create user and push out keys.
Ola
Im just been working with puppet, the first usecase i have is to set
up a system to create users and then push ssh keys on this machines in
the create users .ssh files. I just started with puppet so i am a bit
cluesless, Can someone push me in the right direction?
Im having a centos enviorment.
Marek Dohojda
So first my variable problem and now mcollective hates me.
system RHEL6.1 (default EPEL and PuppetLabs RPMs)
I am running mcollective 1.2.1
when I do mco I get this:
The Marionette Collective version 1.2.1
/usr/bin/mco: command (options)
Known commands:
I.E. no application are being registered.
When I look at the libdir:
ls /usr/libexec/mcollective
mcollective
inside that is:
ls mcollective/
agent application audit connector facts registration security
and inside applications:
ls application/
controller.rb facts.rb find.rb help.rb inventory.rb ping.rb rpc.rb
yes just default ones nothing fancy.
So how come does the mco not registering ANY apps?
Len Rugen
Yes, if noone else does, I can sanitize an example from our environment, but I'll have to be back in the office.
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
Alexander Swen
> but I'll have to be back in the office.
create module users:
I will put a line +++++BEGIN and -----END around files to show
boundaries. Don't put those lines in your files ;-)
file: manifests/init.pp:
watch out with the purge rule in resource! it removes all users that
are not defined!!!
+++++BEGIN
class users {
}
class users::resources {
resources { 'user':
purge => false,
unless_system_user => true;
}
}
-----END
another file: manifests/account.pp
this is the "script" that actually generates account and (if present)
a ssh key file
+++++BEGIN
define users::account($realname, $password, $uid, $othergroups=[],
$gid, $key='', $keytype='ssh-rsa', $name, $ensure=present, shell='/bin/
bash', managehome='true', allowdupe='false', homeprefix='/home',
$functie='' ) {
if ($ensure == absent and $name == 'root') {
fail('will not delete root user')
}
File { owner => $name, group => $name, mode => '0600' }
$home = $name ? {
'root' => '/root',
default => "${homeprefix}/${name}",
}
user { $name:
ensure => $ensure,
uid => $uid,
gid => $group,
password => $password,
comment => "$realname",
groups => $othergroups,
shell => "$shell",
home => $home,
require => Group["$group"],
allowdupe => $allowdupe,
managehome => $managehome;
}
case $ensure {
absent: {
file { $home:
ensure => $ensure,
force => true,
recurse => true,
}
if ( $group == $name ) {
group { "$group":
ensure => $ensure;
}
}
}
present: {
file {
"$home":
ensure => directory;
"$home/.bash_logout":
ensure => present,
source => "puppet:///users/.bash_logout";
}
if $key {
file {
"$home/.ssh":
ensure => directory;
}
ssh_authorized_key { "$name":
user => $name,
require => File["$home/.ssh"],
key => $key,
type => $keytype,
ensure => $ensure;
}
}
}
}
}
-----END
Another file: manifests/groups.pp
Here you can define as much groups as you like. we chose to create
those groups on all our servers. You can choose to change this to a
system similar to the way users are realized off course.
+++++BEGIN
class users::groups {
Group { ensure => present }
group {
"groupname":
gid => 500;
}
-----END
Another file: manifests/userlist:
This file should contain a list of all your users with their info
(pass and ssh key) etc
+++++BEGIN
/*
call users::account with following parameters:
these are mandatory:
$name # Loginname
$password # md5 encrypted pass
$uid # userid (should be >500)
$gid # optional groupid
$realname # users full name
these are optional:
$othergroups=[] # array of additional groups
$key # SSH key without comment
$keytype # ssh key type
these defaults can be overriden:
$ensure=present
shell='/bin/bash'
managehome='true'
homeprefix='/home'
allowdupes='false'
keytype='ssh-rsa'
EXAMPLE:
@users::account {
"dork":
name => "dork",
uid => 9000,
gid => 9000,
realname => "dork is a dork",
password => 'hashed password here',
othergroups => [ "blaat", "dorks" ],
key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W
+ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas",
keytype => "ssh-dsa",
}
*/
class users::userlist {
include users::groups
@users::account {
"root":
uid => "0",
gid => "0",
realname => "root",
password => 'hashed password here';
"dork":
name => "dork",
uid => 9000,
gid => 9000,
realname => "dork is a dork",
password => 'hashed password here',
othergroups => [ "blaat", "dorks" ],
key => "x5KTrq41xKcfwFog38jWTmCSiyXLPKLbsDWumrsOel5od2U7W
+ZKNJIkVQZZQqCOmZwnwagssdfgsdfgas",
keytype => "ssh-dsa";
}
-----END
and then: manifests/some_name
(This realizes the users that are member of some groups)
+++++BEGIN
class users::some_name {
Users::Account <| (othergroups == 'some_group' or othergroups ==
'some_other_group') |>
}
-----END
Each server should include users::userlist and users::some_name
if you like you can include , users::resources and then all users will
be removed unless they are specified.
good luck
Ola
Ola
Also, where is the decleration wich server the key is going declared?