(resending. sent from the wrong address previously)
Seth suggested I hit up the list if I didn’t find anything in the
archives so I am.
What’s the current best practice for fully managing users and groups
in Chef (outside of ldap). My recipe works fine except for the
handling of deleted users. I really would like the full auditing of
the process and to have everything fully documented.
Seth suggested using knife ssh for the job but I’m really trying to
keep EVERYTHING in databags and cookbooks. By using an untraceable
manual process, I really lose that ability. While the user shouldn’t
be on the system anymore (or at least locked with SSH keys removed), I
still need to know that they were there at one point.
So my options are (as I see it):
- Use knife ssh
- Created a deleted users data bag where I move users when they are
deleted. Then it’s just another section in my users recipe for that
- Move to LDAP
Any other option I’m missing?
John E. Vincent