In "managing infrastructure with puppet" they defines users in manifests. I've seen user rpms. How do you do it.
On 02/04/16 06:42 PM, David Thornton wrote:
In "managing infrastructure with puppet" they defines users in manifests.
I've seen user rpms.
How do you do it.
I use SaltStack in a masterless minion configuration. I build a base image with a BASH script that has enough of the VM that SaltStack can take over and do the rest. Here is the SaltStack documentation to manage users. <https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html> I'm also working on eliminating the need to create a custom ISO image from which I generate the VM by using Packer <https://www.packer.io/> with the SaltStack provider. That will give make it easier for me to have one configuration file and a common set of Salt states from which I can target various virtualization environments - VirtualBox, VMWare, Hyper-V, Amazon EC2, Azure, OpenStack, etc. -- Regards, Clifford Ilkay + 1 647-778-8696
You haven't said anything about how users are managed? If you want to add a user: compose new image and push? Remove a user , compose a new image and push? Password expire. .. well you get the idea. David David Thornton @northdot9 https://www.quadratic.net On Apr 2, 2016 8:27 PM, "CLIFFORD ILKAY" <clifford_ilkay@dinamis.com> wrote:
On 02/04/16 06:42 PM, David Thornton wrote:
In "managing infrastructure with puppet" they defines users in manifests.
I've seen user rpms.
How do you do it.
I use SaltStack in a masterless minion configuration. I build a base image with a BASH script that has enough of the VM that SaltStack can take over and do the rest. Here is the SaltStack documentation to manage users. < https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html>
I'm also working on eliminating the need to create a custom ISO image from which I generate the VM by using Packer <https://www.packer.io/> with the SaltStack provider. That will give make it easier for me to have one configuration file and a common set of Salt states from which I can target various virtualization environments - VirtualBox, VMWare, Hyper-V, Amazon EC2, Azure, OpenStack, etc.
-- Regards,
Clifford Ilkay
+ 1 647-778-8696
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Apr 2, 2016 6:42 PM, "David Thornton" <northdot9@gmail.com> wrote:
In "managing infrastructure with puppet" they defines users in manifests.
I've seen user rpms.
How do you do it.
I didn't understand your question. Could you provide more details? As far as I know, yes you can define users and groups, as well as many other things, through manifests. What do you mean with user rpms? Cheers,
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
At one company I worked at, they ensured that all required users were present with an rpm that created them if they weren't already created. And when missing from the rpm definition, removed. Rpm has password hashes and keys. #eggsinonebasket David Thornton @northdot9 https://www.quadratic.net On Apr 2, 2016 10:20 PM, "Marcelo Cavalcante" <kalibslack@gmail.com> wrote:
On Apr 2, 2016 6:42 PM, "David Thornton" <northdot9@gmail.com> wrote:
In "managing infrastructure with puppet" they defines users in manifests.
I've seen user rpms.
How do you do it.
I didn't understand your question. Could you provide more details?
As far as I know, yes you can define users and groups, as well as many other things, through manifests. What do you mean with user rpms?
Cheers,
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Apr 4, 2016 5:30 PM, "David Thornton" <northdot9@gmail.com> wrote:
At one company I worked at, they ensured that all required users were
present with an rpm that created them if they weren't already created. And when missing from the rpm definition, removed.
Rpm has password hashes and keys. #eggsinonebasket
It would depende on the solution, but since you talked about Puppet, it uses manifest files to define states, not the tasks that need to be done. For example, when dealing with users, the manifest in the puppet master/server doesn't need to say how will that user be created, neither will say to create it. The manifest will say how is the desirable state for that machine (or goupe of machines). It may say that user john might exist in that machine, so at the next time that machine/client communicates with the master to check the manifests, it will read that information and it will asks itself: Do I have a john user? If yes, cool. If not, the machine, through puppet client, will create that user without you say how to do it. Puppet client knows how to. The same way, you can provide more information through your manifest, like home directory, ownership on files, etc.
David Thornton @northdot9 https://www.quadratic.net
On Apr 2, 2016 10:20 PM, "Marcelo Cavalcante" <kalibslack@gmail.com> wrote:
On Apr 2, 2016 6:42 PM, "David Thornton" <northdot9@gmail.com> wrote:
In "managing infrastructure with puppet" they defines users in
manifests.
I've seen user rpms.
How do you do it.
I didn't understand your question. Could you provide more details?
As far as I know, yes you can define users and groups, as well as many other things, through manifests. What do you mean with user rpms?
Cheers,
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Just a friendly reminder , my question was "how do you do it?" Not how could it be done. I have a couple of years of ansible under my belt and a year of puppet. I know what text books say. What is you reality? There are many operational consideration so and tradeoffs. What implementation decisions did you make ? What tradeoffs did you make? If you haven't done it yourself .... David On Mon, Apr 4, 2016, 6:03 PM Marcelo Cavalcante <kalibslack@gmail.com> wrote:
On Apr 4, 2016 5:30 PM, "David Thornton" <northdot9@gmail.com> wrote:
At one company I worked at, they ensured that all required users were
present with an rpm that created them if they weren't already created. And when missing from the rpm definition, removed.
Rpm has password hashes and keys. #eggsinonebasket
It would depende on the solution, but since you talked about Puppet, it uses manifest files to define states, not the tasks that need to be done.
For example, when dealing with users, the manifest in the puppet master/server doesn't need to say how will that user be created, neither will say to create it. The manifest will say how is the desirable state for that machine (or goupe of machines). It may say that user john might exist in that machine, so at the next time that machine/client communicates with the master to check the manifests, it will read that information and it will asks itself: Do I have a john user? If yes, cool. If not, the machine, through puppet client, will create that user without you say how to do it. Puppet client knows how to.
The same way, you can provide more information through your manifest, like home directory, ownership on files, etc.
David Thornton @northdot9 https://www.quadratic.net
On Apr 2, 2016 10:20 PM, "Marcelo Cavalcante" <kalibslack@gmail.com> wrote:
On Apr 2, 2016 6:42 PM, "David Thornton" <northdot9@gmail.com> wrote:
In "managing infrastructure with puppet" they defines users in
manifests.
I've seen user rpms.
How do you do it.
I didn't understand your question. Could you provide more details?
As far as I know, yes you can define users and groups, as well as many other things, through manifests. What do you mean with user rpms?
Cheers,
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Mon, Apr 4, 2016 at 6:39 PM, David Thornton <northdot9@gmail.com> wrote:
Just a friendly reminder , my question was "how do you do it?"
We use a combination of LDAP and Samba Winbind/Active Directory to manage our users. For general users, they are all managed in Active Directory, w/ a team that handles on-boarding (account creation, group assignment, etc) with Winbind handling the authentication and automatic homedir creation on first login. For SysAdmins, we use LDAP and manually create the users because they don't change all that often. No real automation involved in any of it, sadly, but we made the decision to have centralized user management vs independent users on every box. -jason
participants (4)
-
CLIFFORD ILKAY -
David Thornton -
Jason Shaw -
Marcelo Cavalcante