Changes between Version 2 and Version 3 of Doc/OS/UserMgt


Ignore:
Timestamp:
Mar 13, 2008, 10:38:11 AM (16 years ago)
Author:
jouvin
Comment:

Describe bulk user creation

Legend:

Unmodified
Added
Removed
Modified
  • Doc/OS/UserMgt

    v2 v3  
    1515 * `ncm-sudo` : management of SUDO configuration
    1616 * `ncm-useraccess` : configuration of SSH keys for users and rights to access applications
     17
     18== Bulk Creation of Local Accounts ==
    1719 
    18 In addition, QWG Templates provide a template, [source:templates/trunk/standard/users/config.tpl standard/users/config.tpl] that allows efficient creation of users and groups on a large number of machine. Look at [source:templates/trunk/standard/users/config.tpl template] for more information on how to configure it.
     20In addition, QWG Templates provide a template, [source:templates/trunk/standard/users/config.tpl standard/users/config.tpl] that allows efficient creation of users and groups on a large number of machine. The goal of this template is to create a consistent set of users on several machines with flexible configuration options providing the following features :
     21 * A unique list of user and group definitions so that if a user or group exists on several machines, it will have the same account characteristics (uid, gid...).
     22 * For each user, ability to define an optional public SSH key.
     23 * For each machine, ability to select the subset of users and groups to create.
     24 * Ability to define named subsets of users that are assigned to machines rather than giving the explicit list of users.
     25 * Support for a default list of users to create on all machines, either in addition to machine specific users or as a default list when no other users are defined.
     26 
     27This template takes its input from a site template whose name must be passed in variable `USER_CONFIG_SITE`. This site template may define the following variables (whose default value is an empty list or nlist according to variables) :
     28 * `USER_LIST`: a nlist defining user account characteristics with one entry per user. Key is userid, value is a nlist corresponding to a valid set of `ncm-accounts` user properties. Example:
     29{{{
     30variable USER_LIST ?= nlist(
     31    'userex', nlist('uid',711,
     32                    'groups',list('groupex'),
     33                   ),
     34    'userex2', nlist('uid',712,
     35                     'groups',list('groupex2'),
     36                    ),
     37);
     38}}}
     39 * `USER_SSH_KEYS`: a nlist defining an optional user's public SSH key with one entry per user. Key is the userid, value is a URL where the public key can be downloaded from. Example:
     40{{{
     41variable USER_SSH_KEYS ?= nlist(
     42    'userex', USER_LIST_SSHKEY_URL_PREFIX+'userex.pub',
     43    'userex2', USER_LIST_SSHKEY_URL_PREFIX+'userex2.pub',
     44);
     45}}}
     46 * `GROUP_LIST` : a nlist defining group characteristics with one entry per group. Key is the group name, value is a nlist corresponding to a valid set of `ncm-accounts` group properties. There is no need to define a group in this list if it is dedicated to one user and uses as gid user's uid. Example:
     47{{{
     48variable GROUP_LIST ?= nlist(
     49    'groupex', nlist('gid',800),
     50);
     51}}}
     52 * `DB_MACHINE_GROUPS`: a nlist defining the groups to create on a specific machine. Key is a machine name, value is a list of groups which must exist in `GROUP_LIST`. When adding a group to a machine, all users accounts belonging to the group will be created also, thus it is generally more convenient to add user accounts through this variable rather than through DB_MACHINE_USERS. Groups implicitly created with a gid equals to user's gid should not be listed in this nlist. Example:
     53{{{
     54variable DB_MACHINE_GROUPS ?= nlist(
     55    'mynode.example.com', list('groupex'),
     56);
     57}}}
     58 * `DB_MACHINE_USERS`: a nlist defining the users to create on a specific machine. Key is a machine name, value is a list of users which must exist in `USER_LIST`. This list is often empty as it is more generally convenient to add user accounts through group list (see `DB_MACHINE_GROUPS` description). Example:
     59{{{
     60variable DB_MACHINE_USERS ?= nlist(
     61    'mynode.example.com', list('userex2'),
     62);
     63}}}
     64 * `DB_MACHINE_DEFAULT_ENTRIES`: nlist allowing to define accounts that must be created by default on a subset of machines. Key is a regexp matching one or more machine names. Value is a nlist with 2 possible entries (keys) :
     65   * `entries` (mandatory): a string (if only one value) or a list of string referencing entries in `DB_MACHINE_USERS` or `DB_MACHINE_GROUPS`.
     66   * `alwaysAdd` (optional): when true, add the entries even if there is an explicit entry for the machine in `DB_MACHINE_USERS` or `DB_MACHINE_GROUPS`. Default is false (entries are defined only if there is no explicit entry for the machine).
     67{{{
     68variable DB_MACHINE_DEFAULT_ENTRIES ?= nlist(
     69    escape('^grid.*\.example\.com$'), nlist('entries', 'userex2',
     70                                            'alwaysAdd', true),
     71);
     72}}}
     73
     74
     75Look at [source:templates/trunk/standard/users/config.tpl template]  header for more details.