puppet系列之user模块
需求如下:现有服务器a,b,c 三台;用户dev1,dev2,dev3属于dev组中,用户sa1,sa2,sa3属于wheel组;
用户dev1能登陆到服务器a,而dev2,dev3无法登陆,而wheel组成员均可登陆;
相同的服务器b只允许用户dev2和wheel成员登陆,服务器c只允许dev3和wheel成员登陆;
架构如下:
http://blog.51cto.com/attachment/201304/133312224.jpg
文件相关内容如下:
[*] 1,init.pp
[*] class user {
[*] include user::adduser
[*] import "deluser.pp"
[*] }
[*] 2,adduser.pp
[*] class user::adduser {
[*] @user {"dev1": #dev2,dev3类似
[*] ensure=> present,
[*] shell => "/bin/bash",
[*] tag => ['dev'],
[*] groups=> dev,
[*] require => Group['dev'],
[*] managehome=> true,
[*] password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
[*] }
[*] @user {"sa1": #sa2,sa3类似
[*] ensure=> present,
[*] shell => "/bin/bash",
[*] tag => [''sa],
[*] groups=> dev,
[*] require => Group['wheel'],
[*] managehome=> true,
[*] password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
[*] }
[*] group {"dev":
[*] ensure=> present,
[*] }
[*] }
[*] 3,deluser.pp
[*] define user::deluser (
[*] $username
[*] )
[*] {
[*] user {"$username":
[*] ensure=> absent,
[*] }
[*] file {"/home/$username":
[*] ensure=> absent,
[*] }
[*] }
注意下,puppet也支持ssh密钥认证,可以去官网看下,这里还是用密码
密码创建的方式如下:grub-md5-crypt
使用方法如下:
[*] node 'server1' {
[*] include user
[*] realize user['dev1'] ## 单独创建dev1
[*] user::deluser{"userdel sa1": ##删除sa1
[*] username=> sa1,
[*] }
[*] User <| groups == wheel |>##创建所有wheel成员
[*] }
[*] 前提记得 还是要在modules.pp里面import "user"
github地址:https://github.com/vTNT/puppet-user不定期更新 - -
页:
[1]