Sunday, May 15, 2011

Using puppet to manage users, groups, and ssh keys.

UPDATE 2014/07/18.  This document has been updated, go here:

        http://blog.zweck.net/2014/07/puppet-module-to-manage-users-groups.html

Everything has been moved to a Github Repository.




Create the following file /etc/puppet/modules/useradd/manifests/init.pp:

## init.pp (useradd)


define add_user ( $name, $uid, $password, $shell, $groups, $sshkeytype, $sshkey) {

 $homedir = $kernel ? {
  'SunOS' => '/export/home',
  default   => '/home'
 }
 
 $username = $title
 user { $username:
  comment => "$name",
  home    => "$homedir/$username",
  shell   => "$shell",
  uid     => $uid,
  gid => $uid,
  managehome => 'true',
  password  => "$password",
  groups => $groups
 }

 group { $username:
  gid => "$uid"
 }

 ssh_authorized_key{ $username: 
  user => "$username",
  ensure => present, 
  type => "$sshkeytype", 
  key => "$sshkey", 
  name => "$username" 
 } 
}

Create and/or edit your /etc/puppet/manifests/sites.pp file:

node "default" {

 # This is the account I use to build machines, so I can use puppet
 # to create the real user accounts afterwards. 
 user { installer:
  ensure => "absent"
 }


 add_user { jemurray:
  name    => "Jason E. Murray",
  uid      => "777",
  password => '$1$abcedfghijklkmnopqrstuvwxyz',
  shell => "/bin/bash",
  groups => ['sudo', 'jemurray'],
  sshkeytype => "ssh-dss",
  sshkey => "AAAAB3NzaC1kc3MAAACBAJzMVL4afDQBJ3rcM9LlHqxg0rmkWDwoWehS4nIpBLJL9qGoyR1YBzPvpD1VufsUqgUXH9dYdfaiVum4IaTgyu2Tb0ezR4Nx2Jkcnp+8jFh/Cys3zgMvzJaIw/Au45E9h4vBdwvouj1Sg0YaY5mGuKZ2w121uPLawjc3DJsNSc+jAAAAFQCb7+Vtir8w+o/CIDiSPXr6MVj16QAAAIBFHMnBixvQax
ekLK70eR9TgYUAXsh0MHT8VT+XMUWlOC8u8yVEOTDzrU1ZL2vNWo4NZL6ex9ffx0JRS5hSCU/o8aVcoC4viCC7SGmntNb0nQo+iKUyTQbGcmMoPG9lO498prML66GbOYWzTedc4XT683kyWV4k0iVixyvLsfLnAAAAIB4PmZfjdTtYwC7cE/upvfC/HWpKHHAn66YW6PRTCwZPqCd2AvHAMX/l7nbk1u+BL0YtymawzNT97FcYuvM1UWrJ+fT8i
sTyHsoUkf76irVxcTBH0SReChHbYeWa2bATEvaj0u2597H4O7qYHJ6IZpTTAeWP0EeKDABfonAr+ZJw=="
 }
}


You can call add_user as many times as you want.

10 comments:

  1. Excelent Thanks!!

    ReplyDelete
  2. thehostname puppet-agent[1337]: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type add_user at /etc/puppet/manifests/site.pp:20 on node thehostname

    Can't figure out what this means

    ReplyDelete
    Replies
    1. In manifests/sites.pp and modules/useradd/manifests/init.pp, rename all add_user to useradd solved my above problem.

      Delete
    2. This does not work for me, any other suggestions about this problem?

      Delete
  3. /etc/puppet/manifests/sites.pp is missing import add_user;

    ReplyDelete
  4. Here is mistake in path, if you use add_user then path should be :
    /etc/puppet/modules/add_user/manifests/init.pp

    ReplyDelete
  5. err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Ssh_authorized_key[testuser2] to [""] at /etc/puppet/modules/useradd/manifests/init.pp:30; resource ["Ssh_authorized_key", ""] already declared at /etc/puppet/modules/useradd/manifests/init.pp:30 at /etc/puppet/modules/useradd/manifests/init.pp:30 on node testserver2

    ReplyDelete
  6. I get the error above when trying to add a second user... any ideas?

    ReplyDelete
  7. I cleaned up a bunch of typos and created a GitHub repository with the updates: https://github.com/duxklr/manageusers - Try this and see if it works better for you.

    ReplyDelete

Followers