local_user
Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=4.6.0 <7.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'rnelson0-local_user', '2.0.3'
Learn more about managing modules with a PuppetfileDocumentation
local_user
Table of Contents
Overview
This module provides a defined type, local_user, that wraps the puppet 'user' resource type with validation. You may also provide a initial password that is set only when the user has no password, as a brand new 'user' resource puppet creates will have. This allows users to maintain their own passwords after creation.
Usage
Resource Definition
Create a local user by providing at a minimum the user name, state, groups, and initial password:
local_user { 'rnelson':
state => 'present',
groups => ['group1', 'group2'],
password => 'encryptedstring',
}
You may also provide the shell, home directory, password max age, the last change date (YYYY-MM-DD or number of days since Jan 1, 1970), and an array of ssh keys. These values default to /bin/bash, /home/, 90 days, 0 days, and null, respectively.
local_user { 'rnelson':
state => 'present',
shell => '/bin/bash',
home => '/home/rnelson0',
managehome => true,
comment => 'Rob Nelson',
groups => ['rnelson0', 'wheel'],
gid => 'rnelson0'
manage_groups => true,
last_change => '2015-01-01',
password => 'encryptedstring',
password_max_age => 1000,
ssh_authorized_keys => ['ssh-rsa AAAA...123 user@host'],
}
Starting with v1.0.8, a new local_user::windows
type is available.
The user can be given access to the administrator or remote desktop user groups with the parameters $admin
(default false) and $allow_rdp
(default true).
It shares the common parameters of $state
, $password
, $groups
, and $comment
.
Unlike the unix version of local_user
, the password is unencrypted and will be reset on every run.
local_user::windows { 'bob' :
state => present,
password => 'Bobbo1234',
groups => ['Administrators'],
comment => 'Bob is Cool',
allow_rdp => true,
}
Via Hiera
You can also store your user information in hiera and use the create_resources()
function to create the users. The user(s) can be defined in the appropriate level(s) of your hierarchy, for example at the least-specific level, global.yaml
:
# global.yaml
---
local_users:
rnelson0:
state: 'present'
home: '/home/rnelson0'
managehome: true
comment: 'Rob Nelson'
groups:
- 'rnelson0'
- 'wheel'
gid: 'rnelson0'
manage_groups: true
last_change: '2015-01-01'
password: 'encryptedstring'
password_max_age: '1000'
ssh_authorized_keys:
- 'ssh-rsa AAAA...123 user@host'
Add code similar to the following black to a common class, such as profile::base
. The result of the hiera lookup for local_users
, using your hiera merge strategy, will be discovered and added to the node's manifest.
# Puppet 3
# profile/manifests/base.pp
class profile::base {
# Your base profile goes here
$local_users = hiera('local_users', undef)
if ($local_users) {
create_resources('local_user', $local_users)
}
}
# Puppet 4
class profile::base {
# Your base profile goes here
$user_defaults = {
state => 'present',
}
$local_users = hiera('local_users', undef)
$local_users.each |$user, $attributes| {
local_user{
default:
* => $user_defaults;
$user:
* => $attributes,
}
}
This example is functionally equivalent to the second Resource Definition example.
Caveats and Clarifications
-
When no
$comment
is provided, the comment field will contain the username. -
If the specified groups do not exist and or not created elsewhere in your catalog (or ordered incorrectly), you will receive errors preventing the user from being created. Set the parameter
manage_groups
totrue
and the groups will be managed and ordered withinlocal_user
. The error looks like:
Error: Could not create user rnelson0: Execution of '/usr/sbin/useradd -c Rob Nelson -g rnelson0 -G wheel
-d /home/rnelson0 -s /bin/bash -m rnelson0' returned 6: useradd: group 'rnelson0' does not exist
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v2.0.2 (2019-07-10)
v2.0.1 (2019-07-10)
Added
- Replace validate_* with defined types. #65 (rnelson0)
- Pass password through to puppet directly rather than sed /etc/shadow #57 (cryptk)
- Remove duplicate groups when assigning both gid and groups #55 (bbriggs)
- Expose system parameter for user type #54 (bbriggs)
UNCATEGORIZED PRS; GO LABEL THEM
- Release 2.0.0 #69 (rnelson0)
- Remove puppet 3 testing, add puppet 5 testing #66 (rnelson0)
- Remove direct reference to semantic_puppet #64 (rnelson0)
- Modulesync #63 (rnelson0)
- MSync Gemfile and Rakefile #62 (rnelson0)
- Update test configuration #60 (rnelson0)
- Gemfile: Remove guard-rake from development group. #59 (rnelson0)
- Update .travis.yml and Rakefile #58 (rnelson0)
- August msync #53 (rnelson0)
- Puppet4 #52 (rnelson0)
- Update from rnelson0's modulesync #45 (rnelson0)
v1.0.8 (2016-03-16)
Added
- v1.0.8 release PR #44 (rnelson0)
- Add option to manage GID only. Fixes #37. #42 (bbriggs)
- Initial Commit - Create a Windows user #41 (matthewrstone)
v1.0.7 (2016-01-25)
Added
- 1.0.7 release #34 (rnelson0)
- Default the comment field to resource name #32 (bbriggs)
- Regex improvements #31 (rnelson0)
- Example of using hiera with local_users #29 (rnelson0)
UNCATEGORIZED PRS; GO LABEL THEM
v1.0.6 (2016-01-21)
Added
v1.0.5 (2016-01-15)
Added
v1.0.4 (2016-01-05)
Added
- Update README.md #23 (rnelson0)
- Expose managehome parameter to user #21 (bbriggs)
- Allow entering a date for the $last_change param #20 (rnelson0)
- Add support for using GID parameter in local_user type #16 (bbriggs)
v1.0.3 (2015-12-01)
Added
v1.0.2 (2015-11-15)
Added
- Preparing module for puppet 4 support #12 (rnelson0)
- Sshkey #6 (rnelson0)
- Improvements to match puppet style. #3 (rnelson0)
- Last change #2 (rnelson0)
- Create successful spec tests #1 (rnelson0)
UNCATEGORIZED PRS; GO LABEL THEM
- Add badges to the readme. #11 (rnelson0)
- Initial Travis CI enabled commit. #10 (rnelson0)
- v0.9.4 - Update url to match renamed repo #8 (rnelson0)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 4.13.1 <7.0.0)