge               => true,
     unless_system_user => 3000,
     schedule          => 'daily',
Julien R. gravatar imageJulien R. ( 2013-05-10 00:09:57 -0600 )edit

answered 2013-04-15 10:33:22 -0600

Ancillas gravatar image

I like to create a module called users that includes every user that Puppet should manage. The users themselves are virtual users, and I realize them when I need them.

You certainly could drive the module off of hiera, passing in an array of users, or a hash with the users, and their parameters like uid and gid.

edit flag offensive delete link more


yeah, that's what I was using util now, but I'd like to keep the puppet code separate from specific settings

deric gravatar imagederic ( 2013-04-17 12:41:15 -0600 )edit

Could you build a module that accepts a hash of users from hiera, and then uses create_resources to turn them into User resources?

Ancillas gravatar imageAncillas ( 2013-04-17 22:23:31 -0600 )edit

There's actually another question where llowder came up with the same solution.

Ancillas gravatar imageAncillas ( 2013-04-17 22:48:02 -0600 )edit

Ancillas, the way you realize virtual users requires definitions of all hosts in puppet pp files. Am I right ?

Przemek gravatar imagePrzemek ( 2013-07-03 08:43:56 -0600 )edit

I think you could put your user hashes into hiera, and then create virtual resources in a module using create_resources if you're running 3.1.0+.

Ancillas gravatar imageAncillas ( 2013-07-03 11:13:35 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-04-15 03:05:25 -0600

Seen: 3,461 times

Last updated: Feb 16 '16