• Stars
    star
    222
  • Rank 174,965 (Top 4 %)
  • Language
    Ruby
  • Created almost 13 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A convenient Chef LWRP to manage user accounts and SSH keys

User Chef Cookbook

Build Status

Description

A convenient Chef LWRP to manage user accounts and SSH keys. This is not the Opscode users cookbook.

Usage

Simply include this cookbook as a dependency in metadata.rb and the user_account resource will be available. Example:

# In your_cookbook/metadata.rb
depends 'user'

# In your_cookbook/recipes/default.rb
user_account 'hsolo' do
    ssh_keygen true
end

To use recipe[user::data_bag], include it in your run_list and have a data bag called "users" with an item like the following:

{
  "id"        : "hsolo",
  "comment"   : "Han Solo",
  "home"      : "/opt/hoth/hsolo",
  "groups"    : ["admin", "www-data"],
  "ssh_keys"  : ["123...", "456..."]
}

or a user to be removed:

{
  "id"      : "lando",
  "action"  : "remove"
}

If you have a username containing a period, use a dash in the data bag item and set a username attribute:

{
  "id"        : "luke-skywalker",
  "username"  : "luke.skywalker",
  "action"    : ["create", "lock"]
}

The data bag recipe will iterate through a list of usernames defined in node['users'] (by default) and attempt to pull in the user's information from the data bag item. In other words, having:

node['users'] = ['hsolo', 'lando', 'luke.skywalker']

will set up the hsolo user information and not use the lando user information.

Requirements

Chef

Tested on 0.10.8 but newer and older version should work just fine. File an issue if this isn't the case.

Platform

The following platforms have been tested with this cookbook, meaning that the recipes run on these platforms without error:

  • ubuntu
  • debian
  • mac_os_x

Cookbooks

There are no external cookbook dependencies.

Installation

Depending on the situation and use case there are several ways to install this cookbook. All the methods listed below assume a tagged version release is the target, but omit the tags to get the head of development. A valid Chef repository structure like the Opscode repo is also assumed.

From the Community Site

To install this cookbook from the Community Site, use the knife command:

knife cookbook site install user

Using Berkshelf

Berkshelf is a cookbook dependency manager and development workflow assistant. To install Berkshelf:

cd chef-repo
gem install berkshelf
berks init

To use the Community Site version:

echo "cookbook 'user'" >> Berksfile
berks install

Or to reference the Git version:

repo="fnichol/chef-user"
latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \
| ruby -rjson -e '
  j = JSON.parse(STDIN.read);
  puts j.map { |t| t["ref"].split("/").last }.sort.last
')
cat >> Berksfile <<END_OF_BERKSFILE
cookbook 'user',
  :git => 'git://github.com/$repo.git', :branch => '$latest_release'
END_OF_BERKSFILE
berks install

Using Librarian-Chef

Librarian-Chef is a bundler for your Chef cookbooks. To install Librarian-Chef:

cd chef-repo
gem install librarian
librarian-chef init

To use the Opscode platform version:

echo "cookbook 'user'" >> Cheffile
librarian-chef install

Or to reference the Git version:

repo="fnichol/chef-user"
latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \
| ruby -rjson -e '
  j = JSON.parse(STDIN.read);
  puts j.map { |t| t["ref"].split("/").last }.sort.last
')
cat >> Cheffile <<END_OF_CHEFFILE
cookbook 'user',
  :git => 'git://github.com/$repo.git', :ref => '$latest_release'
END_OF_CHEFFILE
librarian-chef install

Recipes

default

This recipe is a no-op and does nothing.

data_bag

Processes a list of users with data drawn from a data bag. The default data bag is users and the list of user accounts to create on this node is set on node['users'].

Attributes

home_root

The default parent path of a user's home directory. Each resource can override this value which varies by platform. Generally speaking, the default value is "/home".

default_shell

The default user shell given to a user. Each resource can override this value which varies by platform. Generally speaking, the default value is "/bin/bash".

home_dir_mode

The default Unix permissions applied to a user's home directory.

The default is "2755".

manage_home

Whether of not to manage the home directory of a user by default. Each resource can override this value. The are 2 valid states:

  • "true", true, or "yes": will manage the user's home directory.
  • "false", false, or "no": will not manage the user's home directory.

The default is true.

non_unique

Whether of not to allow the creation of a user account with a duplicate UID. Each resource can override this value. The are 2 valid states:

  • "true", true, or "yes": will allow duplicate UIDs.
  • "false", false, or "no": will not allow duplicate UIDs.

The default is false.

create_group

Whether or not to to create a group with the same name as the user by default. Each resource can override this value. The are 2 valid states:

  • "true", true, or "yes": will create a group for the user by default.
  • "false", false, or "no": will not create a group for the user by default.

The default is true.

ssh_keygen

Whether or not to generate an SSH keypair for the user by default. Each resource can override this value. There are 2 valid states:

  • "true", true, or "yes": will generate an SSH keypair when the account is created.
  • "false", false, or "no": will not generate an SSH keypair when the account is created.

The default is true.

data_bag_name

The data bag name containing a group of user account information. This is used by the data_bag recipe to use as a database of user accounts.

The default is "users".

user_array_node_attr

The node attributes containing an array of users to be managed. If a nested hash in the node's attributes is required, then use a / between subhashes. For example, if the users' array is stored in node['system']['accounts']), then set node['user']['user_array_node_attr'] to "system/accounts".

The default is "users".

Resources and Providers

user_account

Note: in order to use the password attribute, you must have the ruby-shadow gem installed. On Debian/Ubuntu you can get this by installing the "libshadow-ruby1.8" package.

Actions

Action Description Default
create Create the user, its home directory, .ssh/authorized_keys, and .ssh/{id_rsa,id_rsa.pub}. Yes
remove Remove the user account.  
modify Modify the user account.  
manage Manage the user account.  
lock Lock the user's password.  
unlock Unlock the user's password.  

Attributes

Attribute Description Default Value
username Name attribute: The name of the user. nil
comment Gecos/Comment field. nil
uid The numeric user id. nil
gid The primary group id. nil
groups Array of other groups this user should be a member of. nil
home Home directory location. "#{node['user']['home_root']}/#{username}
shell The login shell. node['user']['default_shell']
password Shadow hash of password. nil
system_user Whether or not to create a system user. false
manage_home Whether or not to manage the home directory. true
non_unique Whether or not to allow the creation of a user account with a duplicate UID. false
create_group Whether or not to to create a group with the same name as the user. node['user']['create_group']
ssh_keys A String or Array of SSH public keys to populate the user's .ssh/authorized_keys file. If the provided String is not a vaild ssh public-key, it will try to retrieve the public-key from the data_bag specified in ssh_pubkey_data_bag (see below) []
ssh_keygen Whether or not to generate an SSH keypair for the user. node['user']['ssh_keygen']
groups An Array of groups to which to add the user. []
ssh_pubkey_data_bag A String providing the name of the data_bag holding the public keys. Expected format of the data_bag:
{
  "id": "username",
  "keys": [
    "ssh-ed25519 AAAA...",
    "ssh-rsa AAAA..."
  ]
}
        
'ssh_public_keys'

Examples

Creating a User Account
user_account 'hsolo' do
  comment     'Han Solo'
  ssh_keys    ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']
  home        '/opt/hoth/hsolo'
  ssh_keypair 'id_rsa' => "-----BEGIN OPENSSH PRIVATE KEY-----\n...",
              'id_rsa.pub' => 'ssh-rsa AAAA....'
end
Creating and Locking a User Account
user_account 'lando' do
  action  [:create, :lock]
end
Removing a User account
user_account 'obiwan' do
  action  :remove
end

Development

Pull requests are very welcome! Make sure your patches are well tested. Ideally create a topic branch for every separate change you make.

License and Author

Author:: [Fletcher Nichol][fnichol] ([email protected]) endorse

Copyright 2011, Fletcher Nichol

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

dvm

An on demand Docker virtual machine, thanks to Vagrant and boot2docker. Works great on Macs and other platforms that don't natively support the Docker daemon. Support VirtualBox, VMware, and Parallels.
Shell
458
star
2

chef-jenkins

Former location for Jenkins Chef cookbook, now maintained by Chef Software Inc at https://github.com/chef-cookbooks/jenkins
Ruby
175
star
3

knife-server

A Chef Knife plugin to manage Chef Servers. Bootstrap a new Chef Server on Amazon's EC2, Digital Ocean, Linode, OpenStack or a standalone server. Backup and restore your Chef Server or Hosted Chef's node, role, data bag, and environment JSON data.
Ruby
158
star
4

names

Random name generator for Rust
Rust
120
star
5

macosx-iterm2-settings

A project to save the settings and preferences for iTerm2 to a Git repository in XML format which is easier for humans to reason about.
Shell
74
star
6

bashrc

cross platform bash configuration for system deployments
Shell
50
star
7

docker-uhttpd

A Docker micro image for uhttpd, a tiny, lightweight web server
Shell
44
star
8

chef-rvm_passenger

Chef cookbook which installs the Passenger gem via RVM and configures Apache or nginx.
Ruby
32
star
9

docker-ngrok

A Docker image for ngrok, introspected tunnels to localhost
Shell
29
star
10

wiki-notes

28
star
11

chef-bootstrap-repo

Shell
28
star
12

searchef

Stub Chef Search!
Ruby
28
star
13

chef-homesick

Chef library cookbook to manage Homesick castle repositories.
Ruby
28
star
14

emeril

Emeril: Tag And Release Chef Cookbooks As A Library
Ruby
28
star
15

chef-gitorious

Gitorious cookbook for Chef
Ruby
25
star
16

features-rs

features - A Rust library for runtime feature toggles
Rust
22
star
17

capistrano-fanfare

Ruby
21
star
18

libsh

A library of common, reusable, and portable POSIX shell functions.
Shell
20
star
19

devstack-vagrant-basebox

Vagrant Box Generator for OpenStack's DevStack
Shell
18
star
20

limitation

Rate limiting using a fixed window counter for arbitrary keys, backed by Redis.
Rust
16
star
21

docker-rust

Rust Programming Language Docker Images!
Shell
16
star
22

veewee-definitions

Some custom/modified VeeWee definitions for Vagrant base boxes
Ruby
16
star
23

omnibus-puppet

Experimental Puppet Omnibus packages
Ruby
15
star
24

packer-templates

Shell
15
star
25

dotfiles

A personal set of Unix "dotfiles" to configure various programs.
Perl
15
star
26

chef-alfresco

Chef cookbook to install Alfresco Community Edition.
Ruby
15
star
27

guard-webrick

Guard::WEBrick automatically starts and restarts WEBrick when needed.
Ruby
14
star
28

chef-webapp

Ruby
11
star
29

finstyle

Finstyle: Version Pinning RuboCop and Configuration for CI
Ruby
11
star
30

chef-vagrant_extras

Chef cookbook with extra fixes and shims for running your recipes in a Vagrant virtual machine.
Ruby
10
star
31

arch-linux-installer

Arch Linux with ZFS installer
Shell
10
star
32

minitest-capistrano

MiniTest assertions and expectations for testing Capistrano recipes
Ruby
10
star
33

chefdk-update-app

A little help when you want to update an appbundled project inside ChefDK
Ruby
9
star
34

chef-openssh

Former location for a fork of the OpenSSH Chef cookbook, now maintained by Chef Software Inc at https://github.com/chef-cookbooks/openssh
HTML
9
star
35

chef-zip_app

Chef LWRP to install Mac OS X applications from zip archives
Ruby
9
star
36

dotvim

A personal editor setup for vi, Vim, MacVim, and Neovim
Vim Script
9
star
37

workstation

Shell
9
star
38

chef-rbenv_system_pkgs

Chef cookbook which installs pre-built rbenv Ruby version tarballs in a system install. Works with chef-ruby_build and chef-rbenv.
Ruby
9
star
39

rails-template-recipes

Ruby
8
star
40

campy

Tiny Campfire Ruby client so you can get on with it.
Ruby
7
star
41

libarchive-rust

A Rust crate for interacting with archives using libarchive
Rust
7
star
42

docker-check-shell

A Docker image with linters (such as ShellCheck and hadolint) and formatters (such as shfmt) for POSIX, Bash, and mksh shell code.
Shell
7
star
43

nameit

Nameit is a small zero-dependency library and tool that helps you generate a random name for a project, database, session--you decide. You get glorious adjective-noun style names such as "pushy-clock" and "lovely-ducks" or ask for a random number on the end to give you names like "numberless-cactus-123" and "superb-shoes-915".
Ruby
7
star
44

homebrew-dvm

A Homebrew formula for dvm, effortless Docker-in-a-box for unsupported Docker platforms, like the Mac.
Ruby
6
star
45

chef-fanfare

Ruby
6
star
46

iocage-provision

Creates an iocage based FreeBSD jail
Rust
6
star
47

chef-platform_packages

Chef cookbook which installs individual packages via attribute or data bag metadata.
Ruby
6
star
48

iocage-plugin-gitea

An iocage plugin for Gitea, a painless self-hosted Git service.
Shell
5
star
49

opscode

Opscode - An Infrastructure Code Workflow Tool
Ruby
4
star
50

chef-hostname

Ruby
4
star
51

fnichol-cime

A demonstration of a Rust CI build/test/release workflow supporting multi-platform testing, binary builds, Docker image building, and Crates.io publishing.
Shell
4
star
52

vagrant-butter

Smooth out Vagrantfiles with some common helpers and shims
Ruby
4
star
53

chef-mysql

Former location for a fork of the MySQL Chef cookbook, now maintained by Chef Software Inc at https://github.com/chef-cookbooks/mysql
Ruby
4
star
54

rbenvinator

Building Ruby version tarballs for rbenv. Because your time is valuable.
Ruby
4
star
55

chef-puppet

Chef cookbook to install and manage a Puppet Master service. No, really.
Ruby
3
star
56

chef-dmg

Opscode DMG Chef Cookbook fork which fixes copying of symlinks, like in Dropbox.dmg
Ruby
3
star
57

iterative_chef

Ruby
3
star
58

chef-xbmc

Ruby
3
star
59

tapasd

tapasd - a concurrent Ruby Tapas episode downloader
Go
3
star
60

docker-stylua

A small Docker image for StyLua, an opinionated Lua code formatter.
Shell
3
star
61

renv

renv: A Ruby Environment Context Switcher
Shell
3
star
62

docker-vint

A small Docker image for Vint, a fast and highly extensible Vim script language linter implemented in Python
Shell
3
star
63

chef-github_repo_mirror

Ruby
3
star
64

capstrap

Bootstrapping Ubuntu with chef-solo using Capistrano.
Ruby
3
star
65

opif

OpenBSD Post-Installation Framework (opif). A treat from the Nichol Code Archives.
Perl
2
star
66

mtoc

Generates and writes a table of contents into any Markdown document
Rust
2
star
67

iocage-plugin-nginx

An iocage plugin for nginx, a Robust and small WWW server.
Shell
2
star
68

obpf

OpenBSD Binary Patching Framework (obpf). A treat from the Nichol Code Archives.
Perl
2
star
69

docker-acme-truenas

A Docker image with acme.sh and deploy-freenas which can be used to continually renew and deploy Let's Encrypt SSL certificates.
Shell
2
star
70

mysql_backup

Shell
2
star
71

chef-searchef

Chef cookbook to use Searchef (Stub Chef Search!).
Ruby
2
star
72

libarchive3-sys

Rust
2
star
73

chef-transmission

Ruby
2
star
74

chef-ubuntu_nvidia_gpu

Chef cookbook to install the NVIDIA binary Xorg driver.
Ruby
2
star
75

capistrano-lastmile

Take Capistrano the last mile to deployment bliss.
Ruby
2
star
76

chef-solo_data_bags

Adds data bag support for older versions of Chef in solo mode
Ruby
2
star
77

chef-mythtv

Ruby
2
star
78

chef-openoffice

Chef cookbook to install the OpenOffice productivity suite.
Ruby
2
star
79

guard_boilerplate

A simple script that allows you to run Guard to refresh your web browser and optionally recompile Sass/Haml files
Ruby
2
star
80

chef-oracle_instantclient

Ruby
1
star
81

openbsd-builder

Builds an OpenBSD release of -stable for on-site usage.
Shell
1
star
82

dotx

A personal set of X Windows/Wayland configuration for various programs
SCSS
1
star
83

pry_me_out

Ruby
1
star
84

fnichol.com

HTML
1
star
85

chef-inspec_example

Chef cookbook example using Test Kitchen & InSpec Verifier
Ruby
1
star
86

versio

Rust
1
star
87

piawg

Rust
1
star
88

charts

Applications and services, provided by fnichol, ready to launch on Kubernetes using the Helm package manager
Smarty
1
star
89

testr

Shell
1
star
90

bento_box_server

Ruby
1
star
91

chef-platform_ubuntu

Ruby
1
star
92

obpf-makefiles

Working examples of OpenBSD release obpf Makefiles
1
star
93

rack_deploy_me

Ruby
1
star
94

yegrb-groovy-talk

Ruby
1
star
95

iocage-plugin-transmission-pia

Shell
1
star
96

docker-nginx-tcp-lb

A small Docker image for running an nginx TCP load balancer.
Shell
1
star
97

chef-platform_suse

Ruby
1
star
98

php_deploy_me

PHP
1
star
99

chef-dna-spike

Ruby
1
star
100

foreman-export-fanfare

Ruby
1
star