Adding existing users to groups

3,474 views
Skip to first unread message

Peter Gillard-Moss

unread,
Mar 23, 2011, 2:13:18 PM3/23/11
to puppet...@googlegroups.com
Hi,

I have an interesting problem with groups and users.

Our puppet configuration is nice and modular so each application we wish to install has its own class.  For some applications we want to add existing users, created in another class to a new group.  Here's an example:

class App1 {
  package { "App1" ... }
  user { "app1user" : ... }
}

class App2 {
  package { "app2"
    requires => Package["app1"] 
  }
  group { "app2users" :
    ensure => present
  }
  user { name => "app1user"
    groups => "app2users"
  }
}

However puppet seems to balk doing this (even the first app) with:
  "Cannot alias User[app1inapp3] to app1user; resource User[app1user] already exist"

Just to add some extra complexity we also need to have two apps that extend the first one, like so:

class App3 {
  package { "app3"
    requires => Package["app1"] 
  }
  group { "app3users" :
    ensure => present
  }
  user { "app1inapp3" name => "app1user"
    groups => "app3users"
  }
}

To get around this we have dumped everything in the app1user definition but this isn't very modular as machines that have no App2 or App3 end up with their user groups everywhere.

Is there an alternative approach that I'm missing?

Felix Frank

unread,
Mar 24, 2011, 6:43:11 AM3/24/11
to puppet...@googlegroups.com
Hi,

On 03/23/2011 07:13 PM, Peter Gillard-Moss wrote:
> Hi,
>
> I have an interesting problem with groups and users.
>
> Our puppet configuration is nice and modular so each application we wish
> to install has its own class. For some applications we want to add
> existing users, created in another class to a new group. Here's an example:
>
> class App1 {
> package { "App1" ... }
> user { "app1user" : ... }
> }
>
> class App2 {
> package { "app2"
> requires => Package["app1"]
> }
> group { "app2users" :
> ensure => present
> }
> user { name => "app1user"
> groups => "app2users"
> }
> }

In class App2, do
User<| title == app1user |> { groups => [ "app2users" ] }

Plusignment may work even better for you
User<| title == app1user |> { groups +> [ "app2users" ] }

> However puppet seems to balk doing this (even the first app) with:
> "Cannot alias User[app1inapp3] to app1user; resource User[app1user]
> already exist"
>
> Just to add some extra complexity we also need to have two apps that
> extend the first one, like so:
>
> class App3 {
> package { "app3"
> requires => Package["app1"]
> }
> group { "app3users" :
> ensure => present
> }
> user { "app1inapp3" name => "app1user"
> groups => "app3users"
> }
> }

It's not at all clear to me what this is supposed to do. Perhaps you want to
class App3 {
include App1::with_app3_support
}

and

class App3::with_app3_support inherits App3 {
User["app1user"] { groups +> [ "app3users" ] }
}

BTW, does this manifest even work? I believe uppercasing class names
breaks puppet. (But you're probably just over-paraphrasing?)

HTH,
Felix

Felix Frank

unread,
Mar 24, 2011, 6:48:52 AM3/24/11
to puppet...@googlegroups.com
> It's not at all clear to me what this is supposed to do. Perhaps you want to
> class App3 {
> include App1::with_app3_support
> }
>
> and
>
> class App3::with_app3_support inherits App3 {
> User["app1user"] { groups +> [ "app3users" ] }
> }

Grr. That's what you get for over-paraphrasing ;-p

Of course, that should be App1::with_app3_support inherits App1. Silly me.

Regards,
Felix

Reply all
Reply to author
Forward
0 new messages