It's not immediately clear what the "membership" parameter does, based
on the description in the wiki. Once you already know what it does,
the description makes sense, but if you don't already know, it's
obtuse. This is something that tripped me up too.
I know it's a wiki, but maybe someone with more experience can update
the descriptions of membership and groups, giving a better
understanding of this issue.
On Mon, Oct 20, 2008 at 12:26 PM, Paul Lathrop <[EMAIL PROTECTED]> wrote:
>
> Brad,
>
> Comments inline:
>
> On Sun, Oct 19, 2008 at 11:48 PM, schickb <[EMAIL PROTECTED]> wrote:
>> A few more things I noticed about puppets users and groups:
>>
>> * No way to specify "system" users or groups (other than hard-coded
>> ids)
>
> If you are managing users/groups with Puppet you probably *want*
> hard-coded IDs. You should specify every part of the configs you care
> about; clearly you care that system users get IDs in a certain range,
> therefore you should specify the IDs.
>
>> * Removing a group from the groups parameter of a user does not remove
>> the user from that group (adding groups work)
>
> Yes it does, if you follow the docs. Clearly you are *aware* of the
> "membership" parameter, you use it in the defines you posted in
> another message. If you read the documentation for it, you will see
> that this parameter tells Puppet whether you want the membership list
> to be "user should be a member of *at least* these groups" or "these
> are *all* the groups user should be a member of". It works great :-)
>
> --Paul
>
>> -Brad
>>
>>
>> On Oct 19, 3:57 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
>>> adduser is a nice interactive script, but it is using useradd, etc,
>>> underneath the covers.
>>>
>>> I believe --disable-password is just going to create a user without a
>>> password which is the default behavior if no password is specified with
>>> useradd. There is no --disable-password for useradd.
>>>
>>> There are probably subtleties between systems that I'm not aware of, but I
>>> don't think you have a problem. (Someone please correct me if I'm wrong. I'm
>>> not a battle hardened sysadmin by any stretch of the imagination)
>>>
>>> Just curious, did you try to make users with puppet?
>>>
>>> On Sun, Oct 19, 2008 at 3:47 PM, schickb <[EMAIL PROTECTED]> wrote:
>>>
>>> > Thanks for the tips. The main problem for me was lack of information
>>> > in the puppet docs about password for newly created users on Linux
>>> > systems (useradd etc). I saw no way to do --disabled-password for
>>> > example, and it wasn't clear to me what the state of the password
>>> > would be if I didn't provide it explicitly.
>>>
>>> > -Brad
>>>
>>> > On Oct 19, 12:15 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
>>> > > You are running into a common misconception of people new to Puppet. A
>>> > > define is not some sort of function. You don't "run" defines. Puppet
>>> > > is a declarative language, you are trying to use it like an imperative
>>> > > language, and you will be fighting the tool the whole way.
>>>
>>> > > What features do you want that the predefined types don't support?
>>> > > Maybe we can help you to understand the Puppet Way to do what you want
>>> > > to do. In this example you included, I don't see you getting any
>>> > > features that are unsupported by Puppet users/groups.
>>>
>>> > > --Paul
>>>
>>> > > On Sun, Oct 19, 2008 at 12:33 AM, schickb <[EMAIL PROTECTED]> wrote:
>>>
>>> > > > I am working on defining users and groups manually. I know there are
>>> > > > basic predefined types, but they don't support all of the features
>>> > > > I'll want, and I am learning in the process. I'm a bit stumped when
>>> > > > trying to add a user to multiple groups that are defined in an array.
>>> > > > Currently I have code similar to that below, but its wrong since I am
>>> > > > not handling the $groups array correctly. How can I run add_to_group
>>> > > > once for each group?
>>>
>>> > > > define make_group($desc = "") {
>>> > > > exec { "addgroup --gecos \"$desc\" \"$title\"":
>>> > > > unless => "grep $title /etc/group",
>>> > > > path => "/usr/bin:/usr/sbin:/bin",
>>> > > > }
>>> > > > }
>>>
>>> > > > define add_to_group($group) {
>>> > > > exec { "adduser $title $group":
>>> > > > unless => "groups $title | grep $group",
>>> > > > path => "/usr/bin:/usr/sbin:/bin",
>>> > > > }
>>> > > > }
>>>
>>> > > > define make_user($fullname, $groups="") {
>>> > > > exec { "adduser-$title":
>>> > > > command => "adduser --disabled-password --gecos \"$fullname\"
>>> > > > \"$title\"",
>>> > > > creates => "/home/$title",
>>> > > > path => "/usr/bin:/usr/sbin:/bin",
>>> > > > }
>>>
>>> > > > if $groups {
>>> > > > add_to_group { $title:
>>> > > > group => $groups,
>>> > > > require => [Class["all_groups"], Exec["adduser-$title"]],
>>> > > > }
>>> > > > }
>>> > > > }
>>>
>>> > > > class all_groups {
>>> > > > make_group { "sudoers":
>>> > > > desc => "users allowed to sudo",
>>> > > > }
>>> > > > make_group { "admins":}
>>> > > > make_group { "another":}
>>> > > > }
>>>
>>> > > > class all_users {
>>> > > > make_user { "example":
>>> > > > fullname => "Full Name",
>>> > > > groups => ["sudoers", "another"],
>>> > > > }
>>> > > > }
>> >
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
