https://github.com/firebase/chef-user
A convenient Chef LWRP to manage user accounts and SSH keys
https://github.com/firebase/chef-user
Last synced: 7 months ago
JSON representation
A convenient Chef LWRP to manage user accounts and SSH keys
- Host: GitHub
- URL: https://github.com/firebase/chef-user
- Owner: firebase
- Archived: true
- Fork: true (fnichol/chef-user)
- Created: 2015-11-14T00:52:07.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2015-09-23T13:50:14.000Z (over 10 years ago)
- Last Synced: 2024-09-28T17:01:35.682Z (over 1 year ago)
- Language: Ruby
- Homepage: http://fnichol.github.io/chef-user
- Size: 761 KB
- Stars: 4
- Watchers: 4
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
Awesome Lists containing this project
README
[](http://travis-ci.org/fnichol/chef-user)
A convenient Chef LWRP to manage user accounts and SSH keys. This is **not**
the Opscode *users* cookbook.
* Website: http://fnichol.github.io/chef-user/
* Opscode Community Site: http://community.opscode.com/cookbooks/user
* Source Code: https://github.com/fnichol/chef-user
Simply include this cookbook as a dependency in `metadata.rb` and the `user_account`
resource will be available. Example:
# In your_cookbook/metadata.rb
depends 'user'
# In your_cookbook/recipes/default.rb
user_account 'hsolo' do
ssh_keygen true
end
To use `recipe[user::data_bag]`, include it in your run\_list and have a
data bag called `"users"` with an item like the following:
{
"id" : "hsolo",
"comment" : "Han Solo",
"home" : "/opt/hoth/hsolo",
"groups" : ["admin", "www-data"],
"ssh_keys" : ["123...", "456..."]
}
or a user to be removed:
{
"id" : "lando",
"action" : "remove"
}
If you have a username containing a period, use a dash in the data bag item
and set a `username` attribute:
{
"id" : "luke-skywalker",
"username" : "luke.skywalker",
"action" : ["create", "lock"]
}
The data bag recipe will iterate through a list of usernames defined in
`node['users']` (by default) and attempt to pull in the user's information
from the data bag item. In other words, having:
node['users'] = ['hsolo', 'lando', 'luke.skywalker']
will set up the `hsolo` user information and not use the `lando` user
information.
Tested on 0.10.8 but newer and older version should work just fine. File an
[issue][issues] if this isn't the case.
The following platforms have been tested with this cookbook, meaning that the
recipes run on these platforms without error:
* ubuntu
* debian
* mac_os_x
There are **no** external cookbook dependencies.
Depending on the situation and use case there are several ways to install
this cookbook. All the methods listed below assume a tagged version release
is the target, but omit the tags to get the head of development. A valid
Chef repository structure like the [Opscode repo][chef_repo] is also assumed.
To install this cookbook from the Community Site, use the *knife* command:
knife cookbook site install user
[Berkshelf][berkshelf] is a cookbook dependency manager and development
workflow assistant. To install Berkshelf:
cd chef-repo
gem install berkshelf
berks init
To use the Community Site version:
echo "cookbook 'user'" >> Berksfile
berks install
Or to reference the Git version:
repo="fnichol/chef-user"
latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \
| ruby -rjson -e '
j = JSON.parse(STDIN.read);
puts j.map { |t| t["ref"].split("/").last }.sort.last
')
cat >> Berksfile < 'git://github.com/$repo.git', :branch => '$latest_release'
END_OF_BERKSFILE
berks install
[Librarian-Chef][librarian] is a bundler for your Chef cookbooks.
To install Librarian-Chef:
cd chef-repo
gem install librarian
librarian-chef init
To use the Opscode platform version:
echo "cookbook 'user'" >> Cheffile
librarian-chef install
Or to reference the Git version:
repo="fnichol/chef-user"
latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \
| ruby -rjson -e '
j = JSON.parse(STDIN.read);
puts j.map { |t| t["ref"].split("/").last }.sort.last
')
cat >> Cheffile < 'git://github.com/$repo.git', :ref => '$latest_release'
END_OF_CHEFFILE
librarian-chef install
This recipe is a no-op and does nothing.
Processes a list of users with data drawn from a data bag. The default data bag
is `users` and the list of user accounts to create on this node is set on
`node['users']`.
The default parent path of a user's home directory. Each resource can override
this value which varies by platform. Generally speaking, the default value is
`"/home"`.
The default user shell given to a user. Each resource can override this value
which varies by platform. Generally speaking, the default value is
`"/bin/bash"`.
The default Unix permissions applied to a user's home directory.
The default is `"2755"`.
Whether of not to manage the home directory of a user by default. Each resource
can override this value. The are 2 valid states:
* `"true"`, `true`, or `"yes"`: will manage the user's home directory.
* `"false"`, `false`, or `"no"`: will not manage the user's home directory.
The default is `true`.
Whether of not to allow the creation of a user account with a duplicate UID.
Each resource can override this value. The are 2 valid states:
* `"true"`, `true`, or `"yes"`: will allow duplicate UIDs.
* `"false"`, `false`, or `"no"`: will not allow duplicate UIDs.
The default is `false`.
Whether or not to to create a group with the same name as the user by default.
Each resource can override this value. The are 2 valid states:
* `"true"`, `true`, or `"yes"`: will create a group for the user by default.
* `"false"`, `false`, or `"no"`: will not create a group for the user by default.
The default is `true`.
Whether or not to generate an SSH keypair for the user by default. Each
resource can override this value. There are 2 valid states:
* `"true"`, `true`, or `"yes"`: will generate an SSH keypair when the account
is created.
* `"false"`, `false`, or `"no"`: will not generate an SSH keypair when the account
is created.
The default is `true`.
The data bag name containing a group of user account information. This is used
by the `data_bag` recipe to use as a database of user accounts.
The default is `"users"`.
The node attributes containing an array of users to be managed. If a nested
hash in the node's attributes is required, then use a `/` between subhashes.
For example, if the users' array is stored in `node['system']['accounts']`),
then set `node['user']['user_array_node_attr']` to `"system/accounts"`.
The default is `"users"`.
**Note:** in order to use the `password` attribute, you must have the
[ruby-shadow gem][ruby-shadow_gem] installed. On Debian/Ubuntu you can get
this by installing the "libshadow-ruby1.8" package.
Action
Description
Default
create
Create the user, its home directory, .ssh/authorized_keys,
and .ssh/{id_rsa,id_rsa.pub}.
Yes
remove
Remove the user account.
modify
Modify the user account.
manage
Manage the user account.
lock
Lock the user's password.
unlock
Unlock the user's password.
Attribute
Description
Default Value
username
Name attribute: The name of the user.
nil
comment
Gecos/Comment field.
nil
uid
The numeric user id.
nil
gid
The primary group id.
nil
groups
Array of other groups this user should be a member of.
nil
home
Home directory location.
"#{node['user']['home_root']}/#{username}
shell
The login shell.
node['user']['default_shell']
password
Shadow hash of password.
nil
system_user
Whether or not to create a system user.
false
manage_home
Whether or not to manage the home directory.
true
non_unique
Whether or not to allow the creation of a user account with a duplicate UID.
false
create_group
Whether or not to to create a group with the same name as the user.
node['user']['create_group']
ssh_keys
A String or Array of SSH public keys to populate the
user's .ssh/authorized_keys file.
[]
ssh_keygen
Whether or not to generate an SSH keypair for the user.
node['user']['ssh_keygen']
groups
An Array of groups to which to add the user.
[]
##### Creating a User Account
user_account 'hsolo' do
comment 'Han Solo'
ssh_keys ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']
home '/opt/hoth/hsolo'
end
##### Creating and Locking a User Account
user_account 'lando' do
action [:create, :lock]
end
##### Removing a User account
user_account 'obiwan' do
action :remove
end
* Source hosted at [GitHub][repo]
* Report issues/Questions/Feature requests on [GitHub Issues][issues]
Pull requests are very welcome! Make sure your patches are well tested.
Ideally create a topic branch for every separate change you make.
Author:: [Fletcher Nichol][fnichol] () [](http://coderwall.com/fnichol)
Copyright 2011, Fletcher Nichol
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
[berkshelf]: http://berkshelf.com/
[chef_repo]: https://github.com/opscode/chef-repo
[cheffile]: https://github.com/applicationsonline/librarian/blob/master/lib/librarian/chef/templates/Cheffile
[kgc]: https://github.com/websterclay/knife-github-cookbooks#readme
[librarian]: https://github.com/applicationsonline/librarian#readme
[ruby-shadow_gem]: https://rubygems.org/gems/ruby-shadow
[repo]: https://github.com/fnichol/chef-user
[issues]: https://github.com/fnichol/chef-user/issues