Reusable function/class code

[Matt Shields]

I need to do the same process over and over again for numerous users.  What would be the easy way to create a class or function to wrap the following code so that each time I need to do the following it's a single line of code.  Currently what' I've been doing is copying the 35 lines of code and duplicating it for hundreds of users.

$username_john = hiera ( 'ftp_username_john' )

$password_john = hiera ( 'ftp_password_john' )

user { "${username_john}":

  ensure      => present,

  password    => "${password_john}",

  managehome  => false,

  home        => '/incoming',

  groups      => 'sftpusers',

  shell       => '/sbin/nologin',

}

file { "/sftp/${username_john}":

  ensure  => directory,

  owner   => 'root',

  group   => 'root',

  mode    => '0755',

  require => File['/sftp'],

}

file { "/sftp/${username_john}/incoming":

  ensure  => directory,

  owner   => $username_john,

  group   => 'sftpusers',

  mode    => '0755',

  require => File["/sftp/${username_john}"],

}

file { "/sftp/${username_john}/outgoing":

  ensure  => directory,

  owner   => $username_john,

  group   => 'sftpusers',

  mode    => '0755',

  require => File["/sftp/${username_john}"],

}

Matt

[Christopher Wood]

For puppet 3 you would probably use a defined type and the create_resources function.

https://docs.puppetlabs.com/puppet/latest/reference/lang_defined_types.html

http://docs.puppetlabs.com/references/latest/function.html#createresources

For puppet 4 you can loop over a set of puppet code to create resources. I think you would still benefit from the defined type for the encapsulation.

https://docs.puppetlabs.com/puppet/latest/reference/lang_iteration.html

You should probably also have a parameter for the ensure=>present stuff, so that users departing do not have stale entries in /etc/passwd loitering forever.

If you're doing this for hundreds of users, have you considered generalizing your user authentication even more? Something like FreeIPA seems like it would help.

https://www.freeipa.org/page/Main_Page

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [1]puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [2]https://groups.google.com/d/msgid/puppet-users/CAOTD2YS8tqLoruzLB_ty3YS%3DUkgyVspQBm5mG-v%3DA71PQJKg-A%40mail.gmail.com.
> For more options, visit [3]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. mailto:puppet-users...@googlegroups.com
> 2. https://groups.google.com/d/msgid/puppet-users/CAOTD2YS8tqLoruzLB_ty3YS%3DUkgyVspQBm5mG-v%3DA71PQJKg-A%40mail.gmail.com?utm_medium=email&utm_source=footer
> 3. https://groups.google.com/d/optout

[jcbollinger]

On Thursday, October 15, 2015 at 11:53:49 AM UTC-5, Matt Shields wrote:

I need to do the same process over and over again for numerous users.  What would be the easy way to create a class or function to wrap the following code so that each time I need to do the following it's a single line of code.  Currently what' I've been doing is copying the 35 lines of code and duplicating it for hundreds of users.

To simply make that collection of declarations be reusable, the best fit for that would be a defined type, something like:

define site::sftpuser () {

  $username = hiera ( "ftp_username_${title}" )
  $password = hiera ( "ftp_password_${title}"' )

  user { ${username}:
    ensure      => present,
    password    => ${password},

    managehome  => false,
    home        => '

/incoming',
    groups      => 'sftpusers',
    shell       => '/sbin/nologin',
  }

  file {
    "/sftp/${username}":

      ensure  => directory,
      owner   => '

root',
      group   => 'root',
      mode    => '0755';    "/sftp/${username}/incoming":
      ensure  => 'directory',
      owner   => $username,
      group   => 'sftpusers',
      mode    => '0755';
    "/sftp/${username}/outgoing":
      ensure  => directory,
      owner   => $username,
      group   => 'sftpusers',
      mode    => '0755';
  }
}

You would put that in modules/site/manifests/sftpuser.pp (same rule is for placement of the manifest for a class).  You would use it just like a native resource type:

site::sftpuser { 'john': }

I didn't see a clear case for giving that type any parameters (other than the metaparameters it gets automatically, like every other resource type), but it is possible to do that, too.

It also looks like there may be opportunities for Hiera data structure that would make using that more convenient -- for instance, combining the per-user data into hashes instead of assigning each item a separate key, and maybe even merging all of those under a single top-level key.  One way or another, there should also be an opportunity to use Hiera to specify which of those users need to be declared on each machine, though perhaps that's already covered.


John