- From: "John E. Vincent (lusis)" <
>
- To:
- Subject: [chef] Managing users and groups - Current best practice
- Date: Mon, 22 Nov 2010 16:05:00 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:date:x-google-sender-auth:message-id :subject:from:to:content-type; b=Kp8H7g6D6T7XRH+0PwHYyLSO1gZj2YBhZLifbcdZOxojfqJY3XtkoS7o+yuZnrYuRc euwuj5dUC0gYNRVzd7dVGAIG86gM+Uuxxpz2qeGahVFHS4NHyfM13jR9JWS3A4dSXIga Z5H30wBujH5dxG/kgMaBH8ZCk64oVPepKys0A=
(resending. sent from the wrong address previously)
Hi all,
Seth suggested I hit up the list if I didn't find anything in the
archives so I am.
What's the current best practice for fully managing users and groups
in Chef (outside of ldap). My recipe works fine except for the
handling of deleted users. I really would like the full auditing of
the process and to have everything fully documented.
Seth suggested using knife ssh for the job but I'm really trying to
keep EVERYTHING in databags and cookbooks. By using an untraceable
manual process, I really lose that ability. While the user shouldn't
be on the system anymore (or at least locked with SSH keys removed), I
still need to know that they were there at one point.
So my options are (as I see it):
1) Use knife ssh
2) Created a deleted users data bag where I move users when they are
deleted. Then it's just another section in my users recipe for that
data bag.
3) Move to LDAP
4) ????????????
Any other option I'm missing?
Thanks
John E. Vincent
http://about.me/lusis
- [chef] Managing users and groups - Current best practice, John E. Vincent (lusis), 11/22/2010
Archive powered by MHonArc 2.6.16.