I have a Foreman 1.4 build environment in place.
I provision RHEL 6.5, and all is going well except for one catch.
I have, currently, two types of base server builds. General Purpose servers, and Web servers. And those are split across development, and production.
So, i have host groups setup in foreman/puppet. Development, Development/web servers, Production, and Production/web servers. I apply puppet classes accordingly.
When I provision servers i add our base server administration team's accounts in via kickstart. There are additional accounts that should be added to web servers though. So i'm trying to figure out a good way to handle those.
Some thoughts i've had.
Make a snippet, and apply that snippet if the server is in one of the web development groups.
problem here is, that i dont know how (or if its possible) to find the servers host group during kickstart
Make a script, similar to the snippet, and map it to the web server host groups.
Problem… How? I've tried making a template of the 'script' type, and adding my user creation snippet into it, then assigning it to the web server host groups. When i his 'resolve' in the OS definition for my host, it shows the added template, but when i provision that machine, it doesnt add the users.
Is there some way to accomplish this? Ultimately, i'm going to use FreeIPA for user auth, but that project isnt ready for prime time yet.
Are you using Puppet in your environment? If so, I would look into provisioning user accounts and groups with Puppet instead of trying to handle them in your Kickstart config.
I have a Foreman 1.4 build environment in place.
I provision RHEL 6.5, and all is going well except for one catch.
I have, currently, two types of base server builds. General Purpose servers, and Web servers. And those are split across development, and production.
So, i have host groups setup in foreman/puppet. Development, Development/web servers, Production, and Production/web servers. I apply puppet classes accordingly.
When I provision servers i add our base server administration team’s accounts in via kickstart. There are additional accounts that should be added to web servers though. So i’m trying to figure out a good way to handle those.
Some thoughts i’ve had.
Make a snippet, and apply that snippet if the server is in one of the web development groups.
problem here is, that i dont know how (or if its possible) to find the servers host group during kickstart
Make a script, similar to the snippet, and map it to the web server host groups.
Problem… How? I’ve tried making a template of the ‘script’ type, and adding my user creation snippet into it, then assigning it to the web server host groups. When i his ‘resolve’ in the OS definition for my host, it shows the added template, but when i provision that machine, it doesnt add the users.
Is there some way to accomplish this? Ultimately, i’m going to use FreeIPA for user auth, but that project isnt ready for prime time yet.
So, adding the base admins, i like doing via kickstart. Because, if for some reason puppet fails right after install, its problematic to get into the server, as no users have been added.
I'd be open to adding the web users with puppet, but i have one problem here. Puppet keeps changing their passwords back to whatever i set them to at the start. Maybe this is more of a puppet question but, how do i tell puppet to set a default password, but ignore it if the user changes it?
···
----- Original Message -----
> From: "Josh Baird"
> To: foreman-users@googlegroups.com
> Cc: foreman-users@googlegroups.com
> Sent: Monday, March 3, 2014 12:27:04 PM
> Subject: Re: [foreman-users] Adding groups of users while provisioning.
>
> Are you using Puppet in your environment? If so, I would look into
> provisioning user accounts and groups with Puppet instead of trying to
> handle them in your Kickstart config.
>
> Sent from my iPhone
>
> > On Mar 3, 2014, at 12:17 PM, "Lager, Nathan T." > > wrote:
> >
> > I have a Foreman 1.4 build environment in place.
> > I provision RHEL 6.5, and all is going well except for one catch.
> >
> > I have, currently, two types of base server builds. General Purpose
> > servers, and Web servers. And those are split across development, and
> > production.
> >
> > So, i have host groups setup in foreman/puppet. Development,
> > Development/web servers, Production, and Production/web servers. I apply
> > puppet classes accordingly.
> >
> > When I provision servers i add our base server administration team's
> > accounts in via kickstart. There are additional accounts that should be
> > added to web servers though. So i'm trying to figure out a good way to
> > handle those.
> >
> > Some thoughts i've had.
> >
> > Make a snippet, and apply that snippet if the server is in one of the web
> > development groups.
> > problem here is, that i dont know how (or if its possible) to find the
> > servers host group during kickstart
> >
> > Make a script, similar to the snippet, and map it to the web server host
> > groups.
> > Problem... How? I've tried making a template of the 'script' type, and
> > adding my user creation snippet into it, then assigning it to the web
> > server host groups. When i his 'resolve' in the OS definition for my
> > host, it shows the added template, but when i provision that machine, it
> > doesnt add the users.
> >
> > Is there some way to accomplish this? Ultimately, i'm going to use FreeIPA
> > for user auth, but that project isnt ready for prime time yet.
> >
> > Thanks!
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Foreman users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to foreman-users+unsubscribe@googlegroups.com.
> > To post to this group, send email to foreman-users@googlegroups.com.
> > Visit this group at http://groups.google.com/group/foreman-users.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
