-
-
Save UtahDave/3785738 to your computer and use it in GitHub Desktop.
| Here is a sample of how I am currently dealing with users. | |
| Big thanks to uggedal! I used his user states as an example: https://github.com/uggedal/states | |
| ### | |
| # How to create password hashes | |
| ### | |
| python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt\$')" | |
| ### | |
| # top.sls in pillars | |
| ### | |
| base: | |
| '*': | |
| - groups | |
| - users | |
| ### | |
| # users.sls | |
| ### | |
| users: | |
| user1: | |
| fullname: Robert Hernandez | |
| uid: 5000 | |
| gid: 5000 | |
| shell: /bin/bash | |
| home: /home/user1 | |
| groups: | |
| - wheel | |
| - admin | |
| password: $6$SALTsalt$UiZikbV3VeeBPsg8./Q5DAfq9aj7CVZMDU6ffBiBLgUEpxv7LMXKbcZ9JSZnYDrZQftdG319XkbLVMvWcF/Vr/ | |
| enforce_password: True | |
| key.pub: True | |
| user2: | |
| fullname: Joe Smith | |
| uid: 5031 | |
| gid: 5031 | |
| shell: /bin/bash | |
| home: /home/user2 | |
| password: $6$SALTsalt$UiZikbV3VeeBPsg8./Q5DAfq9aj7CVZMDU6ffBiBLgUEpxv7LMXKbcZ9JSZnYDrZQftdG319XkbLVMvWcF/Vr/ | |
| groups: | |
| - admin | |
| key.pub: True | |
| ### | |
| # groups.sls | |
| ### | |
| groups: | |
| admin: | |
| gid: 6010 | |
| ### | |
| # top.sls in states | |
| ### | |
| base: | |
| "*": | |
| - groups | |
| - users | |
| ### | |
| # groups.sls | |
| ### | |
| {% for group, args in pillar['groups'].iteritems() %} | |
| {{ group }}: | |
| group.present: | |
| - name: {{ group }} | |
| {% if 'gid' in args %} | |
| - gid: {{ args['gid'] }} | |
| {% endif %} | |
| {% endfor %} | |
| ### | |
| # users.sls | |
| ### | |
| {% for user, args in pillar['users'].iteritems() %} | |
| {{ user }}: | |
| group.present: | |
| - gid: {{ args['gid'] }} | |
| user.present: | |
| - home: {{ args['home'] }} | |
| - shell: {{ args['shell'] }} | |
| - uid: {{ args['uid'] }} | |
| - gid: {{ args['gid'] }} | |
| {% if 'password' in args %} | |
| - password: {{ args['password'] }} | |
| {% if 'enforce_password' in args %} | |
| - enforce_password: {{ args['enforce_password'] }} | |
| {% endif %} | |
| {% endif %} | |
| - fullname: {{ args['fullname'] }} | |
| {% if 'groups' in args %} | |
| - groups: {{ args['groups'] }} | |
| {% endif %} | |
| - require: | |
| - group: {{ user }} | |
| {% if 'key.pub' in args and args['key.pub'] == True %} | |
| {{ user }}_key.pub: | |
| ssh_auth: | |
| - present | |
| - user: {{ user }} | |
| - source: salt://users/{{ user }}/keys/key.pub | |
| {% endif %} | |
| {% endfor %} |
Very informative example, Thank you.
I am facing some issues, I am working on multiple CM tools and all worked fine for me in Puppet and Chef. Recently doing POC on salt and stuck at password level. Though all worked fine but I am unable to use the password for login (infact /etc/shadow is also empty at password field). Could someone have a look:
[root@salt users]# cat /srv/salt/top.sls
base:
'':
- users
[root@salt users]# cat /srv/salt/users/init.sls
{% for user, args in pillar.get('users', {}).items() %}
{{user}}:
user.present:
- uid: {{ args['uid'] }}
{% if 'shell' in args %}
- shell: {{ args['shell'] }}
{% if 'passwd' in args %}
- passwd: {{ args['passwd'] }}
{% endif %}
{% endif %}
{% endfor %}
[root@salt users]# cat /srv/pillar/top.sls
base:
'':
- users
[root@salt users]# cat /srv/pillar/users/init.sls
users:
test10:
uid: 3333
shell: /sbin/nologin
test11:
uid: 3334
passwd: '$6$somesalt!$3UQn7wIuHJUkfawfTqftXADbm88MhnV/hYIcDStmcVTEzWyO4ovUe9bYcpL1Nl5ae1wagxAJEqfTMyf1dsMGA1'
test12:
uid: 3335
[root@salt users]#
PS: I tried with multiple password options, nothing worked for me.
Regards,
Yogesh Raheja
@yogeshraheja I think you want password, not passwd.
Also be aware that there is hash_password, which is false by default. hash_password: False means that password is already hashed, but hash_password: True means that password is stored in plaintext and must be hashed by the underlying module.
@utahdav Thanks for this sharing, It really saved my day :)
Is there a way to create just a user and make his primary group to be an already existing group? I've been hacking away on this for the past few hours but can't seem to get it done. The state creates a group with a name based on the username.
EDIT: I seem to have figured that out: