puppet系列之user模块

需求如下：

现有服务器a,b,c 三台；用户dev1,dev2,dev3属于dev组中，用户sa1,sa2,sa3属于wheel组；

用户dev1能登陆到服务器a，而dev2,dev3无法登陆，而wheel组成员均可登陆；

相同的服务器b只允许用户dev2和wheel成员登陆，服务器c只允许dev3和wheel成员登陆；

架构如下：

文件相关内容如下：

1,init.pp
class user {
        include user::adduser
        import "deluser.pp"
}
2,adduser.pp
class user::adduser {
      @user {"dev1":    #dev2,dev3类似
             ensure  => present,
             shell   => "/bin/bash",
             tag     => ['dev'],
             groups  => dev,
             require => Group['dev'],
             managehome  => true,
             password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
      }
      @user {"sa1":    #sa2,sa3类似
             ensure  => present,
             shell   => "/bin/bash",
             tag     => [''sa],
             groups  => dev,
             require => Group['wheel'],
             managehome  => true,
             password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
      }
      group {"dev":
             ensure  => present,
      }
}
3,deluser.pp
define user::deluser (
        $username
        )
        {
          user {"$username":
                ensure  => absent,
        }
          file {"/home/$username":
                ensure  => absent,
          }
}

注意下,puppet也支持ssh密钥认证，可以去官网看下，这里还是用密码

密码创建的方式如下：grub-md5-crypt

使用方法如下：

node 'server1' {
        include user
        realize user['dev1']     ## 单独创建dev1
        user::deluser{"userdel sa1":   ##删除sa1
username  => sa1,
        }
        User <| groups == wheel |>  ##创建所有wheel成员
}
前提记得 还是要在modules.pp里面import "user"

github地址：https://github.com/vTNT/puppet-user  不定期更新 - -