On 2020-09-20 16:31, Devminded wrote:
Hi.
We are using the *puppetlabs/accounts* module to setup user accounts and
SSH keys but finds it lacking.
We are using *Hiera* and have divided users up by role, type of machine
and region/environment. The issue here is that if a user should exist on
multiple groups of machines, but not in others, we /have to repeat the
entire definition;/ password, groups, ssh-key, etc. for every "group" of
users. Multiple places to change things.
I had expected it to have two concepts:
* List of account definitions (passwords, ssh-keys, groups, etc)
* List of accounts to be applied to a target (with the possibility to
override properties)
*Definitions*
accounts::users:
joe:
password: '$6......'
sshkeys: - 'ssh-rsa ... [email protected]'
sally:
password: '$6......'
sshkeys: - 'ssh-rsa ... [email protected]'
*Declare/Apply*
*(*hieradata/accounts/DBA.yaml)
accounts::user_list:
joe:
sally:
*(*hieradata/accounts/paymentservice.yaml)
accounts::user_list:
joe:
Is this possible?
Is it possible using Hiera?
What am I missing?
You could do it by having a unique key per user and then referencing
those in each list. Here is an example:
user::joe:
name: 'joe'
password: '$6......'
sshkeys: - 'ssh-rsa ... [email protected]'
user::sally:
name: 'sally'
password: '$6......'
sshkeys: - 'ssh-rsa ... [email protected]'
# *(*hieradata/accounts/DBA.yaml)
accounts::user_list:
- '%{alias("user::joe")}
- '%{alias("user::sally")}
# *(*hieradata/accounts/paymentservice.yaml)
accounts::user_list:
- '%{alias("user::joe")}
When you lookup `accounts::user_list` you will get an array of hashes.
If you instead would prefer one hash with all users where the keys are
names you could do something like this:
accounts::user_list:
joe:'%{alias("user::joe")}
sally: '%{alias("user::sally")}
Hope that helps.
- henrik
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/366bedce-0c3f-43f8-82d2-d7e854057686n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/rkabe6%24jub%241%40ciao.gmane.io.
