On 2020-09-20 16:31, Devminded wrote:
> Hi.
>
> We are using the *puppetlabs/accounts* module to setup user accounts and
> SSH keys but finds it lacking.
> We are using *Hiera* and have divided users up by role, type of machine
> and region/environment. The issue here is that if a user should exist on
> multiple groups of machines, but not in others, we /have to repeat the
> entire definition;/ password, groups, ssh-key, etc. for every "group" of
> users. Multiple places to change things.
> I had expected it to have two concepts:
>
> * List of account definitions (passwords, ssh-keys, groups, etc)
> * List of accounts to be applied to a target (with the possibility to
> override properties)
>
>
> *Definitions*
> accounts::users:
> joe:
> password: '$6......'
> sshkeys: - 'ssh-rsa ...
j...@corp.com'
> sally:
> password: '$6......'
> sshkeys: - 'ssh-rsa ...
sa...@corp.com'
>
> *Declare/Apply*
> *(*hieradata/accounts/DBA.yaml)
> accounts::user_list:
> joe:
> sally:
>
> *(*hieradata/accounts/paymentservice.yaml)
> accounts::user_list:
> joe:
>
> Is this possible?
> Is it possible using Hiera?
> What am I missing?
>
You could do it by having a unique key per user and then referencing
those in each list. Here is an example:
user::joe:
name: 'joe'
user::sally:
name: 'sally'
# *(*hieradata/accounts/DBA.yaml)
accounts::user_list:
- '%{alias("user::joe")}
- '%{alias("user::sally")}
# *(*hieradata/accounts/paymentservice.yaml)
accounts::user_list:
- '%{alias("user::joe")}
When you lookup `accounts::user_list` you will get an array of hashes.
If you instead would prefer one hash with all users where the keys are
names you could do something like this:
accounts::user_list:
joe:'%{alias("user::joe")}
sally: '%{alias("user::sally")}
Hope that helps.
- henrik
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
puppet-users...@googlegroups.com
> <mailto:
puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com
> <
https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/