[Puppet Users] Virtual resources, account module help.

Thu, 13 Jan 2011 12:39:40 -0800 

Hello,

I'm trying to rebuild my accounts module so that will completely
manage users via puppet.  In my env, as much as I would like to, I
cannot use nis or ldap for authentication, so I'm trying to do it the
puppet way, but I seem to be a little stuck.

I would like to maintain a list of users (currently in a csv file
accessed via an extlookup function), then just specify unix groups to
appear on the node.  All users of those groups would be realized and
appear on the target system.

If a user is in more than one group, then I run into a duplicate
resource definition issue, and I can't quite figure out a better way
to get around it.

I've seen the various methods in the mail archive, but those all
appear to have static definitions for the users.  I'm trying to
dynamically create the users resources.

class accounts::users {

  define douser {
      $extlookup_datadir = "/etc/puppet/manifests/extdata"
      $extlookup_precedence = [ "people" ]
      $extuser = extlookup("$name")
      # At this point extuser look like [ "acrews", "1000", "Adam
Crews", "/bin/bash", "enabled", "devuser:qauser:group1:group2:group3"
]

      $groups = split($extuser[4], '[:]')

      @group {
            "$name":
                 $gid => $extuser[1],
                 $ensure => $extuser[4];
       }

      @user {
            "$name":
                ensure => $extuser[4],
                uid  => $extuser[1],
                groups => [ $groups ],
                 ... (and so on for the user values)
       }
  }

  define dogroup {
      $extlookup_datadir = "/etc/puppet/manifests/extdata"
      $extlookup_precedence = [ "groups" ]
      $extgroup = extlookup("$name")
      # at this point $extgroup is an array of users that are in the
group specified in $name

      douser { [ $extgroup ]: }

  }
}

node foo {
   include accounts::users
   accounts::users::dogroup {["devuser", "qauser"]}
}

So if "acrews" appears in both devuser and qauser, I get "Duplicate
definition: Accounts::Users::Douser[acrews] is already defined....".
This is obvious to me since the dogroup define is invoked for each of
the groups.  I'm thinking that I need to tag the resources, then
collect and realize them all, but I so far I haven't found the right
path to make that happen.

Can someone nudge me in the right direction to sort this out?

Thanks
-Adam

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to