PUPPET-配置服务器之用户管理笔记

puppet服务器用户管理

看下我的目录结构

/etc/puppet/modules

在modules文件夹内建立users文件夹

手动创建puppet所需的三个文件夹，此例files用不到，可以选择不创建

`-- users
    |-- files
    |-- manifests
    |   |-- init.pp
    |   |-- sa.pp
    |   |-- useradd.pp
    |   `-- userdel.pp
    `-- templates
        |-- test07_authorized_keys.erb
        |-- test08_authorized_keys.erb
        |-- xiaolulu1_authorized_keys.erb
        |-- xiaolulu2_authorized_keys.erb
        |-- xiaolulu3_authorized_keys.erb
        |-- xiaolulu_authorized_keys.erb
        |-- xiaolutest01_authorized_keys.erb
        |-- xiaolutest02_authorized_keys.erb
        `-- xiaolutest03_authorized_keys.erb

manifests：放置puppet配置文件

templates：用户密钥文件

init.pp

import "sa.pp"
import "useradd.pp"
import "userdel.pp"
class users {
        include users::adduser::sa, users::deluser
}

sa.pp

import "useradd.pp"
class users::adduser::sa inherits users::adduser
{
       add_user {"user_add":
               username => "xiaolulu2",
               useruid => 514,
               userhome => "xiaolulu2",
        #      groups => xiaolulu2,
               }
       add_user {"user_add1":
               username => "xiaolulu3",
               useruid => 515,
               userhome => "xiaolulu3",
        #      groups => xiaolulu3,
               }
}

useradd.pp

class users::adduser {
   define add_user ( $username, $useruid, $userhome, $usershell='/bin/bash',  )
   {
       user
       {   $username:
           uid   => $useruid,
           shell => $usershell,
        #   groups => $groups,
           home  => "/home/$userhome",
       }
       file
       {   "/home/$userhome":
           owner   => $useruid,
           group   => $useruid,
           mode    => 700,
           ensure  => directory;
       }
       file
       {   "/home/$userhome/.ssh":
           owner   => $useruid,
           group   => $useruid,
           mode    => 700,
           ensure  => directory,
           require => File["/home/$userhome"];
       }
       file
       {   "/home/$userhome/.ssh/authorized_keys":
           owner   => $useruid,
           group   => $useruid,
           mode    => 600,
           ensure  => present,
           content => template("users/${userhome}_authorized_keys.erb"),
           require => File["/home/$userhome/.ssh"];
       }
   }
}

userdel.pp

class users::deluser
{
       user
       {
           "xiaolulu1":
           ensure  => absent,
       }
}