3

Is there any way to enumerate an array of all users within a group within Puppet, either as a fact or something so I can do something like this?

$users = enumusers('wheel')
each($users) |$user| {
    dostuff{"stuff:$user":
        user=>$user
    }
}

Users are managed through LDAP, but I be able to have Puppet pick up LDAP users and make all of them consistent.

Kyo
  • 33
  • 3
  • You could use a custom fact that queries all users from LDAP, then have a template that iterates over the entries in that fact. But that's a Bad Idea(TM). What is your actual goal here? – Nic Jul 25 '13 at 08:10
  • My actual goal is to be able to create a new user in LDAP (say for a new hire), and be able to have Puppet configure permissions and an environment for that user without having to do user management through Puppet (which is kludgy at best) – Kyo Jul 25 '13 at 18:10

1 Answers1

2

This kind of kludgy, but you could have an external fact generator that enumerates all of your users, and creates a user_USERNAME fact for each one. You could then use this in conditional statements in your Puppet manifests:

if $user_lars {
  file { '/home/lars':
    ensure => directory,
    owner => lars,
    group => lars,
    mode => 0700,
  }
}

Writing external facts is easy; you can use whatever languages you're comfortable with and it could be as simple as:

#!/bin/sh
getent passwd | cut -f1 -d:

...depending on your environment.

You know, looking at this makes me feel guilty, but it's the best I can come up with right now.

larsks
  • 41,276
  • 13
  • 117
  • 170
  • I considered something similar by having a custom function query LDAP directly, but that didn't seem "right". If nothing more puppetty comes up, I'll take this answer. – Kyo Jul 26 '13 at 21:29
  • This is still the best way to do this kind of thing in Puppet nearly 4 years later... – David Gardner Mar 31 '17 at 15:59