I use a role or wrapper recipe that sets a different data bag for different sets of services or environments. It’s particularly useful for “root” SSH keys, if you care to allow chef to manage those. The lack of ability in the “users” cookbook itself to set characteristics, rather than always relying on the shared contents of the “users” data bag, is an old issue. I’ll also admit that it’s aggravated by the lack of encryption for SSH private keys configured by the “users” cookbook. The general tendency to store passwords and credentials in plaintext that is hardcoded in various cookboks, including “users”, “rsnapshot”, “postgresql”, “mysql”, “nagios”, “nrpe”, and many others, is a longstanding security problem. From: Mohammad Fattahian [mailto:
Thanks for your help, but as I said I’m using ‘users cookbook’ (https://github.com/opscode-cookbooks/users) I’ve created a databag with all users we need on the nodes, but some nodes does not require all the users created. I’m looking for a way to create users based nodes. Mohammad From: Yoshi Spendiff [mailto:
">
] I have a base cookbook with a users recipe that I apply to all nodes. It looks something like this: node['base-cookbook']['users'].each do |username, enabled| user username do action enabled ? :create : :remove <other user options> end end Then in your roles or role cookbook you can just use that attribute. default['base-cookbook']['users']['user_1'] = true I use a hash instead of an array so you can delete a user and so you don't come across any situations where you were expecting to overwrite an array and instead it was merged. On Thu, Jul 30, 2015 at 7:15 AM, Mohammad Fattahian <
" target="_blank">
> wrote: Hi folks, What’s the best way to create local users based on the role of the nodes? Let say I need different users created on nodes based on their roles (WEB Server, DB Server, etc.) I’m using ‘users Cookbook’ to create users from a database. Mohammad
|
Archive powered by MHonArc 2.6.16.