On Thursday, May 22, 2014 2:44:06 AM UTC-5, Danny Roberts wrote: > > That's been a great help. > > I have been able to use the config you presented to create user's defined > in Hiera. I am just trying to expand upon that. > > Currently I do a: > > --- > users: > jane.doe > > > The value 'jane.doe' is obviously passed to the $title variable. Is it > possible to pass a second variable into the same loop in order to set > something else unique to each user? > >
Although Puppet may implement it via a loop, you should think of it more like SIMD parallelism, where the multiple data (MD) part is only the resource title. It is a shorthand for declaring multiple resources, all with the same parameters, combined with the normal features of any defined type. Even though each defined type instance gets the same parameter values, they can nevertheless be further customized per-instance by making them draw on data keyed to their titles. There are many ways to do that, but here's one I tend to like: rather than $company::sshkeys::users being an array of user names, make it a hash with usernames as keys and property hashes as values. Then modify my approach above like so: class company::sshkeys ( $users ) { # $users is expected to be a hash, with its keys the usernames $usernames = keys($users) company::user { $usernames: } } define company::user ($ensure = 'present') { # The values of $company::sshkeys::users are expected # to be hashes of (property name, property value) pairs # associated with the named user. $mydata = $company::sshkeys::users[$title] $mygroup = $mydata['group'] $mykey = $mydata['sshkey'] user { $title: ensure => $ensure, gid => $mygroup, home => "/home/${title}", managehome => true, shell => "/bin/bash", require => Group["company"] } #... } The keys() function comes from PuppetLabs's 'stdlib' add-in module. > Additionally can this be adapted to remove users from certain servers via > Hiera at all? You mention 'Resources meta-resource' but I cannot see the > connection if any. > There are at least two ways to make that approach remove unwanted users. One would involve moving the 'ensure' parameter into your per-user data, so that you could specify certain users 'absent'. That has the drawback that you must enumerate all the users you want to ensure absent. What I was talking about was making a declaration such as this: resources { 'user': purge => true, unless_system_user => true } That will purge users that are not otherwise managed by Puppet from the target system, except those that are considered 'system users' as judged by the numeric value of their UIDs. The docs for the Resources resource type<http://docs.puppetlabs.com/references/3.4.stable/type.html#resources>explain in somewhat more detail. That has the potential drawback that all user accounts you want to keep must be either Puppet-managed or 'system' users. Also, it probably won't work well on systems configured for LDAP or NIS users, or similar, where users are centrally-managed. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2bbf88cf-c383-4c31-8e7a-2f7bbc17c172%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.