I recently came across the situation where for a specific set of machines I needed to assign a specific combination of users to a group.
Under linux, I could have done this simply by adding the users to the /etc/group file or if it was a fixed set of groups, I could have used the Puppet user resource. It seemed from reading the documentation that I could just use the group resource and add the members as described but on reading the documentation carefully there is a caveat “requires features manages_members” and suffice to say that trying to use that feature doesn’t work on many linuxes.
This was the perfect excuse to have a look at augeas which I’ve been meaning to do for some time. According to augeas.net,
Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files.
Puppet provides an augeas resource and using this, it becomes relatively simple to add an additional user to a specific group, using module code similar to :
|
1 2 3 4 5 6 7 |
augeas { "add_user_to_group" : context => "/files/etc/group/groupa", changes => [ "set user[.=’usera’] usera", ], require => group [ 'groupa' ], } |
The lines above perform the following steps
- LINE 2: specify the context that we need. In this case, we’re looking at the file /etc/group, specifically for a group ‘groupa’
- LINES 3-5: add ‘usera’ as the last user assigned to the group
- LINE 6: ensure that the group ‘groupa‘ as been setup before we try to make this change.
Thanks to Raphaël Pinson for pointing out a more elegant method of adding the user that ensured it didn’t already exist.
December 16, 2015 at 12:58 pm
There’s no need for onlyif if you write the changes differently:
changes => “set user[.=’usera’] usera”,
December 16, 2015 at 1:31 pm
Raphaël, thanks for that – I’ll check out that option!