Table of Contents
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with identity
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module manages identities like users and groups.
It provides some defined types and hiera helpers to mass-manage users and groups. Some features:
- Define users and groups in hiera
- Cleanly remove users and groups with
ensure => absent
- Deliver user specific dotfiles
It's not needed to include or instantiate the main class to use this module.
The main class is just there to pass a hash of users and groups to the
and to manage the
The main functionality lies in the defined types (see below).
You can pass a hash of users and groups to the main class or call the two
identity::group directly, passing the correct parameters.
Some specialities explained:
- identity::user::ignore_uid_gid: Allows to ignore the uid and gid parameters, even if they define something. This can be usefull if you normally manage the uids and gids, but want to make an exception on some systems.
- identity::user::manage_home: Creates or deletes the home directory of the user.
- identity::user::manage_dotfiles: If set to true, dofiles from identity::dotfiles_source/$username are
delivered to the users home directory. The files are not purged if they would disapear at the source.
This parameter also wants the parameter
manage_hometo be true.
The hiera keys which hold the users, userdefaults, groups and group_defaults data are specified in the main class parameters `$hiera*_key` and can be overwritten.
When passing data to the hashes by calling the main class from a Puppet manifest this data has precedence over Hiera data.
--- classes: - identity identity::manage_skel: true identity::skel_source: 'puppet:///modules/identity_data/skel' identity::dotfiles_source: 'puppet:///modules/identity_data' user_defaults: ignore_uid_gid: false groups: - users users: test.user: ensure: present uid: 2001 comment: 'Test User' password: 'pwhash' ssh_keys: main: key: 'thekey' groups: - staff manage_dotfiles: true zwei.user: ensure: present comment: 'Test User2' groups: - staff
All parameters are documented inline. Have a look at the .pp files in
The module is just tested under Ubuntu 16.04, but it should work on other platforms too.
As the module is using the
purge_ssh_keys parameter, it's not tested for
compatibly with Puppet versions below 4.10
- Fork it
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create a new Pull Request
Make sure your PR passes the Rspec tests.
- Puppet 4 testing/compatibility
- Disallow specifying a non-numerical primary group when user's primary group is managed
- Correctly set user's home directory group to the provided gid when user's primary group is not managed
- For puppet 5 this change is backwards compatible
- Option to set group membership behaviour
- Set Datatypes for Puppet 4 Syntax compatibility
- Option to set user membership type
- Puppet 3 compatibility
- For puppet 4 this change is backwards compatible
- Fixed wrong year in release date for version 3.1.0.
- Invoke pgrep/pkill with symbolical username to avoid terminating processes when a numeric user ID has been reused.
emptypassword_policyparameter added. Thanks to @dasrecht
- User cleanup process when a user is absented. Thanks to @hansmi
- The hiera query now has an empty default to not fail if there is no data found in hiera
- Module is now located under the "vshn" namespace on forge. "vshnops" is being deprecated!
- Correct resource ordering when removing a user which has ssh authorized keys and $manage_home is true
- support Hiera hash merge lookup through configurable Hiera key names
- A lot more testing
- Preliminary Puppet 4.0 compatibility (through RSpec testing)
- ssh key names are automatically prefixed to suppress duplicate resources Note: This change needs puppetlabs-stdlib >= 4.6.0!
- Allow to define if the main group of a user should be managed
- home directory permission recursion
- manage home directory permissions
- Initial release
- puppetlabs-stdlib (>=4.6.0 <5.0.0)
Copyright (c) 2015, VSHN AG, firstname.lastname@example.org All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of VSHN nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.