需求如下:
現有服務器a,b,c 三臺;用戶dev1,dev2,dev3屬於dev組中,用戶sa1,sa2,sa3屬於wheel組;
用戶dev1能登陸到服務器a,而dev2,dev3無法登陸,而wheel組成員均可登陸;
相同的服務器b只允許用戶dev2和wheel成員登陸,服務器c只允許dev3和wheel成員登陸;
架構如下:
文件相關內容如下:
1,init.pp
class user {
include user::adduser
import "deluser.pp"
}
2,adduser.pp
class user::adduser {
@user {"dev1": #dev2,dev3類似
ensure => present,
shell => "/bin/bash",
tag => ['dev'],
groups => dev,
require => Group['dev'],
managehome => true,
password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
}
@user {"sa1": #sa2,sa3類似
ensure => present,
shell => "/bin/bash",
tag => [''sa],
groups => dev,
require => Group['wheel'],
managehome => true,
password => '$1$M05yB1$vG/M/Spm30cTHeuADYX2M/',
}
group {"dev":
ensure => present,
}
}
3,deluser.pp
define user::deluser (
$username
)
{
user {"$username":
ensure => absent,
}
file {"/home/$username":
ensure => absent,
}
}
注意下,puppet也支持ssh密鑰認證,可以去官網看下,這裏還是用密碼
密碼創建的方式如下:grub-md5-crypt
使用方法如下:
node 'server1' {
include user
realize user['dev1'] ## 單獨創建dev1
user::deluser{"userdel sa1": ##刪除sa1
username => sa1,
}
User <| groups == wheel |> ##創建所有wheel成員
}
前提記得 還是要在modules.pp裏面import "user"
github地址:https://github.com/vTNT/puppet-user 不定期更新 - -