Import username/password list to hash
41 views
Skip to first unread message
Adam
May 2, 2012, 11:11:56 AM5/2/12
to puppet...@googlegroups.com
Fellow Puppet Users!
I have a continually growing list of 600 remote users that I need to ensure exist across 3 web servers. I only need to ensure these users exist, and that the password is set with the what they provide via a secure web interface. Within my puppet configuration, I don't know if I should do some of this in a template (as I have yet to create a template), or all within a manifest.
I think what it really comes down to is: How do I best import my 600+ line list of "username, password" into a hash?? Then loop through that hash and check it against the appropriate username/password. I'm sure something like this has been done before, but all of my trolling the internet has failed to come up with a good example.
Any input is appreciated! Thanks...
I have a continually growing list of 600 remote users that I need to ensure exist across 3 web servers. I only need to ensure these users exist, and that the password is set with the what they provide via a secure web interface. Within my puppet configuration, I don't know if I should do some of this in a template (as I have yet to create a template), or all within a manifest.
I think what it really comes down to is: How do I best import my 600+ line list of "username, password" into a hash?? Then loop through that hash and check it against the appropriate username/password. I'm sure something like this has been done before, but all of my trolling the internet has failed to come up with a good example.
Any input is appreciated! Thanks...
Christopher Wood
May 2, 2012, 11:23:01 AM5/2/12
to puppet...@googlegroups.com
My experience managing only home directories (and even fewer than yours) is that tossing hundreds of i/o-sensitive resources (nfs mounts, directories) at a puppet agent guarantees slow agent runs. You're also not going to scale way up with local users across a growing number of servers.
My way of getting around this issue was to configure ldap service and give every server an nss-pam-ldapd configuration (all via puppet). I can easily restrict host access via nslcd's passwd filter. Then the user-provisioning load is between the database and the ldap servers, and the puppet agent is only checking the nss-pam-ldapd configuration on the web servers themselves.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> [1]https://groups.google.com/d/msg/puppet-users/-/X68ubmfC8wAJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
> Visible links
> 1. https://groups.google.com/d/msg/puppet-users/-/X68ubmfC8wAJ
My way of getting around this issue was to configure ldap service and give every server an nss-pam-ldapd configuration (all via puppet). I can easily restrict host access via nslcd's passwd filter. Then the user-provisioning load is between the database and the ldap servers, and the puppet agent is only checking the nss-pam-ldapd configuration on the web servers themselves.
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> [1]https://groups.google.com/d/msg/puppet-users/-/X68ubmfC8wAJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
> Visible links
> 1. https://groups.google.com/d/msg/puppet-users/-/X68ubmfC8wAJ
Reply all
Reply to author
Forward
0 new messages