This module is designed to store your system admins account information in hiera. This is not intended to be used to do large scale user deployments (you can try), but rather for managing a small group of people that need to be able to login when ldap servers die (for example).
The module will look in several different places for user specific information:
This append-only list contains the mappings of usernames to UIDS. You should NEVER remove entries from here. Only adding is allowed ;)
This is an array of users that have to be created on the system.
If it is defined in multiple hiera files, they will ALL be taken into account.
A big hash mapping additional parameters to each user. Add your ssh keys and password hashes here.
Additionally, the following parameters can be set:
If set to true, all users defined in the
accounts::users will be PURGED from the system.
A hash with default parameters to use.
Since the switch to hiera 5, you can override the merge behaviours (previously with hiera_array and hiera_hash) by setting lookup_options in your hiera data files.
To disable the default behaviour (disable hiera 'merge'), place the following config in your hierarchy or call the hiera class with whatever values you want directly.
lookup_options: accounts::groups: merge: strategy: first accounts::users: merge: strategy: first accounts::user_uids: merge: strategy: first accounts::user_info: merge: strategy: first
We use the accounts::hiera defined type as a wrapper to the user resource. It allows
us to specify an additional hash with parameters that are passed through to the user
resource. For example, if you would want to use
forcelocal => true on all your resources,
you can use extra_params in combination with the
accounts::user_defaults: extra_params: forcelocal: true