[Systems] Puppetization - User Management

David Farning dfarning at gmail.com
Sat Mar 6 12:26:07 EST 2010


I my quest to sell the benefits of puppet to bernie and hhardy. I have
started working on a user management module.  User management is hard and
many different solutions have been offered.  LDAP seems to be the most
common solution.  Unfortunately, it does not manage ssh keys.  At Sugar
Labs, we need to manage ssh keys along with the whicir users.

My current implementation is that every user is defined in users::people
such as:

@useraccount { "someuser":
        ensure   => "present",
        uid      => "500",
        pgroup   => "admin",
        groups   => ["users"],
        fullname => "Some User",
        homefs   => $homefs,
        shell    => $shell,
}

Each user has homedir stub which contains:

.bashrc
.ssh/
.ssh/authorized_keys

This allow us to define user groups such as:

class users::sysadmins {
    Useraccount <| pgroup == admin |>
}


As a result, adding a single line

import users::sysadmins

to individual node manifest casues:
1. Each sysadmin user is automatically created and their stub files added to
new machines.
2. The files in homedir_stub are monitored by puppet. If a change is made to
the homedir_stub on the puppet server it is pushed out to all puppet managed
clients.

Does this sound sane.

david
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/private/systems/attachments/20100306/19895602/attachment.htm 


More information about the Systems mailing list