Managing Users over multiple servers
97 views
Skip to first unread message
lth
May 21, 2012, 7:08:31 PM5/21/12
to puppet...@googlegroups.com
We have several webservers that we are going to manage with puppet. We want to make sure the users are the same on all of them.
My plan was to create a separate manifest for each user within a users module. However if someone changes their password one one server how do we make sure that puppet doesn't overwrite that info? Also we want to propagates that password change to the other servers. Therefore putting information the password hash or age of the password in the manifest doesn't seem like it will work.
How is this supposed to be done?
Thanks in advance.
Trevor Vaughan
May 21, 2012, 7:12:12 PM5/21/12
to puppet...@googlegroups.com
This is not something that you generallyl want to do with Puppet since
Puppet is better utilized for 'consistency over time' applications
(with some exceptions).
A tool, such as LDAP or Kerberos will probably serve your purposes
much better over time.
Trevor
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/DJnPtUOMw6kJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
Puppet is better utilized for 'consistency over time' applications
(with some exceptions).
A tool, such as LDAP or Kerberos will probably serve your purposes
much better over time.
Trevor
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/DJnPtUOMw6kJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
lth
May 21, 2012, 7:40:32 PM5/21/12
to puppet...@googlegroups.com
LDAP is something we've been considering and will probably be implementing that sooner than later. However while that takes care of the 100s of regular web users, we still don't think we want our 8-10 system administrators to be doing that. So we're still have the problem of trying to get puppet to handle them as well as pick up changes and propagate them.
> puppet-users+unsubscribe@googlegroups.com.
jcbollinger
May 22, 2012, 2:25:28 PM5/22/12
to Puppet Users
On May 21, 2:40 pm, lth <lthar...@gmail.com> wrote:
> LDAP is something we've been considering and will probably
> be implementing that sooner than later. However while that takes care of
> the 100s of regular web users, we still don't think we want our 8-10 system
> administrators to be doing that. So we're still have the problem of trying
> to get puppet to handle them as well as pick up changes and propagate them.
opposite to its designed mode of operation. You could, however, set
up a system that makes password changes go first to some central file
on the Puppetmaster, to be rolled out from there to all nodes.
Password changes that bypassed that mechanism would still be
overwritten.
John
Reply all
Reply to author
Forward
0 new messages