[Puppet Users] Re: managing normal users with Puppet

2010-11-16 Thread jcbollinger 


On Nov 15, 8:41 am, Christian 
wrote:
> true
>
> Unfortuniatially i can't find such a flag as a parameter for the
> puppet 'user' resource.

A wider audience will be available to help if you explain what that
setting actually means.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: managing normal users with Puppet

2010-11-15 Thread Christian 
In this context i have a question.

I migrate an autoyast settings into Puppet modules. Originally users
are created in the autoyast file for SLES9.

Following setting i have for one of my user.

true

Unfortuniatially i can't find such a flag as a parameter for the
puppet 'user' resource.

Christian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: managing normal users with Puppet

2010-11-05 Thread Garrett Honeycutt 


On Nov 5, 9:19 am, Mark_SysAdm  wrote:
> What are the recommended practices for adding regular users with a
> specific group and password ? I'd like to add new users to a cluster,
> and also to append an existing ssh key to authorized_keys on all the
> cluster nodes for some users.
>
> This is the best user add solution I've found so far, but it doesn't
> quite do everything I want :
>
> http://itand.me/using-puppet-to-manage-users-passwords-and-ss
>
> I'm looking for a way to do something like:
>
> class users {
> @user { "ajolie":
>   ensure => "present",
>   uid => "1001",
>   group => "1550",
>   comment => "Tomb Raider",
>   home => "/home/ajolie",
>   managehome => true,
>   password => "abc01010",
>   }
>
> @user { "nextuser":
> ...
>  password => "aaccd01",
>  }
>
> }
>
> Does Puppet handle passwords with something already built-in? If not,
> is it in future plans?
> Would love to have one file that has all the user info in it,
> including encrypted passwords.
>
> Played with making a setpasswd script that used a specific encrypted
> password:
> -
> #!/bin/bash
> #setpass.sh:
> copyfrom=existingusername
> encpass=`grep $copyfrom /etc/shadow | cut -f 2 -d : `
> /usr/sbin/usermod -p "$encpass" $username
> ---
> but then I have to copy that script out to all nodes first.
>
> Any better suggestions?

http://forge.puppetlabs.com/ghoneycutt/generic

That module shows how I handle users. You define them all in one place
and then realize them as needed. You can specify password hashes, but
those can be brute forced, so you would want to build security around
who can access your puppet code. Below is a snippet of how it works.

# Sample Usage:
#   # create apachehup user and realize it
#   @mkuser { "apachehup":
#   uid=> "32001",
#   gid=> "32001",
#   home   => "/home/apachehup",
#   managehome => "true",
#   comment=> "Apache Restart User",
#   dotssh => "true",
#   } # @mkuser
#
#   realize Generic::Mkuser[apachehup]

-g

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.