puppet recipes
Asif Iqbal
I am looking for recipe or some hints to a recipe that can help me
achieve the following
I have about 300 servers of different functions. To make it easy I
decided to keep multiple group dirs based on the
function and have hosts,passwd,users,sudoers file located inside those
function dirs, like the following. In this
example dns is the function of the hosts listed w/ fqdn in the hosts
file. The passwd and shadow are going to be
same as the /etc/passwd and /etc/shadow file for all these hosts, same
for sudeors. users is list of users. may have no purpose
right now.
(root)@puppetmaster:/path/to/groups# ls -lR dns/
dns/:
total 11
-rw------- 1 root other 1 Aug 23 2005 hosts
-r--r--r-- 1 root other 33 Aug 22 2005 passwd
-r-------- 1 root other 31 Aug 22 2005 shadow
-r--r----- 1 root root 546 Aug 27 2005 sudoers
-rw-r--r-- 1 root other 152 Feb 21 2006 users
currently, I have a test site.pp like this
# site.pp
node basenode {
case $hostname {
puppet-test: {}
default: {}
}
}
node 'puppet-test' {
include dns
include sudo
}
class dns_users {
@user { "testuser":
ensure => "present",
uid => "102",
gid => "1",
comment => "test user",
home => "/home/testuser",
shell => "/bin/bash",
managehome => "true",
}
}
class dns {
include dns_users
realize(
User["testuser"]
)
}
class sudo {
file { sudoers: # a common title for all platforms
path => $operatingsystem ? {
solaris => "/opt/csw/etc/sudoers",
default => "/etc/sudoers"
},
owner => root,
group => root,
mode => 440,
source => "puppet:///sudo/sudoers"
}
}
Instead of creating 300 manifests and that many more users in the
class and/or @users I like to see if there is maybe a template can be
created.
So when the puppet client comes to puppetmaster, based on the fqdn of
the host it will be assigned as part of a group. Then based on the
assigned
group it will receive specific sudoers file and a list of users will
be created based on the values in passwd and shadow files.
Looking for recipe to achieve that.
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Teyo Tyree
Hi
I am looking for recipe or some hints to a recipe that can help me
achieve the following
I have about 300 servers of different functions. To make it easy I
decided to keep multiple group dirs based on the
function and have hosts,passwd,users,sudoers file located inside those
function dirs, like the following.
In this
example dns is the function of the hosts listed w/ fqdn in the hosts
file. The passwd and shadow are going to be
same as the /etc/passwd and /etc/shadow file for all these hosts, same
for sudeors. users is list of users. may have no purpose
right now.
(root)@puppetmaster:/path/to/groups# ls -lR dns/
dns/:
total 11
-rw------- 1 root other 1 Aug 23 2005 hosts
-r--r--r-- 1 root other 33 Aug 22 2005 passwd
-r-------- 1 root other 31 Aug 22 2005 shadow
-r--r----- 1 root root 546 Aug 27 2005 sudoers
-rw-r--r-- 1 root other 152 Feb 21 2006 users
currently, I have a test site.pp like this
# site.pp
node basenode {
case $hostname {
puppet-test: {}
default: {}
}
}
node 'puppet-test' {
include dns
include sudo
}
class dns_users {
@user { "testuser":
ensure => "present",
uid => "102",
gid => "1",
comment => "test user",
home => "/home/testuser",
shell => "/bin/bash",
managehome => "true",
}
}
gid => "1",
comment => "test user",
home => "/home/testuser",
shell => "/bin/bash",
gid => "1",
comment => "test user",
shell => "/bin/bash",
class dns {
include dns_users
realize(
User["testuser"]
)
}
class sudo {
file { sudoers: # a common title for all platforms
path => $operatingsystem ? {
solaris => "/opt/csw/etc/sudoers",
default => "/etc/sudoers"
},
owner => root,
group => root,
mode => 440,
source => "puppet:///sudo/sudoers"
}
}
Instead of creating 300 manifests and that many more users in the
class and/or @users I like to see if there is maybe a template can be
created.
So when the puppet client comes to puppetmaster, based on the fqdn of
the host it will be assigned as part of a group. Then based on the
assigned
group it will receive specific sudoers file and a list of users will
be created based on the values in passwd and shadow files.
Looking for recipe to achieve that.
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Asif Iqbal
I seem to be lost in your explanations. BTW, I do not need to use fqdn.
I realized, I started looking for a recipe that will be very
complicated for a beginner like me.
So I think I should start small and simple and it may grow to a
solution that will be really useful to others.
Lets start w/ real basic.
I have 300 hosts. I like a push a user to about 100 hosts (dns
resolver type hosts) out of 300 total.
How do I set that up within puppet ?
(sorry for the top post. I like to ignore the complex recipe, at least
for me, and may go back to it eventually but gradually)
David Schmitt
> So I think I should start small and simple and it may grow to a
> solution that will be really useful to others.
>
> Lets start w/ real basic.
>
> I have 300 hosts. I like a push a user to about 100 hosts (dns
> resolver type hosts) out of 300 total.
>
> How do I set that up within puppet ?
The very simplest stuff:
| node "dns1", ..., "dns100" {
| user { "foo": ... }
| }
That's of course very trivial. The next steps would be to put the user
into his own class/module where you can encapsulate the user and his
environment (ssh key, shell configuration, ...) and use an external
nodes classifier[1] to find your nodes instead of typing them all out.
You can read many more examples on the wiki [2] and [3]. Also look at
the references linked from the documentation main page[4].
Regards, DavidS
[1] http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
[2] http://reductivelabs.com/trac/puppet/wiki/PuppetModules
[3] http://reductivelabs.com/trac/puppet/wiki/Recipes
[4] http://reductivelabs.com/trac/puppet/wiki/DocumentationStart
Asif Iqbal
>
> Asif Iqbal wrote:
>> So I think I should start small and simple and it may grow to a
>> solution that will be really useful to others.
>>
>> Lets start w/ real basic.
>>
>> I have 300 hosts. I like a push a user to about 100 hosts (dns
>> resolver type hosts) out of 300 total.
>>
>> How do I set that up within puppet ?
>
> The very simplest stuff:
>
> | node "dns1", ..., "dns100" {
> | user { "foo": ... }
> | }
I like to use them
slowly. I will move to that direction gradually.
For now, the user account created perfectly. Here is the complete recipe
(root)@sys-ubuntu:/etc/puppet/manifests# cat site.pp
# site.pp
# the .pp extension is default and not needed to add
node "puppet-client1","puppet-client2",..."puppet-client10" {
ensure => "present",
uid => "102",
gid => "1",
comment => "test user",
managehome => "true",
}
}
all these hosts?
Without puppet I would ssh in to all the hosts and run `visudo' and
add the user in that User_Alias.
I looked at the puppet recipe where sudeors file is kept in puppet
server and is pushed to
the puppet clients. For this I need to edit the sudoers file and my
recipe depends on it.
I like it more dynamic. I want puppet client to run the visudo and
append the user in User_Alias.
This way even if my environment grows I don't have to manage multiple
sudoers file on puppet master.
I am going to be using puppet mainly to manage user accounts (password
and group files) and sudoers
file of various formats. Once I am comfortable with it, I will plan to
use it to install packages and
then down the road may be install patches as well. Most of my servers
are solaris.
>
> That's of course very trivial. The next steps would be to put the user
> into his own class/module where you can encapsulate the user and his
> environment (ssh key, shell configuration, ...) and use an external
> nodes classifier[1] to find your nodes instead of typing them all out.
>
> You can read many more examples on the wiki [2] and [3]. Also look at
> the references linked from the documentation main page[4].
>
>
>
> Regards, DavidS
>
>
>
> [1] http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
> [2] http://reductivelabs.com/trac/puppet/wiki/PuppetModules
> [3] http://reductivelabs.com/trac/puppet/wiki/Recipes
> [4] http://reductivelabs.com/trac/puppet/wiki/DocumentationStart
>
>
>
>
>
> >
>
David Schmitt
Since there is currently no native sudo type I know of, I'd recommend
using the concatenated_file and concatenated_file_part defines[1] from
my "common" module[2]. Using them you can build your sudoers file on the
nodes from a locally editable header and various parts from your manifests:
class sudo {
concatenated_file { "/etc/sudoers": }
}
class admin1 {
user { admin1: }
concatenated_file_part {
"admin1":
dir => "/etc/sudoers.d",
content => "..."
}
}
node ... {
include admin1
}
Regards, DavidS
[1]http://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/concatenated_file.pp;hb=HEAD
[2]http://git.black.co.at/?p=module-common
Asif Iqbal
could be `testuser' instead if I want
to be consistent with my initial recipe?
Also what would go in the content => .. so that I can append user
`testuser' to the following entry
User_Alias TESTUSERS = user1, user2
in the sudoers file
>
>
>
>
> Regards, DavidS
>
> [1]http://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/concatenated_file.pp;hb=HEAD
> [2]http://git.black.co.at/?p=module-common
>
> >
>
Asif Iqbal
>> So I think I should start small and simple and it may grow to a
>> solution that will be really useful to others.
>>
>> Lets start w/ real basic.
>>
>> I have 300 hosts. I like a push a user to about 100 hosts (dns
>> resolver type hosts) out of 300 total.
>>
>> How do I set that up within puppet ?
>
> The very simplest stuff:
>
> | node "dns1", ..., "dns100" {
> | user { "foo": ... }
> | }
working yet
node basenode {
$userlist = [ "user1", "user2", "user3", .. , "user50" ]
$passwd = [ "hashkey1", "hashkey2", .. , "hashkey50" ]
$fullname = [ "fname1 lname1", "fname2 lname2",... , "fname50 lname50" ]
$uids = [ "101", "102", ... , "150" ]
user { $userlist:
ensure => "present",
uid => $uids,
gid => "1",
comment => $fullname,
home => "/export/home/$userlist",
password => $passwd,
managehome => "true",
}
}
....
node "node100" inherits basenode {}
>
> That's of course very trivial. The next steps would be to put the user
> into his own class/module where you can encapsulate the user and his
> environment (ssh key, shell configuration, ...) and use an external
> nodes classifier[1] to find your nodes instead of typing them all out.
>
> You can read many more examples on the wiki [2] and [3]. Also look at
> the references linked from the documentation main page[4].
>
>
>
> Regards, DavidS
>
>
>
> [1] http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
> [2] http://reductivelabs.com/trac/puppet/wiki/PuppetModules
> [3] http://reductivelabs.com/trac/puppet/wiki/Recipes
> [4] http://reductivelabs.com/trac/puppet/wiki/DocumentationStart
>
>
>
>
>
> >
>
David Schmitt
That's not how it is intended to work. You'll need to create a define to
handle such "parallel" arrays:
define custom_user($passwd, $fullname) {
user { "user${name}":
ensure => present,
uid => 100 + $name,
gid => 1,
comment => $fullname,
home => "/export/home/${name}",
password => $passwd,
shell => "/bin/bash",
managehome => true,
}
}
custom_user {
"1":
passwd => "hashkey1",
fullname => "fname1 lname1";
"2":
passwd => ...
}
See
http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#definitions
for details on definitions.
Regards, DavidS
Asif Iqbal
Here is my updated recipe
#site.pp
class newuser {
define newu ( $uid , gid = 1, $fullname ) {
exec { "/usr/sbin/useradd -m -d /home/$name -c $fullname -u $uid -g
$gid -s /bin/bash $name": }
}
define newid ( $uid , gid = 1, $passwd, $fullname ) {
user { $name:
ensure => present,
uid => "$uid",
gid => "$gid",
comment => "$fullname",
home => "/export/home/$name",
password => "$passwd",
shell => "/bin/bash",
managehome => "true",
}
}
define addgrp ( $groups ) {
exec { "/usr/sbin/usermod -G $groups $name": }
}
}
newuser::newu {
"testuser":
uid => "102",
gid => "1",
fullname => "test user",
}
newuser::newid {
"testu2":
uid => "103",
gid => "10",
passwd => "XyZ123ZyX12",
fullname => "test2 user2",
}
newuser::addgrp {
"testu2":
groups => ["sysadmin", "developer"]
}
node basenode {
include newuser
}
node default inherits basenode {}
It worked somewhat. The group names "sysadmin" and "developer" became
one group "sysadmindeveloper"
I was trying to use the groups array to call the addgrp definition
multiple times.
Also it failed to create user `testuser' using Newuser::Newu
deatils here
debug: Loaded state in 0.00 seconds
debug: //Newuser::Newid[testu2]/User[testu2]: Changing ensure
debug: //Newuser::Newid[testu2]/User[testu2]: 1 change(s)
debug: User[testu2](provider=user_role_add): Executing
'/usr/sbin/useradd -u 103 -s /bin/bash -g 10 -c test2 user2 -d
/export/home/testu2 -m testu2'
notice: //Newuser::Newid[testu2]/User[testu2]/ensure: created
debug: //Newuser::Addgrp[testu2]/Exec[/usr/sbin/usermod -G
sysadmindeveloper testu2]: Changing returns
debug: //Newuser::Addgrp[testu2]/Exec[/usr/sbin/usermod -G
sysadmindeveloper testu2]: 1 change(s)
debug: //Newuser::Addgrp[testu2]/Exec[/usr/sbin/usermod -G
sysadmindeveloper testu2]: Executing '/usr/sbin/usermod -G
sysadmindeveloper testu2'
debug: Executing '/usr/sbin/usermod -G sysadmindeveloper testu2'
err: //Newuser::Addgrp[testu2]/Exec[/usr/sbin/usermod -G
sysadmindeveloper testu2]/returns: change from notrun to 0 failed:
/usr/sbin/usermod -G sysadmindeveloper testu2 returned 3 instead of 0
at /etc/puppet/manifests/site.pp:22
debug: //Newuser::Newu[testuser]/Exec[/usr/sbin/useradd -m -d
/home/testuser -c test user -u 102 -g 1 -s /bin/bash testuser]:
Changing returns
debug: //Newuser::Newu[testuser]/Exec[/usr/sbin/useradd -m -d
/home/testuser -c test user -u 102 -g 1 -s /bin/bash testuser]: 1
change(s)
debug: //Newuser::Newu[testuser]/Exec[/usr/sbin/useradd -m -d
/home/testuser -c test user -u 102 -g 1 -s /bin/bash testuser]:
Executing '/usr/sbin/useradd -m -d /home/testuser -c test user -u 102
-g 1 -s /bin/bash testuser'
debug: Executing '/usr/sbin/useradd -m -d /home/testuser -c test user
-u 102 -g 1 -s /bin/bash testuser'
err: //Newuser::Newu[testuser]/Exec[/usr/sbin/useradd -m -d
/home/testuser -c test user -u 102 -g 1 -s /bin/bash
testuser]/returns: change from notrun to 0 failed: /usr/sbin/useradd
-m -d /home/testuser -c test user -u 102 -g 1 -s /bin/bash testuser
returned 2 instead of 0 at /etc/puppet/manifests/site.pp:5
debug: Finishing transaction 74491050 with 3 changes
debug: Storing state
debug: Stored state in 0.02 seconds
notice: Finished catalog run in 0.41 seconds
>
> See
> http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#definitions
> for details on definitions.
>
>
> Regards, DavidS
Asif Iqbal
Fixed it
define addgrp ( $uname ) {
exec { "/usr/sbin/groupadd $title": }
exec { "/usr/sbin/usermod -G $title $uname": }
}
groups = [ "sysadmin", "developr"]
newuser::addgrp { $groups: uname => "testu2" }
Now I need to explore the external node script to push multiple users.
I have the list of users available in a flat file.
Then I need to find a way to send the same list of users to multiple
hosts
Larry Ludwig
Why are you using exec type for user and group, when these types
already exist? I didn't read the complete thread so I donno if this
was discussed. The exec type should always be used as the last resort.
-L
--
Larry Ludwig
Reductive Labs
Asif Iqbal
>
>
> Why are you using exec type for user and group, when these types
> already exist? I didn't read the complete thread so I donno if this
So I guess I could modify the newuser::newid like following
class newuser {
.......
user { $name:
ensure => present,
uid => "$uid",
gid => "$gid",
home => "/export/home/$name",
password => "$passwd",
shell => "/bin/bash",
managehome => "true",
}
}
> was discussed. The exec type should always be used as the last resort.
being very confused about how
puppet works to now when I have some idea, heh
Now I am studying to see how to create say 50 users on say 100 hosts
using external node.
>
> -L
>
> --
> Larry Ludwig
> Reductive Labs
>
>
> >
>