Use virtual users. Instead of declaring your users as 'real', add a @ in front of them. Now they are virtual so they aren't automatically created by Puppet, you need to explicitly realise them, for example based on a tag or group they're a member in.
You can do it along the lines of: Users <| tag == 'dev' }> on a development machine and Users <||> if you want them all. See: http://docs.puppetlabs.com/puppet/latest/reference/lang_virtual.html http://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html http://docs.puppetlabs.com/guides/virtual_resources.html http://blog.scottlowe.org/2012/11/25/using-puppet-for-account-management/ On Thursday, 13 March 2014 22:52:39 UTC+1, Philippe Conway wrote: > > So at my organization, we have different departments that should only have > access to certain servers. > > For example: > > Dev Team: Dev Servers > Tech Support: Production Server > Admins: All servers > > How Puppet manages our users now, is once you add the user to the user > manifest, it adds them too *all *the servers. > > I've tried adding an if/else statement as sort of mentioned here: > > https://groups.google.com/forum/#!topic/puppet-users/EA1LKmaFFJ4 > > But I learned that wasn't best practice. > > I've also tried putting users in different classes such as: > > users::dev > users::ts > users::admins > > However that gets a little redundant...Is there another way to do this > through Puppet? Or am I better off using something like Active Directory to > authenticate and manage groups? > > Any advice is much appreciated. Thanks! > > - Philippe > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1d17af54-978b-445f-a97e-a24530608c7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.