Saltstack sample of using states and pillars for users

saltsample_09252012_01

Here is a sample of how I am currently dealing with users.

Big thanks to uggedal! I used his user states as an example: https://github.com/uggedal/states

###
# How to create password hashes
###
python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt\$')"

###
# top.sls in pillars
###
base:
  '*':
    - groups
    - users

###
# users.sls
###

users:
  user1:
    fullname: Robert Hernandez
    uid: 5000
    gid: 5000
    shell: /bin/bash
    home: /home/user1
    groups:
      - wheel
      - admin
    password: $6$SALTsalt$UiZikbV3VeeBPsg8./Q5DAfq9aj7CVZMDU6ffBiBLgUEpxv7LMXKbcZ9JSZnYDrZQftdG319XkbLVMvWcF/Vr/
    enforce_password: True
    key.pub: True

  user2:
    fullname: Joe Smith
    uid: 5031
    gid: 5031
    shell: /bin/bash
    home: /home/user2
    password: $6$SALTsalt$UiZikbV3VeeBPsg8./Q5DAfq9aj7CVZMDU6ffBiBLgUEpxv7LMXKbcZ9JSZnYDrZQftdG319XkbLVMvWcF/Vr/
    groups:
      - admin
    key.pub: True
	  
###
# groups.sls
###
groups:
  admin:
    gid: 6010
	
###
# top.sls in states
###
base:
  "*":
    - groups
    - users

###
# groups.sls
###
{% for group, args in pillar['groups'].iteritems() %}
{{ group }}:
  group.present:
    - name: {{ group }}
{% if 'gid' in args %}
    - gid: {{ args['gid'] }}
{% endif %}
{% endfor %}
	
###
# users.sls 
###
{% for user, args in pillar['users'].iteritems() %}
{{ user }}:
  group.present:
    - gid: {{ args['gid'] }}
  user.present:
    - home: {{ args['home'] }}
    - shell: {{ args['shell'] }}
    - uid: {{ args['uid'] }}
    - gid: {{ args['gid'] }}
{% if 'password' in args %}
    - password: {{ args['password'] }}
{% if 'enforce_password' in args %}
    - enforce_password: {{ args['enforce_password'] }}
{% endif %}
{% endif %}
    - fullname: {{ args['fullname'] }}
{% if 'groups' in args %}
    - groups: {{ args['groups'] }}
{% endif %}
    - require:
      - group: {{ user }}

{% if 'key.pub' in args and args['key.pub'] == True %}
{{ user }}_key.pub:
  ssh_auth:
    - present
    - user: {{ user }}
    - source: salt://users/{{ user }}/keys/key.pub
{% endif %}
{% endfor %}

Very informative example, Thank you.

I am facing some issues, I am working on multiple CM tools and all worked fine for me in Puppet and Chef. Recently doing POC on salt and stuck at password level. Though all worked fine but I am unable to use the password for login (infact /etc/shadow is also empty at password field). Could someone have a look:

[root@salt users]# cat /srv/salt/top.sls
base:
'':
- users
[root@salt users]# cat /srv/salt/users/init.sls
{% for user, args in pillar.get('users', {}).items() %}
{{user}}:
user.present:
- uid: {{ args['uid'] }}
{% if 'shell' in args %}
- shell: {{ args['shell'] }}
{% if 'passwd' in args %}
- passwd: {{ args['passwd'] }}
{% endif %}
{% endif %}
{% endfor %}
[root@salt users]# cat /srv/pillar/top.sls
base:
'':
- users
[root@salt users]# cat /srv/pillar/users/init.sls
users:
test10:
uid: 3333
shell: /sbin/nologin
test11:
uid: 3334
passwd: '$6$somesalt!$3UQn7wIuHJUkfawfTqftXADbm88MhnV/hYIcDStmcVTEzWyO4ovUe9bYcpL1Nl5ae1wagxAJEqfTMyf1dsMGA1'
test12:
uid: 3335
[root@salt users]#

PS: I tried with multiple password options, nothing worked for me.

Regards,
Yogesh Raheja

@yogeshraheja I think you want password, not passwd.

Also be aware that there is hash_password, which is false by default. hash_password: False means that password is already hashed, but hash_password: True means that password is stored in plaintext and must be hashed by the underlying module.

@utahdav Thanks for this sharing, It really saved my day :)