define intusers::virtual ($uid,$realname,$pass) { user { $title: ensure => 'present', uid => $uid, gid => $title, shell => '/bin/bash', home => "/home/${title}", comment => $realname, # password => $pass, password_max_age => '90', password_min_age => '0', groups => ['sudo'], managehome => true, require => Group[$title], } group { $title: gid => $uid, } exec { "/usr/sbin/usermod -p \'$pass\' $title": refreshonly => true, subscribe => User[$title], # logoutput => true, }
Monday, May 12, 2014
Puppet and Virtual User Creation
I have been using Puppet for more and more admin tasks, and expanding the complexity of what I am doing. Currently, I am doing just about everything in the puppet config files, but am planning on starting to use ENC (initially through Puppet Dashboard, possibly moving to The Foreman).
I didn't love the way I was managing users with Puppet, and am in the process of revamping it. I had really needed to virtualize user creation, so that things became manageable. To that end, I found Scott Lowe's Blog on Puppet Account Management, which got me 90% of where I wanted to go.
The trick I still wanted to perform was to set an initial password, but not to reset their password after they change it. I had an idea of how to do this using Subscribe, and that at least seems to be working well initially.
Subscribe to:
Posts (Atom)