On Dec 7, 4:13 pm, jokeeffe <jete.okee...@gmail.com> wrote:
> It probably doesn't need to be virtual but I thought I read in the > documentation that it was better to do so. The best practices documentation has at times recommended declaring users virtually. I don't know whether it still does now, but even when it did, it was not recommending the model you showed. Virtual resources help you out mainly when you want to define a resource that multiple independent classes may need. Each resource (virtual or not) can be *declared* only once, but virtual resources can be *realized* as many times as desired (including zero). For users, the recommended model involved creating a class containing virtual User declarations for all users that Puppet need ever manage. Any class that needed any user management must then include the class of virtual users, and realize those users it cares about. The main advantage here is centralized user management. > Basically, at my organization, admins come and go. I was hoping to use > puppet to get rid of all logins of admins that no longer work for the > company. So, I was hoping I could just use a simple array to add users > as time goes by to ensure those user no longer have an account. Puppet can definitely do this job for you. I'm not certain whether the array syntax gains you anything, though, even if it can be made to work. Here are some alternatives: 1) If the objective is to minimize the amount of Puppet code required for this specific task, then I think you could do something like this: # include this class on all nodes for which the specified users need to be absent: class remove_nonusers { # defaults for user resources declared within the scope of this class User { ensure => absent } # the users that need to be absent; not much more verbose than an array declaration user { "bill": ; "billy": ; "bob": ; } } 2) If you are willing to use Puppet to manage all non-system accounts on your machines, then you can rely on user purging by putting this in an appropriate scope: resources { "user": purge => true, unless_system_user => true } In that case, Puppet removes any users not known to it and not considered system accounts (UID < 500 by default). Using this approach requires that you tell Puppet which ordinary user accounts you want to be present, so overall it may require more code than option 1. On the other hand, user management is one of the more common tasks that admins want Puppet to handle, so you may already be planning or doing this. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.