On Friday, March 28, 2014 3:48:47 PM UTC-4, jcbollinger wrote: > Puppet DSL provides no mechanism, however, for selecting resources via a > search expression without realizing all virtual resources among those > selected. >
This is really awkward for what I see as a "natural" operation. Am I doing something wrong in my setup? And also... this is funny, but I discovered a change including this syntax had already been rolled out into production, so I thought I would find all the virtual user accounts created. In fact I did not. Could it be that there are additional conditions that control whether the accounts are realized Perhaps, however, you could do something clever at the point where you > declare the users in the first place. If class our_users has some kind of > visibility of whether the target node is (supposed to be) a web server, > then it could initially declare users with the correct groups, so that you > don't have to perform any fixup later. "Some kind of visibility" could be > achieved via hiera or with the help of the roles & profiles pattern; there > are probably other alternatives as well. > We already use roles/profiles pattern, but without Hiera. So we have our_users module which only declares virtual users, then our_users::some_group subclasses that realize them. We use site.pp (split per data center) to define what classes apply to a given node. Most of our nodes are identical, so we have "wildcard" regex node definitions. Nodes with specialized roles have a dedicated node stanza. Not all user accts are everywhere: some have special security req's and can only allow a very restricted set of sysadmins. It is in this kind of pattern that I'd like to say, in a "profile" module (our_webservers) that all users in wheel also have to be in 'apache'. cheers, m -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ac5bd6ba-963d-4b86-a2d5-3e3f71e3bc70%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
