Forge Home


Manage your (system) user accounts in hiera


7,179 latest version

3.8 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.0 (latest)
  • 0.2.0
  • 0.1.0
released Mar 14th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.4.x
  • Puppet >= 4.9.3 < 5.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'vStone-accounts', '1.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add vStone-accounts
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install vStone-accounts --version 1.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: hiera, accounts


vStone/accounts — version 1.0.0 Mar 14th 2017

Puppet Accounts


This module is designed to store your system admins account information in hiera. This is not intended to be used to do large scale user deployments (you can try), but rather for managing a small group of people that need to be able to login when ldap servers die (for example).


  • hiera


The module will look in several different places for user specific information:

  • accounts::user_uids

This append-only list contains the mappings of usernames to UIDS. You should NEVER remove entries from here. Only adding is allowed ;)

  • accounts::users

This is an array of users that have to be created on the system.

If it is defined in multiple hiera files, they will ALL be taken into account.

  • accounts::user_info

A big hash mapping additional parameters to each user. Add your ssh keys and password hashes here.

Additionally, the following parameters can be set:

  • accounts::purge

If set to true, all users defined in the accounts::user_uids and NOT in accounts::users will be PURGED from the system.

  • accounts::user_defaults

A hash with default parameters to use.

Advanced Usage

Overriding the merge strategies

Since the switch to hiera 5, you can override the merge behaviours (previously with hiera_array and hiera_hash) by setting lookup_options in your hiera data files.

To disable the default behaviour (disable hiera 'merge'), place the following config in your hierarchy or call the hiera class with whatever values you want directly.

      strategy: first

      strategy: first

      strategy: first

      strategy: first


We use the accounts::hiera defined type as a wrapper to the user resource. It allows us to specify an additional hash with parameters that are passed through to the user resource. For example, if you would want to use forcelocal => true on all your resources, you can use extra_params in combination with the user_defaults.

    forcelocal: true