Very simple lightweight virtual user management module

Jethro Carr



7,138 latest version

3.3 quality score

Version information

  • 0.0.3 (latest)
  • 0.0.2
  • 0.0.1
released Oct 17th 2015

Start using this module


jethrocarr/virtual_user — version 0.0.3 Oct 17th 2015


A very simple lightweight user module. You've seen this module before, pretty much every Puppet-using site ends up with some form of this, mine is shared for reference if you wish to use it.


Basic Usage

The way to use this module is always to invoke the virtual_user resource as a virtual and then "realize" it on the systems you want the user accounts on.

At it's simpliest, you can define a user account as per the following example:

# Define virtual user Jane. This means Jane won't be applied, unless we
# realise her later on.
@virtual_user { 'jane':
  uid           => '1000',
  groups        => ['wheel'],
  password_hash => 'hash',
  ssh_key_pub   => 'longkeyislong',
  ssh_key_type  => 'ssh-rsa',
  tags          => ['soe'],

# Here we "realize" any user whom includes the tag of SOE, this will catch
# our Jane example from above and ensure she has an account on this server.
Virtual_user <| tags == soe |>

If you want to do more complex things or tinker, check out the manifests/init.pp file for the full list of params, we make some assumptions by default, such as creating the home directory and purging any other SSH authorized keys that aren't explicity configured.

Hiera Example

If you're using Hiera (recommended) then you can easily define all the user accounts in Hiera and use a couple lines in a Puppet manifest to generate all the virtual users from that.

The following is an example of inheriting data from Hiera with the Puppet manifest:

# Generate all users from Hiera data
create_resources("@virtual_user", hiera(virtual_users))

# Realize the SOE users here.
Virtual_user <| tags == soe |>

The following is the associated example Hiera configuration:

    uid: 1000
     - wheel
    password_hash: >
    ssh_key_pub: >
    ssh_key_type: ssh-rsa
     - soe

Note the use of the > charactor with password_hash and ssh_key_pub, this allows you to split the long hash and SSH key strings across multiple lines if desired to keep things tidier/more readable.

Additional Tips

If you don't have existing password hashes handy and wish to use them (eg you plan to do PAM auth for non-cert based services like Apache), you can use the unix-crypt gem ( to generate suitable password hashes for user accounts.

If you wish to learn more about virtual resources, refer to:


Requires stdlib, no others.