[Puppet Users] Re: Have Puppet remove a user when the associated class which created it is removed

Wed, 17 May 2017 10:33:37 -0700 

On Friday, May 5, 2017 at 2:22:27 PM UTC-4, James Perry wrote:
>
> As I keep tweaking our Puppet/Foreman setup, I was wondering if it was 
> somehow possible to auto-magically remove uses when the associated class is 
> removed from the server.  All of our Puppet code is under source code 
> management and requires a full change approval process to implement. 
>
> I thought of doing custom facts and then checking them against all user 
> classes, but that seemed like it would use a ton of overhead.  
>
> Another idea was to do a define that had a default of absent for a user 
> and then pass "present" as a parameter to have the user created, but that 
> seemed like it would still need some "magic" that most likely end up 
> getting really deep in coding to ensure that the user didn't get pulled off 
> a box where it needed to exist. 
>
> I'm not sure this is even possible other than how I have done it in the 
> past where I created 2 users classes. One that adds it and another that 
> removed it. The process is a bit clunky but it does work. 
>
> Anyone had any success making something like this work? 
>

Sort of?  The problem is, my implementation is very different from yours. 
 I'm managing users via YAML.  You can manage users (including removing 
them) via the user resource, so I'm creating YAML data (on the fly, but 
that's not a requirement) that gets consumed by a create_resources call.  I 
do management by invoking:

  resources { user:
    purge              => true,
    unless_system_user => $auth_base
  }

where $auth_base is the highest possible uid for a system user (usually 
999).  Then any users that aren't known to the puppet catalog are zorched.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f542a16c-029e-4d0a-8a24-0c1fed838d0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to