On Thursday, May 22, 2014 2:44:06 AM UTC-5, Danny Roberts wrote:
>
> That's been a great help.
>
> I have been able to use the config you presented to create user's defined
> in Hiera. I am just trying to expand upon that.
>
> Currently I do a:
>
> ---
> users:
> jane.doe
>
>
> The value 'jane.doe' is obviously passed to the $title variable. Is it
> possible to pass a second variable into the same loop in order to set
> something else unique to each user?
>
>
Although Puppet may implement it via a loop, you should think of it more
like SIMD parallelism, where the multiple data (MD) part is only the
resource title. It is a shorthand for declaring multiple resources, all
with the same parameters, combined with the normal features of any defined
type.
Even though each defined type instance gets the same parameter values, they
can nevertheless be further customized per-instance by making them draw on
data keyed to their titles. There are many ways to do that, but here's one
I tend to like: rather than $company::sshkeys::users being an array of user
names, make it a hash with usernames as keys and property hashes as
values. Then modify my approach above like so:
class company::sshkeys ( $users ) {
# $users is expected to be a hash, with its keys the usernames
$usernames = keys($users)
company::user { $usernames: }
}
define company::user ($ensure = 'present') {
# The values of $company::sshkeys::users are expected
# to be hashes of (property name, property value) pairs
# associated with the named user.
$mydata = $company::sshkeys::users[$title]
$mygroup = $mydata['group']
$mykey = $mydata['sshkey']
user { $title:
ensure => $ensure,
gid => $mygroup,
home => "/home/${title}",
managehome => true,
shell => "/bin/bash",
require => Group["company"]
}
#...
}
The keys() function comes from PuppetLabs's 'stdlib' add-in module.
> Additionally can this be adapted to remove users from certain servers via
> Hiera at all? You mention 'Resources meta-resource' but I cannot see the
> connection if any.
>
There are at least two ways to make that approach remove unwanted users.
One would involve moving the 'ensure' parameter into your per-user data, so
that you could specify certain users 'absent'. That has the drawback that
you must enumerate all the users you want to ensure absent. What I was
talking about was making a declaration such as this:
resources { 'user':
purge => true,
unless_system_user => true
}
That will purge users that are not otherwise managed by Puppet from the
target system, except those that are considered 'system users' as judged by
the numeric value of their UIDs. The docs for the Resources resource
type<http://docs.puppetlabs.com/references/3.4.stable/type.html#resources>explain
in somewhat more detail. That has the potential drawback that all
user accounts you want to keep must be either Puppet-managed or 'system'
users. Also, it probably won't work well on systems configured for LDAP or
NIS users, or similar, where users are centrally-managed.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2bbf88cf-c383-4c31-8e7a-2f7bbc17c172%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
