users

Synopsis

Provide a list of Linux local users required by the application

Attributes

Each item of the list has the following attributes:

Name req? Description
login yes The user's name
comment no Description of the user's account
group no Set the user primary group.
groups no Puts the user in this comma-delimited list of groups..
system no Is this a System user. (Note this can't be changed after user creation).
Default: no
managed no Boolean: Does HADeploy manage this user?
If false, no action will be performed on it (except authorized_keys and can_sudo_to handling), but a failure will the triggered if it does not exists.
Default: yes
scope no On which host does this user will be created? May be:
  • A single host name
  • A single host_group name
  • Several hosts or host_groups, separated by the character ':'
Default: all
can_sudo_to no A comma separated list of account this user will be able to 'sudo' into. May also be 'ALL'. Note this will be applied even if managed == no.
create_home no Unless set to no, a home directory will be made for the user when the account is created or if the home directory does not exist.
Default: yes
password no Set the user's password to this crypted value.
no_remove no Boolean: Prevent this group to be removed when HADeploy will be used in REMOVE mode.
Default: no
authorized_keys no Provide a list of public key files, which will be added to this user account in its authorized_keys file. Note this will be applied even if managed==no.
If these public key file locations are not absolute, they will be relative to the HADeploy embedding file location.
when no Boolean. Allow conditional deployment of this item.
Default True

Example

users:
- login: broadapp
  comment: "Broadapp technical account"
  groups: "broadgroup"
  authorized_keys:
  - keys/id_rsa.pub

- login: broaduser
  scope: control_nodes
  comment: "Broadapp user account"
  groups: "broadgroup",
  can_sudo_to: "hdfs, yarn"
  password: "$6$MySalt32$IrUOiWSpX.....8vkQfZgOslTQz.skFMhIWha.NLijJla/"

Trick

A method to generate the crypted form of a password:

python -c 'import crypt; print crypt.crypt("xxxxxx", "$6$MySalt32$")'