Ask Your Question

Revision history [back]

Removing users not known to puppet

Here's an interesting one. Puppet takes the stance of ignoring things it doesn't know about. How would I run through the list of users on a machine and remove the ones not known to puppet? What has happened a couple of times is that someone has added users to a server which are then not managed.

This is not as dangerous as it seems as we run puppet in noop mode and have a central web server which requests authorisation before executing modifications. That way we have an audit trail of changes.

I have written custom facts to iterate the passwd and group files but would it be possible to generate resources from all those facts with present/absent being dependent on hiera details?