Adding an existing user to a group with puppet

Solution 1:

Using Puppet virtual resources is the right way to do it - but if you can't change the user definitions and need a workaround fix meanwhile, the following is horrible and hacky, but will work:

exec { 'foo somegroup membership':
  unless  => '/bin/grep -q "somegroup\\S*foo" /etc/group',
  command => '/sbin/usermod -aG somegroup foo',
  require => User['foo'],
}

Essentially we just check if somegroup contains user foo yet... if not, use the normal usermod commands to add it in addition to the existing groups that foo belongs to.

Solution 2:

If you declare users as virtual resources , you can then use 'realize' or the collection syntax ( User <| ... |>). Here's an example:

@user { 'foo':
  groups     => ['somegroup'],
  membership => minimum,
}

Then realize that virtual user with then collection syntax:

User <| title == foo |>

And elsewhere you can add to the parameters for that virtual resource using plusignment:

User <| title == foo |> { groups +> "svn" }

---

Solution 3:

Thanks - ugly hack for sure, but it gets the job done. Here's a pathed example (combining the above comments) to add 'nrpe' to the 'nagios' group. I used a package require as the user here is RPM provided rather than by puppet.

  exec {"nrpe nagios membership":
    unless => "/bin/getent group nagios|/bin/cut -d: -f4|/bin/grep -q nrpe",
    command => "/usr/sbin/usermod -a -G nagios nrpe",
    require => Package['nrpe'],
  }