Forge Home

virtual_user

Very simple lightweight virtual user management module

8,765 downloads

8,125 latest version

3.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.3 (latest)
  • 0.0.2
  • 0.0.1
released Oct 17th 2015

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jethrocarr-virtual_user', '0.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jethrocarr-virtual_user
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jethrocarr-virtual_user --version 0.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

jethrocarr/virtual_user — version 0.0.3 Oct 17th 2015

puppet-virtual_user

A very simple lightweight user module. You've seen this module before, pretty much every Puppet-using site ends up with some form of this, mine is shared for reference if you wish to use it.

Usage

Basic Usage

The way to use this module is always to invoke the virtual_user resource as a virtual and then "realize" it on the systems you want the user accounts on.

At it's simpliest, you can define a user account as per the following example:

# Define virtual user Jane. This means Jane won't be applied, unless we
# realise her later on.
@virtual_user { 'jane':
  uid           => '1000',
  groups        => ['wheel'],
  password_hash => 'hash',
  ssh_key_pub   => 'longkeyislong',
  ssh_key_type  => 'ssh-rsa',
  tags          => ['soe'],
}

# Here we "realize" any user whom includes the tag of SOE, this will catch
# our Jane example from above and ensure she has an account on this server.
Virtual_user <| tags == soe |>

If you want to do more complex things or tinker, check out the manifests/init.pp file for the full list of params, we make some assumptions by default, such as creating the home directory and purging any other SSH authorized keys that aren't explicity configured.

Hiera Example

If you're using Hiera (recommended) then you can easily define all the user accounts in Hiera and use a couple lines in a Puppet manifest to generate all the virtual users from that.

The following is an example of inheriting data from Hiera with the Puppet manifest:

# Generate all users from Hiera data
create_resources("@virtual_user", hiera(virtual_users))

# Realize the SOE users here.
Virtual_user <| tags == soe |>

The following is the associated example Hiera configuration:

virtual_users:
  jane:
    uid: 1000
    groups:
     - wheel
    password_hash: >
      gEWyw234egW@$YWU@$WHR#%YHR#$^Q%WY$RH^Q#$WEGQ#%Y$RWHQ#^TYGW#%Ysy423teg4y4s
      tg23tygway4h234wag34yhwahgw34yh4d
    ssh_key_pub: >
      ZZZZZRH34e2hw4eghq234yh2wh23hq123hy23gh4w3h4h2wheh4w4h4h2w4wahg43qewg23hy
      gk.234hgilo2bw,gbjk2b34jktgblwl3jt;gjwj4;tjgklw34jfg4h34h43yhhh444h4hh4hf
    ssh_key_type: ssh-rsa
    tags:
     - soe

Note the use of the > charactor with password_hash and ssh_key_pub, this allows you to split the long hash and SSH key strings across multiple lines if desired to keep things tidier/more readable.

Additional Tips

If you don't have existing password hashes handy and wish to use them (eg you plan to do PAM auth for non-cert based services like Apache), you can use the unix-crypt gem (https://github.com/mogest/unix-crypt) to generate suitable password hashes for user accounts.

If you wish to learn more about virtual resources, refer to: https://docs.puppetlabs.com/guides/virtual_resources.html

Dependencies

Requires stdlib, no others.