Re: [Puppet Users] puppetlabs/accounts - separate user list and declaration of users

[Henrik Lindberg]

On 2020-09-20 16:31, Devminded wrote:
Hi.
We are using the *puppetlabs/accounts* module to setup user accounts and 
SSH keys but finds it lacking.
We are using *Hiera* and have divided users up by role, type of machine 
and region/environment. The issue here is that if a user should exist on 
multiple groups of machines, but not in others, we /have to repeat the 
entire definition;/ password, groups, ssh-key, etc. for every "group" of 
users. Multiple places to change things.
I had expected it to have two concepts:

  * List of account definitions (passwords, ssh-keys, groups, etc)
  * List of accounts to be applied to a target (with the possibility to
    override properties)


*Definitions*
accounts::users:
   joe:
     password: '$6......'
     sshkeys: - 'ssh-rsa ... j...@corp.com'
   sally:
     password: '$6......'
     sshkeys: - 'ssh-rsa ... sa...@corp.com'

*Declare/Apply*
*(*hieradata/accounts/DBA.yaml)
accounts::user_list:
   joe:
   sally:

*(*hieradata/accounts/paymentservice.yaml)
accounts::user_list:
   joe:

Is this possible?
Is it possible using Hiera?
What am I missing?


You could do it by having a unique key per user and then referencing 
those in each list. Here is an example:

user::joe:
  name: 'joe'
  password: '$6......'
  sshkeys: - 'ssh-rsa ... j...@corp.com'
user::sally:
  name: 'sally'
  password: '$6......'
  sshkeys: - 'ssh-rsa ... sa...@corp.com'

# *(*hieradata/accounts/DBA.yaml)
accounts::user_list:
  - '%{alias("user::joe")}
  - '%{alias("user::sally")}

# *(*hieradata/accounts/paymentservice.yaml)
accounts::user_list:
  - '%{alias("user::joe")}

When you lookup `accounts::user_list` you will get an array of hashes.
If you instead would prefer one hash with all users where the keys are 
names you could do something like this:

accounts::user_list:
  joe:'%{alias("user::joe")}
  sally: '%{alias("user::sally")}

Hope that helps.
- henrik
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com 
<https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com?utm_medium=email&utm_source=footer>.


--

Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rkabe6%24jub%241%40ciao.gmane.io.