Puppet Forge

PuppetForge 0.4.0

Module dcsobral/users

Download

Module description

users puppet module

Manages user configuration.

Supported corrective actions under: Debian.

Classes

  • users

users

Realize all useraccount, massuseraccount and lookup defines tagged with ‘administrators’. Also, realize User, Group, File and Exec likewise tagged, to handle exceptional cases.

Definitions

  • users::account
  • users::gidsanity
  • users::lookup
  • users::lookupkey
  • users::masskeys
  • users::massuseraccount
  • users::uidsanity

users::account

Create a user account with a primary group of the same name. If uid is provided and the client supports the custom facts provided with this module, do some sanity checking beforehand, moving users and groups with conflicting guids to the same guids + 10000.

Note that just like user name and primary group name are kept the same, uid and gid are kept equal.

Also copy a tree of files in one of two ways:

  1. If there’s a “managed” directory from one of the options below, use it and control file content. The file paths checked for are absolute, so it may need changing if the default file server path is different. Also, it uses a script at /etc/puppet/modules/users/scripts to check for these files, which may also need changing depending on the module path and module name.

    • /etc/puppet/files/users/home/managed/host/${username}.$fqdn
    • /etc/puppet/files/users/home/managed/host/${username}.$hostname
    • /etc/puppet/files/users/home/managed/domain/${username}.$domain
    • /etc/puppet/files/users/home/managed/env/${username}.$environment
    • /etc/puppet/files/users/home/managed/user/${username}
    • /etc/puppet/files/users/home/managed/skel

  2. Otherwise, use one of the directories below as a default (modified files do not get replaced).

    • puppet:///files/users/home/default/host/${username}.$fqdn
    • puppet:///files/users/home/default/host/${username}.$hostname
    • puppet:///files/users/home/default/domain/${username}.$domain
    • puppet:///files/users/home/default/env/${username}.$environment
    • puppet:///files/users/home/default/user/${username}
    • puppet:///files/users/home/default/skel
    • puppet:///files/users/home/default/skel
    • puppet:///users/home/default/skel

In neither case will other files be purged. Also, there is no mode control, though all files will be created with user and group onwership.

Also ensures that the .ssh directory and .bash_history will be kept with appropriate permissions.

Example:

    @useracount { "bob":
        ensure   => present,
        uid      => 1000,
        groups   => [ "wheel" ], # Extra groups, defaults to none
        shell    => '/bin/bash', # default value
        password => 'hash',
    }

users::gidsanity

Checks that no other group is using this gid, and, if it is, moves it up 10000.

Also, if the group exists but doesn’t presently have this gid, pre-emptively change group owner ship of all files in the home directory with the current gid, so that they’ll be correct after the group id was corrected (elsewhere).

users::lookup

Add a user through extdata lookup. The user is added with the extra groups provided, but name, uid and password come from the csv file.

Example:

@users::lookup { 'username':
    ensure => present, # default value
    groups => [], # default value
}

CSV file:

username_account,uid,Full Name,hashed password

users::lookupkey

Add a key to a user’s authorized_keys file through extdata lookup. It supports arbitrary number of options, and //requires// a comment field, which will be prepended with the username to avoid problems with it being used as primary key on ssh_authorized_keys when multiple users are using the same key.

Options containing double quotes should be enclosed in double quotes themselves, and its own double quotes doubled (see example).

The CSV format was designed to be almost equal to authorized_keys itself, with just the need to replace spaces separating options, key type, key and comment with commas, plus the above mentioned double quote handling.

Example:

@users::lookupkey { 'username':
    ensure => present, # default value
}

CSV file:

username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment

users::masskeys

Add keys to user’s authorized_keys files through extdata lookup. See users::lookupkey for more details.

Example:

@users:masskeys { 'group':
    ensure => present, # default value
}

CSV file:

group_sshkeys,username
username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment

users::massuseraccount

Adds users through extdata lookup. The users are added with the extra groups provided, but name, uid and password come from the csv files, as well as the list of users.

Example:

@users::massuseraccount { 'group':
    ensure => present, # default value
    groups => [], # default value
}

CSV file:

group_accounts,username
username_account,uid,Full Name,hashed password

users::uidsanity

Checks that no other user is using this uid, and, if it is, moves it up 10000.

Release notes for version 1.1.0

Add mass authorized keys provisioning through extdata lookup.

Module's releases

Add a module

Modules

Popular Tags

a2dismod a2enmod accelerator access acl activemq agent agnostic alerts aliases amanda amavis amazon amqp analysis and android antivirus apache apache2 apple application applications apt apticron archive asadmin Atlassian augeas auth authconfig authentication authoritative automation availability aws backup backuppc bacula balance bash basic benchmark bigtable bind blog boundary bprobe bugzilla build bzr c++ ca caching Cacti capistrano cassandra ccollect CentOS cern certificate certificate_authority certificates certs cfn check chrislea ci cirrus clamav cleanup cli client cloud cloud-provisioner cloudformation cloudkick cluster cobbler collectd common compile compiler composite_namevars concat concatenate console control controltier create_resouces cron curl CVS cyber dashboard data database datadog db debian defaults denyhosts deployment desktop developer development device dhcp digest directory distributed dms dns dnsmasq dovecot dpkg dpm duo dynamic dynect ec2 editor elasticsearch email ENC enterprise environment ESN example42 exim experimental ext f5 face facter factor facts fail fail2ban farm fcgi fcron fedora FHS file files fileserver filesystem find firehol firewall flowdock FMRI foo foreman fpm freebsd fsck ftp func function ganglia gcc gconf gearman gearman-job-server gearmand gem generation generic Gentoo gfx git gitolite glassfish Glider gLite glusterfs gnome2 graphics greylisting grid Group groups ha hadoop haproxy hardware hbase hdd hdfs headless heartbeat hg hids high-availability homebew host host-keys hosts HP htdigest htpasswd HTTP httpd https icinga ignore imagemagick imap info information infrastructure initr interface inventory ip6tables iphone iproute ipset iptables ipvs irc irqbalance iscsi jabber java jdk jenkins jenkins-ci Jira joyent jre jsp keepalived kerberos kickstart krb5 kvm kwalify LANANA languages lcg lcgutil ldap library libvirt libzypp limits limits-conf linux lmsensors load load-balancing loadbalancer locale locales lock logging logical_volume logrotate logs logwatch LSB lucid LVM mac mail mailalias maintenance make manager manages_members mariadb master-election mcollective mediawiki memcached message message_bus messaging meta metche mfa middleware mirror mnx mobileconfig module modules mon mongodb monit monitor monitoring Monitoring and Trending mosh motd mount mountpoint mounttab mrepo mta multi multipath multiple sites mumble munin mysql mysql-proxy mysql_proxy mysqlproxy naginator nagios namenode nameserver netinstall network network_config network_interface networking NFS nginx nmap noah node nodejs nosql notification nova nrpe ntp ntpd nullmailer OEL openfire opennebula openssh openssl openstack OpenSUSE openvpn openvz operating operating system operating systems operatingsystem operatingsystems operations opsview orchestration os ossec osx ovh pacemaker package package management packages packaging PAM pam_access passenger password pe pear percona performance perl permissions pflogsumm php phpqa phpqatools phpsysinfo phptools physical_volume pick pkgin planet platform pop posix postfix postgres postgresql postmark ppa probe proc processor production-ready profile_d proftpd Programming Languages Proliant prosvc provider provisioner provisioning proxy psumac psumac2012 puppet puppetlabs puppetmaster puppi pure-ftpd pureftpd pushover pwgen PXE python qa queue rabbitmq rack raid rails rbenv redhat redis-server relay replication repo report reporting repositories repository request resolv resolv_conf resolvconf resolver resources rest restart rhel rhel5 rhel6 role route53 RPM rpmbuild RRD rsnapshot RSpec rsync rsyslog rt ruby rubygems runtime samba satellite scm screen scribe scrumworks search SecretServer security sendmail server service services servlet settings shell shortcut sieve sip sipfoundry sipx sipxecs SMF smokeping smtp snmp snmpd solaris solr sonar spam spamassassin sphinx sphinxsearch splunk sql sqlgrey sqlite ssh sshd ssl stages standard standards statistics stdlib stomp storage storeconfigs subversion subversion-client sudo SuSE SVC svn svnrepo symfony synchronisation sysctl syslog syslog-ng system systems tar tcp test Testing tftp thin thrift thycotic ticketing tidy time timezone tls tmpfs tmpwatch tomcat tomcat6 tool tools tracker" traut Trending tuning tunnel two type ubuntu udp unbound unconfigured untar user users utilities utils validation vcs version vhost vim virtual virtual-environment virtualhost virtualization vm vmtools vmware vmware-tools vmware_tools vnc VOIP volume volume_group voms vpn wars web web servers webapp webapp-config webserver webservers wget wiki windows wordpress x x11 xen xinetd xmpp yast yum zeromq zones zookeeper zypp zypper