On 4/30/14, 11:06 AM, Sans wrote:
Hi all,
I have users module, which I don't control but include in my manifest to
setup user(s) on my system. This is something I have in one of the .pp
files:
class users::productupport {
@group { 'productsupport':
gid = '1553',
}
@produser { 'jake_s':
user= 'jake_s',
uid = '5001',
group = 'productsupport',
comment = 'Jake Sully',
.
}
@produser { 'nina_g':
}
and in my manifest, I realize that information like this:
sudoers::snippet {
'productsupport':
group = 'productsupport',
rights = ['ALL'];
}
Users::Produser | group == productsupport |
I have four environments and not all user-group are required on all the
environment. How can I do the from hiera? I'm planing to have this in my
hiera files:
/*test.yaml:*/
user_group:
- productsupport
- mondev
/*stage.yaml:*/
user_group:
- productsupport
- idreport
but then I cannot figure out how I can use user_group to create the
group of users. Any help/pointer?
Just one thing to note: changing anything in the users module not really
an option for me but I'm open to any suggestion(s) if it makes thing
even better.
Best!
Hi Sans,
I have code available[1] that does exactly this. You could put a level
in hiera.yaml such as
- environments/%{environment}
and then in each file (environments/stage.yaml and
environments/test.yaml) put the users that should be realized.
Though coding aside, from a sysadmin standpoint why you are doing this
seems quite odd. I would recommend realizing all the users in all
environments, which is effectively what happens when you use a directory
service, and then lock down which users can access the system depending
on the environment. If you go that route, check out my pam module[2].
Instead of describing users in different levels of hiera, you would
describe them all in one level of hiera and at the environment level you
would put what groups are allowed to login.
[1] - https://github.com/ghoneycutt/puppet-module-common#commonmkuser-define
[2] - https://github.com/ghoneycutt/puppet-module-pam/#allowed_users
BR,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/536183CB.6030105%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.
