User management

42 views
Skip to first unread message

Johan Sunnerstig

unread,
Nov 25, 2010, 1:54:50 AM11/25/10
to puppet...@googlegroups.com
Hi people.
After some reading, I think I have some sort of coherent thought about how to handle users and groups, being a first time Puppet user though I figured I'd ask for some criticism before I go ahead.

I'll use the /modules/user module as per the BP-doc, and store all the users and groups in one file/class.
Then I'll have two(for now at least) classes in separate files, basically these will be admins and non-admins, and node classes will then inherit these as needed(I expect most nodes will only need the admins and possibly some application accounts).
Somethingl like so(no I'm not trying to write real puppet code, just a brief description, so I know this won't work as is ;-) :

virtual.pp
class user::virtual
# Groups first for the sake of order
@group admin...
@group notadmin...
...

# Users now
@user {"user1": gid => "admin" ...}
@user {"user2": gid => "notadmin" ...}
...


admins.pp
class user::admins inherits user::virtual
realize ( Group["admin"], User["user1"] )


nonadmins.pp
class user::notadmins inherits user::virtual
realize ( Group["notadmin", User["user2"] )

And the base node class will include the user::admin class, and so forth.
As for application accounts and such, I figured I'd stick these in classes of their own in one manifest(say appusers.pp or some such).

Basically what I'm asking, does this seem sane to more experienced people, or am I setting myself up for pain?

Regards
Johan

jcbollinger

unread,
Nov 29, 2010, 12:48:52 PM11/29/10
to Puppet Users

> Basically what I'm asking, does this seem sane to more experienced people, or am I setting myself up for pain?

I do it pretty much like that, and it works for me. A couple things,
though:

1) unless you intend for your user::admins and user::notadmins classes
to override properties of your virtual users, they should "include"
the user::virtual class instead of inheriting from it (the BP example
notwithstanding)

2) your virtual User declarations should each "require" the
appropriate Group to ensure that it is present before any of its users
are managed. (The relative order in which you declare or realize them
cannot ensure this.) The groups being declared virtually does not
pose a problem for that.


Cheers,

John

siva kumar

unread,
Oct 23, 2012, 8:29:17 AM10/23/12
to puppet...@googlegroups.com
Dear Sunner,
 
Good Morning !
 
I am shiva . Right now i m working with Puppet User Management Module. And i saw your post the same kind of module i looking for. Its very usefull if you share you user module to me, Thanks
 
Thanks & Regards,
 
Shiva...
Reply all
Reply to author
Forward
0 new messages