18 | | In addition, QWG Templates provide a template, [source:templates/trunk/standard/users/config.tpl standard/users/config.tpl] that allows efficient creation of users and groups on a large number of machine. Look at [source:templates/trunk/standard/users/config.tpl template] for more information on how to configure it. |
| 20 | In addition, QWG Templates provide a template, [source:templates/trunk/standard/users/config.tpl standard/users/config.tpl] that allows efficient creation of users and groups on a large number of machine. The goal of this template is to create a consistent set of users on several machines with flexible configuration options providing the following features : |
| 21 | * A unique list of user and group definitions so that if a user or group exists on several machines, it will have the same account characteristics (uid, gid...). |
| 22 | * For each user, ability to define an optional public SSH key. |
| 23 | * For each machine, ability to select the subset of users and groups to create. |
| 24 | * Ability to define named subsets of users that are assigned to machines rather than giving the explicit list of users. |
| 25 | * Support for a default list of users to create on all machines, either in addition to machine specific users or as a default list when no other users are defined. |
| 26 | |
| 27 | This template takes its input from a site template whose name must be passed in variable `USER_CONFIG_SITE`. This site template may define the following variables (whose default value is an empty list or nlist according to variables) : |
| 28 | * `USER_LIST`: a nlist defining user account characteristics with one entry per user. Key is userid, value is a nlist corresponding to a valid set of `ncm-accounts` user properties. Example: |
| 29 | {{{ |
| 30 | variable USER_LIST ?= nlist( |
| 31 | 'userex', nlist('uid',711, |
| 32 | 'groups',list('groupex'), |
| 33 | ), |
| 34 | 'userex2', nlist('uid',712, |
| 35 | 'groups',list('groupex2'), |
| 36 | ), |
| 37 | ); |
| 38 | }}} |
| 39 | * `USER_SSH_KEYS`: a nlist defining an optional user's public SSH key with one entry per user. Key is the userid, value is a URL where the public key can be downloaded from. Example: |
| 40 | {{{ |
| 41 | variable USER_SSH_KEYS ?= nlist( |
| 42 | 'userex', USER_LIST_SSHKEY_URL_PREFIX+'userex.pub', |
| 43 | 'userex2', USER_LIST_SSHKEY_URL_PREFIX+'userex2.pub', |
| 44 | ); |
| 45 | }}} |
| 46 | * `GROUP_LIST` : a nlist defining group characteristics with one entry per group. Key is the group name, value is a nlist corresponding to a valid set of `ncm-accounts` group properties. There is no need to define a group in this list if it is dedicated to one user and uses as gid user's uid. Example: |
| 47 | {{{ |
| 48 | variable GROUP_LIST ?= nlist( |
| 49 | 'groupex', nlist('gid',800), |
| 50 | ); |
| 51 | }}} |
| 52 | * `DB_MACHINE_GROUPS`: a nlist defining the groups to create on a specific machine. Key is a machine name, value is a list of groups which must exist in `GROUP_LIST`. When adding a group to a machine, all users accounts belonging to the group will be created also, thus it is generally more convenient to add user accounts through this variable rather than through DB_MACHINE_USERS. Groups implicitly created with a gid equals to user's gid should not be listed in this nlist. Example: |
| 53 | {{{ |
| 54 | variable DB_MACHINE_GROUPS ?= nlist( |
| 55 | 'mynode.example.com', list('groupex'), |
| 56 | ); |
| 57 | }}} |
| 58 | * `DB_MACHINE_USERS`: a nlist defining the users to create on a specific machine. Key is a machine name, value is a list of users which must exist in `USER_LIST`. This list is often empty as it is more generally convenient to add user accounts through group list (see `DB_MACHINE_GROUPS` description). Example: |
| 59 | {{{ |
| 60 | variable DB_MACHINE_USERS ?= nlist( |
| 61 | 'mynode.example.com', list('userex2'), |
| 62 | ); |
| 63 | }}} |
| 64 | * `DB_MACHINE_DEFAULT_ENTRIES`: nlist allowing to define accounts that must be created by default on a subset of machines. Key is a regexp matching one or more machine names. Value is a nlist with 2 possible entries (keys) : |
| 65 | * `entries` (mandatory): a string (if only one value) or a list of string referencing entries in `DB_MACHINE_USERS` or `DB_MACHINE_GROUPS`. |
| 66 | * `alwaysAdd` (optional): when true, add the entries even if there is an explicit entry for the machine in `DB_MACHINE_USERS` or `DB_MACHINE_GROUPS`. Default is false (entries are defined only if there is no explicit entry for the machine). |
| 67 | {{{ |
| 68 | variable DB_MACHINE_DEFAULT_ENTRIES ?= nlist( |
| 69 | escape('^grid.*\.example\.com$'), nlist('entries', 'userex2', |
| 70 | 'alwaysAdd', true), |
| 71 | ); |
| 72 | }}} |
| 73 | |
| 74 | |
| 75 | Look at [source:templates/trunk/standard/users/config.tpl template] header for more details. |