Creating users
6,892 views
Skip to first unread message
kevin
Nov 27, 2008, 7:08:47 PM11/27/08
to Puppet Users
I'd like to use puppet to create users.
Specifically, I'd like to create users, ensure the .ssh dirs are
there, add them to the adm group, that sort of thing.
I'm wondering how to do this, I've been looking through the docs but I
could use a bit of help... any pointers?
Specifically, I'd like to create users, ensure the .ssh dirs are
there, add them to the adm group, that sort of thing.
I'm wondering how to do this, I've been looking through the docs but I
could use a bit of help... any pointers?
RijilV
Nov 27, 2008, 7:33:03 PM11/27/08
to puppet...@googlegroups.com
2008/11/27 kevin <laz...@gmail.com>
This is not a complete example, you should probably wrap this as a define. I also recommend that if you're going to use puppet to create users you set their UID/GID manually. Though I also recommend that you use something like LDAP for user mgmt rather than local auth.
# First create the user, use the 'user' type.
# See http://reductivelabs.com/trac/puppet/wiki/TypeReference#id229
user { "lazyweb":
groups => 'adm',
commend => 'This user was created by Puppet',
ensure => 'present',
managed_home => 'true',
}
# The managed_home above creates the home dir, but we also need
# the .ssh dir, use the file type
# see http://reductivelabs.com/trac/puppet/wiki/TypeReference#file
file { "/home/lazyweb/.ssh":
ensure => 'directory',
require => User['lazyweb'],
owner => 'lazyweb',
mode => '700',
}
# now load up the key...
# see http://reductivelabs.com/trac/puppet/wiki/TypeReference#ssh-authorized-key
ssh_authorized_key { "lazyweb-rsa-key":
ensure => 'present',
key => 'AAAA......',
type => 'rsa',
user => 'lazyweb',
require => File["/home/lazyweb/.ssh"],
}
.r'
This is not a complete example, you should probably wrap this as a define. I also recommend that if you're going to use puppet to create users you set their UID/GID manually. Though I also recommend that you use something like LDAP for user mgmt rather than local auth.
# First create the user, use the 'user' type.
# See http://reductivelabs.com/trac/puppet/wiki/TypeReference#id229
user { "lazyweb":
groups => 'adm',
commend => 'This user was created by Puppet',
ensure => 'present',
managed_home => 'true',
}
# The managed_home above creates the home dir, but we also need
# the .ssh dir, use the file type
# see http://reductivelabs.com/trac/puppet/wiki/TypeReference#file
file { "/home/lazyweb/.ssh":
ensure => 'directory',
require => User['lazyweb'],
owner => 'lazyweb',
mode => '700',
}
# now load up the key...
# see http://reductivelabs.com/trac/puppet/wiki/TypeReference#ssh-authorized-key
ssh_authorized_key { "lazyweb-rsa-key":
ensure => 'present',
key => 'AAAA......',
type => 'rsa',
user => 'lazyweb',
require => File["/home/lazyweb/.ssh"],
}
.r'
kevin
Nov 27, 2008, 11:45:11 PM11/27/08
to Puppet Users
On Nov 27, 7:33 pm, RijilV <rij...@riji.lv> wrote:
> 2008/11/27 kevin <lazy...@gmail.com>
>
>
>
> > I'd like to use puppet to create users.
>
> > Specifically, I'd like to create users, ensure the .ssh dirs are
> > there, add them to the adm group, that sort of thing.
> > I'm wondering how to do this, I've been looking through the docs but I
> > could use a bit of help... any pointers?
>
> This is not a complete example, you should probably wrap this as a define.
> I also recommend that if you're going to use puppet to create users you set
> their UID/GID manually. Though I also recommend that you use something like
> LDAP for user mgmt rather than local auth.
>
> # First create the user, use the 'user' type.
> # Seehttp://reductivelabs.com/trac/puppet/wiki/TypeReference#id229
>
>
> > I'd like to use puppet to create users.
>
> > Specifically, I'd like to create users, ensure the .ssh dirs are
> > there, add them to the adm group, that sort of thing.
> > I'm wondering how to do this, I've been looking through the docs but I
> > could use a bit of help... any pointers?
>
> This is not a complete example, you should probably wrap this as a define.
> I also recommend that if you're going to use puppet to create users you set
> their UID/GID manually. Though I also recommend that you use something like
> LDAP for user mgmt rather than local auth.
>
> # First create the user, use the 'user' type.
> user { "lazyweb":
> groups => 'adm',
> commend => 'This user was created by Puppet',
> ensure => 'present',
> managed_home => 'true',
>
> }
>
> # The managed_home above creates the home dir, but we also need
> # the .ssh dir, use the file type
> # seehttp://reductivelabs.com/trac/puppet/wiki/TypeReference#file
> groups => 'adm',
> commend => 'This user was created by Puppet',
> ensure => 'present',
> managed_home => 'true',
>
> }
>
> # The managed_home above creates the home dir, but we also need
> # the .ssh dir, use the file type
> file { "/home/lazyweb/.ssh":
> ensure => 'directory',
> require => User['lazyweb'],
> owner => 'lazyweb',
> mode => '700',
>
> }
>
> # now load up the key...
> # seehttp://reductivelabs.com/trac/puppet/wiki/TypeReference#ssh-authorize...
> ensure => 'directory',
> require => User['lazyweb'],
> owner => 'lazyweb',
> mode => '700',
>
> }
>
> # now load up the key...
> ssh_authorized_key { "lazyweb-rsa-key":
> ensure => 'present',
> key => 'AAAA......',
> type => 'rsa',
> user => 'lazyweb',
> require => File["/home/lazyweb/.ssh"],
>
> }
>
> .r'
Again, thanks very much. I'm intrigued about your LDAP comment... can
> ensure => 'present',
> key => 'AAAA......',
> type => 'rsa',
> user => 'lazyweb',
> require => File["/home/lazyweb/.ssh"],
>
> }
>
> .r'
you point me where to look into that?
RijilV
Nov 28, 2008, 4:52:29 PM11/28/08
to puppet...@googlegroups.com
2008/11/27 kevin <laz...@gmail.com>
That's a bit out of scope for this list, I suggest you just search google for ldap and whatever distribution you're using, or look at the linux documentation project's howto.
I would encourage you to use TLS and 'tls_checkpeer' (use puppet to put the ldap cert on the clients), but that's something you'll have to decide do on your own.
.r'
Again, thanks very much. I'm intrigued about your LDAP comment... can
you point me where to look into that?
That's a bit out of scope for this list, I suggest you just search google for ldap and whatever distribution you're using, or look at the linux documentation project's howto.
I would encourage you to use TLS and 'tls_checkpeer' (use puppet to put the ldap cert on the clients), but that's something you'll have to decide do on your own.
.r'
timcharper
Apr 3, 2009, 7:08:55 PM4/3/09
to RijilV, puppet...@googlegroups.com
On Nov 27 2008, 6:33 pm, RijilV <rij...@riji.lv> wrote:
> This is not a complete example, you should probably wrap this as a define.
> I also recommend that if you're going to use puppet to create users you set
> their UID/GID manually. Though I also recommend that you use something like
> LDAP for user mgmt rather than local auth.
>
> # First create the user, use the 'user' type.
> # Seehttp://reductivelabs.com/trac/puppet/wiki/TypeReference#id229> This is not a complete example, you should probably wrap this as a define.
> I also recommend that if you're going to use puppet to create users you set
> their UID/GID manually. Though I also recommend that you use something like
> LDAP for user mgmt rather than local auth.
>
> # First create the user, use the 'user' type.
> user { "lazyweb":
> groups => 'adm',
> commend => 'This user was created by Puppet',
> ensure => 'present',
> managed_home => 'true',
>
> }
>
> # The managed_home above creates the home dir, but we also need
> # the .ssh dir, use the file type
> file { "/home/lazyweb/.ssh":
> ensure => 'directory',
> require => User['lazyweb'],
> owner => 'lazyweb',
> mode => '700',
>
> }
>
> # now load up the key...
> ssh_authorized_key { "lazyweb-rsa-key":
> ensure => 'present',
> key => 'AAAA......',
> type => 'rsa',
> user => 'lazyweb',
> require => File["/home/lazyweb/.ssh"],
>
> }
>
I'm running in to an issue where the require attribute for
ssh_authorized_key doesn't seem to be working. Anyone else running in
to this? From the documentation (and from running in the real world),
it doesn't seem to support it. Having an issue where it is trying to
install the key before it creates the user, even though the key is
listed after.
Have you run in to this?
Reply all
Reply to author
Forward
0 new messages