Defined Type: admin::user

Defined in:
modules/admin/manifests/user.pp

Overview

WARNING: this is designed to NOT play well with local modifications.

Parameters:

  • name

    The user of the user to be created.

  • ensure (Wmflib::Ensure) (defaults to: present)

    Add or remove the user account [ “present” | “absent”]

  • uid (Optional[Integer]) (defaults to: undef)

    The UID to set for the new account. Must be globally unique.

  • gid (Optional[Integer]) (defaults to: undef)

    Sets the primary group of this user. NOTE: User created files default to this group

  • groups (Array[String]) (defaults to: [])

    An array of additional groups to add the user to.

    NOTE: user membership should almost exclusively be handled in the external definition format (yaml)

    WARNING: setting a group here means anywhere this user exists the

    group _has_ to exist also.  More than likely they should be added
to the appropriate group in Admin::Groups
  • comment (String) (defaults to: '')

    Typically the realname for the user.

  • shell (String) (defaults to: '/bin/bash')

    The login shell.

  • privileges (Optional[Array[String]]) (defaults to: undef)

    An array of sudo privileges to setup Rarely should a user differ from an established group.

  • ssh_keys (Array[String]) (defaults to: [])

    An array of strings containing the SSH public keys.

  • home_dir (Variant[Enum['none'],Stdlib::Unixpath]) (defaults to: "/home/${name}") 


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'modules/admin/manifests/user.pp', line 26

define admin::user (
    Wmflib::Ensure                         $ensure     = present,
    Optional[Integer]                      $uid        = undef,
    Optional[Integer]                      $gid        = undef,
    Array[String]                          $groups     = [],
    String                                 $comment    = '',
    String                                 $shell      = '/bin/bash',
    Optional[Array[String]]                $privileges = undef,
    Array[String]                          $ssh_keys   = [],
    Variant[Enum['none'],Stdlib::Unixpath] $home_dir   = "/home/${name}",
) {

    include admin

    # Add special hack for /nonexistent dir
    # By default managehome is controlled at the class level so we
    # can ensure all users for a specific role, profile, host are
    # all configured the same regardless of this parameter we still
    # sync files below from modules/admin/files/home/${user}
    $managehome = $home_dir ? {
        '/nonexistent' => false,
        'none' => false,
        default        => $admin::managehome,
    }
    $_home_dir = $home_dir ? {
        'none'  => '/nonexistent',
        default => $home_dir,
    }
    user { $name:
        ensure     => $ensure,
        name       => $name,
        uid        => $uid,
        comment    => $comment,
        gid        => $gid,
        groups     => [],
        shell      => $shell,
        home       => $_home_dir,
        allowdupe  => false,
        managehome => $managehome,
    }

    # This is all absented by the above /home/${user} cleanup
    # Puppet chokes if we try to absent subfiles to /home/${user}
    if $ensure == 'present' and $_home_dir != '/nonexistent' {
        file { $_home_dir:
            ensure       => stdlib::ensure($ensure, 'directory'),
            source       => [
                "puppet:///modules/admin/home/${name}/",
                'puppet:///modules/admin/home/skel/',
            ],
            sourceselect => 'first',
            recurse      => 'remote',
            mode         => '0644',
            owner        => $name,
            group        => $gid,
            force        => true,
        }
    }

    # /etc/ssh/userkey is recursively-managed,
    # automatically purged, so user keys not defined
    # (as resource) will be automatically dropped.
    if !empty($ssh_keys) {
        ssh::userkey { $name:
            ensure  => $ensure,
            content => join($ssh_keys, "\n"),
        }
    }

    if !empty($privileges) {
        sudo::user { $name:
            ensure     => $ensure,
            privileges => $privileges,
        }
    }
}