I just made a task for myself to do this.
Sometime this week... :/
On Mon, Oct 20, 2008 at 10:46 AM, Brian Mathis <[EMAIL PROTECTED]>wrote:
>
> It's not immediately clear what the "membership" parameter does, based
> on the description in the wiki. Once you already know what it does,
> the description makes sense, but if you don't already know, it's
> obtuse. This is something that tripped me up too.
>
> I know it's a wiki, but maybe someone with more experience can update
> the descriptions of membership and groups, giving a better
> understanding of this issue.
>
>
> On Mon, Oct 20, 2008 at 12:26 PM, Paul Lathrop <[EMAIL PROTECTED]>
> wrote:
> >
> > Brad,
> >
> > Comments inline:
> >
> > On Sun, Oct 19, 2008 at 11:48 PM, schickb <[EMAIL PROTECTED]> wrote:
> >> A few more things I noticed about puppets users and groups:
> >>
> >> * No way to specify "system" users or groups (other than hard-coded
> >> ids)
> >
> > If you are managing users/groups with Puppet you probably *want*
> > hard-coded IDs. You should specify every part of the configs you care
> > about; clearly you care that system users get IDs in a certain range,
> > therefore you should specify the IDs.
> >
> >> * Removing a group from the groups parameter of a user does not remove
> >> the user from that group (adding groups work)
> >
> > Yes it does, if you follow the docs. Clearly you are *aware* of the
> > "membership" parameter, you use it in the defines you posted in
> > another message. If you read the documentation for it, you will see
> > that this parameter tells Puppet whether you want the membership list
> > to be "user should be a member of *at least* these groups" or "these
> > are *all* the groups user should be a member of". It works great :-)
> >
> > --Paul
> >
> >> -Brad
> >>
> >>
> >> On Oct 19, 3:57 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> >>> adduser is a nice interactive script, but it is using useradd, etc,
> >>> underneath the covers.
> >>>
> >>> I believe --disable-password is just going to create a user without a
> >>> password which is the default behavior if no password is specified with
> >>> useradd. There is no --disable-password for useradd.
> >>>
> >>> There are probably subtleties between systems that I'm not aware of,
> but I
> >>> don't think you have a problem. (Someone please correct me if I'm
> wrong. I'm
> >>> not a battle hardened sysadmin by any stretch of the imagination)
> >>>
> >>> Just curious, did you try to make users with puppet?
> >>>
> >>> On Sun, Oct 19, 2008 at 3:47 PM, schickb <[EMAIL PROTECTED]> wrote:
> >>>
> >>> > Thanks for the tips. The main problem for me was lack of information
> >>> > in the puppet docs about password for newly created users on Linux
> >>> > systems (useradd etc). I saw no way to do --disabled-password for
> >>> > example, and it wasn't clear to me what the state of the password
> >>> > would be if I didn't provide it explicitly.
> >>>
> >>> > -Brad
> >>>
> >>> > On Oct 19, 12:15 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> >>> > > You are running into a common misconception of people new to
> Puppet. A
> >>> > > define is not some sort of function. You don't "run" defines.
> Puppet
> >>> > > is a declarative language, you are trying to use it like an
> imperative
> >>> > > language, and you will be fighting the tool the whole way.
> >>>
> >>> > > What features do you want that the predefined types don't support?
> >>> > > Maybe we can help you to understand the Puppet Way to do what you
> want
> >>> > > to do. In this example you included, I don't see you getting any
> >>> > > features that are unsupported by Puppet users/groups.
> >>>
> >>> > > --Paul
> >>>
> >>> > > On Sun, Oct 19, 2008 at 12:33 AM, schickb <[EMAIL PROTECTED]>
> wrote:
> >>>
> >>> > > > I am working on defining users and groups manually. I know there
> are
> >>> > > > basic predefined types, but they don't support all of the
> features
> >>> > > > I'll want, and I am learning in the process. I'm a bit stumped
> when
> >>> > > > trying to add a user to multiple groups that are defined in an
> array.
> >>> > > > Currently I have code similar to that below, but its wrong since
> I am
> >>> > > > not handling the $groups array correctly. How can I run
> add_to_group
> >>> > > > once for each group?
> >>>
> >>> > > > define make_group($desc = "") {
> >>> > > > exec { "addgroup --gecos \"$desc\" \"$title\"":
> >>> > > > unless => "grep $title /etc/group",
> >>> > > > path => "/usr/bin:/usr/sbin:/bin",
> >>> > > > }
> >>> > > > }
> >>>
> >>> > > > define add_to_group($group) {
> >>> > > > exec { "adduser $title $group":
> >>> > > > unless => "groups $title | grep $group",
> >>> > > > path => "/usr/bin:/usr/sbin:/bin",
> >>> > > > }
> >>> > > > }
> >>>
> >>> > > > define make_user($fullname, $groups="") {
> >>> > > > exec { "adduser-$title":
> >>> > > > command => "adduser --disabled-password --gecos
> \"$fullname\"
> >>> > > > \"$title\"",
> >>> > > > creates => "/home/$title",
> >>> > > > path => "/usr/bin:/usr/sbin:/bin",
> >>> > > > }
> >>>
> >>> > > > if $groups {
> >>> > > > add_to_group { $title:
> >>> > > > group => $groups,
> >>> > > > require => [Class["all_groups"],
> Exec["adduser-$title"]],
> >>> > > > }
> >>> > > > }
> >>> > > > }
> >>>
> >>> > > > class all_groups {
> >>> > > > make_group { "sudoers":
> >>> > > > desc => "users allowed to sudo",
> >>> > > > }
> >>> > > > make_group { "admins":}
> >>> > > > make_group { "another":}
> >>> > > > }
> >>>
> >>> > > > class all_users {
> >>> > > > make_user { "example":
> >>> > > > fullname => "Full Name",
> >>> > > > groups => ["sudoers", "another"],
> >>> > > > }
> >>> > > > }
> >> >
> >>
> >
> > >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
