|
需求如下:
现有服务器a,b,c 三台;用户dev1,dev2,dev3属于dev组中,用户sa1,sa2,sa3属于wheel组;
用户dev1能登陆到服务器a,而dev2,dev3无法登陆,而wheel组成员均可登陆;
相同的服务器b只允许用户dev2和wheel成员登陆,服务器c只允许dev3和wheel成员登陆;
架构如下:
文件相关内容如下:
- 1,init.pp
- class user {
- include user::adduser
- import "deluser.pp"
- }
- 2,adduser.pp
- class user::adduser {
- @user {"dev1": #dev2,dev3类似
- ensure => present,
- shell => "/bin/bash",
- tag => ['dev'],
- groups => dev,
- require => Group['dev'],
- managehome => true,
- password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
- }
- @user {"sa1": #sa2,sa3类似
- ensure => present,
- shell => "/bin/bash",
- tag => [''sa],
- groups => dev,
- require => Group['wheel'],
- managehome => true,
- password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
- }
- group {"dev":
- ensure => present,
- }
- }
- 3,deluser.pp
- define user::deluser (
- $username
- )
- {
- user {"$username":
- ensure => absent,
- }
- file {"/home/$username":
- ensure => absent,
- }
- }
注意下,puppet也支持ssh密钥认证,可以去官网看下,这里还是用密码
密码创建的方式如下:grub-md5-crypt
使用方法如下:
- node 'server1' {
- include user
- realize user['dev1'] ## 单独创建dev1
- user::deluser{"userdel sa1": ##删除sa1
- username => sa1,
- }
- User <| groups == wheel |> ##创建所有wheel成员
- }
- 前提记得 还是要在modules.pp里面import "user"
github地址:https://github.com/vTNT/puppet-user 不定期更新 - - |
|
|