Ask Your Question
4

How to manage users account using Hiera ?

asked 2013-04-16 05:50:45 -0500

Przemek gravatar image

We are trying to deploy our puppet managed configuration. So far our puppet code is "traditional" ;-) and looks like this:

class accounts {

        group { "group1":
                ensure  => present,
                gid     => 5100,
        }

        group { "group2":
                ensure  => present,
                gid     => 3200,
        }

       user { 'user1':
                ensure          => present,
                groups          => ['group1'],
                home            => '/home/user1',
                managehome      => true,
                shell           => '/bin/bash',
                uid             => 7250,
        }

What would be the best way to convert this configuration into Hiera-based config ? Is it possible somehow to use the following configuration (pseudo code) ?

---
server1:
  groups:
    group1
      gid1
    group2
      gid2
  users:
    user1:
      group1
      home
      shell

etc

If this is possible - how would puppet class look like ? Can anybody provide full ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
6

answered 2013-04-16 07:21:31 -0500

llowder gravatar image

Your example is pretty close. I would use an example like:

---
server1_users:
  user1:
    ensure: present
    home: /path/to/home
    shell: /path/to/shell
    uid: 10001
    gid: 10001
    groups:
      - secondary_group1
      - secondary_group2
    password: SuperSecret
  user2:
    ensure: present
    home: /path/to/home
    shell: /path/to/shell
    uid: 10002
    gid: 10002
    groups:
      - secondary_group1
      - secondary_group3
    password: OtherSuperSecret
  user3:
    ensure: present
    home: /path/to/home
    shell: /path/to/shell
    uid: 10003
    gid: 10003
    groups:
      - secondary_group2
      - secondary_group4
    password: AlsoSuperSecret
server1_groups:
  group1:
    ensure: present
    gid: 401
  group2:
    ensure: present
    gid: 402
  group3:
    ensure: present
    gid: 403

Then in one of your manifests, you can do something like:

class ...
(more)
edit flag offensive delete link more

Comments

Thanks Lee ! We use Puppet 3.1. Btw: is the 'user', 'group' a keyword (in create_resource() call) ? And how do I associate these users with particular server ? What if I ...(more)

Przemek gravatar imagePrzemek ( 2013-04-16 08:26:50 -0500 )edit

The first parameter of createresources is a resource type. In the example, the first createresources creates multiple User resources. The second creates Group resources.

Ancillas gravatar imageAncillas ( 2013-04-16 10:23:45 -0500 )edit

Because you're using one giant hash, it's an all or nothing thing to add the users to a server. If you want granularity, you'll have to break ...(more)

Ancillas gravatar imageAncillas ( 2013-04-16 10:26:59 -0500 )edit

The organizational units idea is very appealing :-) How that would change the above code ?

Przemek gravatar imagePrzemek ( 2013-04-16 11:02:14 -0500 )edit

What are all possible resource type for create_resources ? Is there any doc about it ?

Przemek gravatar imagePrzemek ( 2013-04-16 11:02:54 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-04-16 05:50:45 -0500

Seen: 8,066 times

Last updated: Apr 16 '13