Construction de l'architecture de test pour puppet

git config --global user.name "Sylvain Zimmermann"
git config --global user.email "Sylvain.Zimmermann@uhp-nancy.fr"
git config --global core.editor "vim"
git config --global alias.st status
git config --global alias.ci commit
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.sl "log --graph --pretty=oneline --abbrev-commit --decorate"
git config --global color.branch auto
git config --global color.diff auto
git config --global color.interactive auto
git config --global color.status auto
# les fichiers à toujours ignorer : fichiers temporaires de vi et fichiers de sauvegarde *~
cat > ~/.gitignore <<EOF
*~
*.swp
EOF
cd /etc/puppet
git init
git add .
git commit -a -m "Commit initial - /etc/puppet"

mkdir -p /etc/puppet/environnements/{production,test,developpement}/{manifests,tools,modules}
touch /etc/puppet/environnements/{production,test,developpement}/manifests/site.pp
mkdir -p /var/lib/puppet/bucket/{environnement,production,test}

diff --git a/puppet.conf b/puppet.conf
index d35593f..56ac5fe 100644
--- a/puppet.conf
+++ b/puppet.conf
@@ -11,6 +11,41 @@
     # The default value is '$confdir/ssl'.
     ssldir = $vardir/ssl
 
+    # les environnements autorisés
+    environments = production,developpement,test
+    # environnement par défaut
+    environment  = production
+
+[production]
+    # The Puppet log directory.
+    # The default value is '$vardir/log'.
+    logdir = /var/log/puppet
+
+    # Where Puppet PID files are kept.
+    # The default value is '$vardir/run'.
+    rundir = /var/run/puppet
+
+    # Where SSL certificates are kept.
+    # The default value is '$confdir/ssl'.
+    ssldir = $vardir/ssl
+
+    manifest    = /etc/puppet/environnements/production/manifests/site.pp
+    modulepath  = /etc/puppet/environnements/production/modules
+    templatedir = /etc/puppet/environnements/production/templates
+    bucketdir   = /var/lib/puppet/bucket/production
+
+[developpement]
+    manifest    = /etc/puppet/environnements/developpement/manifests/site.pp
+    modulepath  = /etc/puppet/environnements/developpement/modules
+    templatedir = /etc/puppet/environnements/developpement/templates
+    bucketdir   = /var/lib/puppet/bucket/developpement
+
+[test]
+    manifest    = /etc/puppet/environnements/test/manifests/site.pp
+    modulepath  = /etc/puppet/environnements/test/modules
+    templatedir = /etc/puppet/environnements/test/templates
+    bucketdir   = /var/lib/puppet/bucket/test
+
 [puppetd]
     # The file in which puppetd stores a list of the classes
     # associated with the retrieved configuratiion.  Can be loaded in
@@ -23,3 +58,7 @@
     # extension indicating the cache format is added automatically.
     # The default value is '$confdir/localconfig'.
     localconfig = $vardir/localconfig
+
+    report = true
+    reports = store,tagmail

cat > /etc/sysconfig/i18n <<EOF
LANG="fr_FR.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF

# remplacement du puppetmaster
sed -i -e "s/^#PUPPET_SERVER=puppet/PUPPET_SERVER=puppet.example.test/" /etc/sysconfig/puppet
hostname puppet.example.test
/etc/init.d/puppetmaster start

yum install diffutils

diff --git a/fileserver.conf b/fileserver.conf
index 67e387c..620b5ab 100644
--- a/fileserver.conf
+++ b/fileserver.conf
@@ -10,3 +10,16 @@
 #  allow *.example.com
 #  deny *.evil.example.com
 #  allow 192.168.0.0/24
+
+# Pour les environnements
+[developpement]
+  path /var/lib/puppet/bucket/developpement
+  allow *
+
+[test]
+  path /var/lib/puppet/bucket/test
+  allow *
+
+[production]
+  path /var/lib/puppet/bucket/production
+  allow *

echo "****" | openssl passwd -1 -stdin
# > $1$xxxxxxxx$xxxxxxxxxxxxxxxxx

# création des répertoires (cf. bonnes pratiques)
mkdir -p /etc/puppet/environnements/{developpement,test,production}/modules/user/{templates,manifests,lib,files}

# init.pp

import "*.pp"

# root.pp

# Le cas particulier du root
class user::root {

    user { "root":
        ensure   => "present",
        uid      => "0",
        gid      => "0",
        comment  => "root",
        home     => "/root",
        shell    => "/bin/bash",
        password => '$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxx/',
    }
}

puppet --parseonly --ignoreimport /etc/puppet/environnements/developpement/modules/user/manifests/root.pp
# aucun affichage de résultat en sortie => c'est bon, le fichier est correct syntaxiquement.

# nodes.pp

node basenode {
    include user::root
}

node "puppet.example.test" inherits basenode {
}

# site.pp

import "nodes"

# la ligne de commande
puppetd --no-daemonize --debug --onetime --test --server puppet.example.test --environment developpement --noop
# affichage
[root@puppet /]# puppetd --no-daemonize --debug --onetime --test --server puppet.example.test --environment developpement --noop
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: Finishing transaction 23965876002200 with 0 changes
debug: /File[/var/lib/puppet/ssl/certs/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 23965875421560 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for puppet.example.test
debug: Finishing transaction 23965875122140 with 0 changes
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for puppet.example.test
debug: Using cached certificate_revocation_list for ca
debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
info: Caching catalog for puppet.example.test
debug: Creating default schedules
debug: Loaded state in 0.00 seconds
info: Applying configuration version '1297964027'
debug: //user::root/User[root]: Changing password
debug: //user::root/User[root]: 1 change(s)
notice: //user::root/User[root]/password: is !*, should be $1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx (noop)
debug: Time for triggering 1 events to edges: 4.79221343994141e-05
debug: Finishing transaction 23965875889440 with 1 changes
debug: Storing state
debug: Stored state in 0.00 seconds
debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (yaml)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using yaml
notice: Finished catalog run in 0.12 seconds

[root@puppet /]# more /etc/shadow
root:!*:15021:0:99999:7:::
bin:*:15021:0:99999:7:::
daemon:*:15021:0:99999:7:::
adm:*:15021:0:99999:7:::
lp:*:15021:0:99999:7:::
sync:*:15021:0:99999:7:::
shutdown:*:15021:0:99999:7:::
halt:*:15021:0:99999:7:::
mail:*:15021:0:99999:7:::
news:*:15021:0:99999:7:::
uucp:*:15021:0:99999:7:::
operator:*:15021:0:99999:7:::
games:*:15021:0:99999:7:::
gopher:*:15021:0:99999:7:::
ftp:*:15021:0:99999:7:::
nobody:*:15021:0:99999:7:::
vcsa:!!:15021:0:99999:7:::
sshd:!!:15021:0:99999:7:::
puppet:!!:15022::::::
[root@puppet /]# puppetd --no-daemonize --debug --onetime --test --server puppet.example.test --environment developpement 
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 23955747712360 with 0 changes
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl/certs/puppet.example.test.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: Finishing transaction 23955747130800 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for puppet.example.test
debug: Finishing transaction 23955746830660 with 0 changes
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for puppet.example.test
debug: Using cached certificate_revocation_list for ca
debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
info: Caching catalog for puppet.example.test
debug: Creating default schedules
debug: Loaded state in 0.00 seconds
info: Applying configuration version '1297964027'
debug: //user::root/User[root]: Changing password
debug: //user::root/User[root]: 1 change(s)
debug: User[root](provider=useradd): Executing '/usr/sbin/usermod -p $1$xxxxxxxx$xxxxxxxxxxxxxxxxx root'
notice: //user::root/User[root]/password: changed password
debug: Time for triggering 1 events to edges: 5.69820404052734e-05
debug: Finishing transaction 23955747599880 with 1 changes
debug: Storing state
debug: Stored state in 0.00 seconds
debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (yaml)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using yaml
notice: Finished catalog run in 0.25 seconds
[root@puppet /]# more /etc/shadow
root:$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxx:15022:0:99999:7:::
bin:*:15021:0:99999:7:::
daemon:*:15021:0:99999:7:::
adm:*:15021:0:99999:7:::
lp:*:15021:0:99999:7:::
sync:*:15021:0:99999:7:::
shutdown:*:15021:0:99999:7:::
halt:*:15021:0:99999:7:::
mail:*:15021:0:99999:7:::
news:*:15021:0:99999:7:::
uucp:*:15021:0:99999:7:::
operator:*:15021:0:99999:7:::
games:*:15021:0:99999:7:::
gopher:*:15021:0:99999:7:::
ftp:*:15021:0:99999:7:::
nobody:*:15021:0:99999:7:::
vcsa:!!:15021:0:99999:7:::
sshd:!!:15021:0:99999:7:::
puppet:!!:15022::::::
[root@puppet /]#

mkdir /etc/puppet/environnements/developpement/manifests/defines

# template_user.pp
#
# ce fichier est une définition de fonction puppet.
# elle permet la création d'un utilisateur par le passage
# de quelques paramètres.
 
# ce qui est défini : le home (toujours /home/login)
# le shell : toujours /bin/bash
# le groupe : toujours users (100)
 
# vim:ts=4:sw=4
 
define template_user($login, $fullname, $uid, $gid="users", $groups = "", $shell="/bin/bash", $password) {
    user { "${login}":
        ensure     => "present",
        comment    => "${fullname}",
        uid        => "${uid}",
        gid        => "${gid}",
        groups     => "${groups}",
        home       => "/home/${login}",
        shell      => "${shell}",
        password   => "${password}",
        managehome => true,
    }
 
    file { "/home/${login}":
         ensure => directory,
         owner  => "${login}",
         group  => "${gid}",
         mode   => 0700,
    }
 
    file { "/home/${login}/.ssh":
        ensure => directory,
        owner  => "${login}",
        group  => "${gid}",
        mode   => 0700,
    }
 
    file { "/home/${login}/.ssh/authorized_keys":
        # pas de ensure => file pour ne pas écraser celle qui pourrait etre mise à la place
        #ensure => file,
        owner  => "${login}",
        mode   => 0600,
        source => "puppet:///user/files/${login}/.ssh/authorized_keys",
    }
}

# virtual.pp
#
# People accounts of interest as virtual resources
# vim:ts=4:sw=4

class user::virtual {

    @template_user { "u1":
        login    => "u1" ,
        fullname => "utilisateur u1",
        uid      => "1001",
        password => '$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx',
    }
    # de u1 à u10.

    # puis les administrateurs
    @template_user { "a1":
        login    => "a1" ,
        fullname => "utilisateur a1",
        uid      => "1101",
        groups   => "wheel",
        password => '$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx',
    }
    # de a1 à a10.
}

cat > /etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp <<"EOF"
# virtual.pp
#
# People accounts of interest as virtual resources
# vim:ts=4:sw=4

class user::virtual {

    # les utilisateurs normaux
EOF

for i in $(seq 1 10)
do
    pwd=$(echo "****$i" | openssl passwd -1 -stdin) # construit un mot de passe crypté
    cat >> /etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp <<EOF
    @template_user { "u$i":
        login    => "u$i" ,
        fullname => "utilisateur u$i",
        uid      => "$((1000 + $i))",
        password => '$pwd',
    }

EOF
done
cat >> /etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp <<"EOF"

    # les administrateurs
EOF
for i in $(seq 1 10)
do
    pwd=$(echo "****$i" | openssl passwd -1 -stdin)
    cat >> /etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp <<EOF
    @template_user { "a$i":
        login    => "a$i" ,
        fullname => "utilisateur a$i",
        uid      => "$((1100 + $i))",
        groups   => "wheel",
        password => '$pwd',
    }

EOF
done
echo "}" >> /etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp

diff --git a/environnements/developpement/modules/user/manifests/init.pp b/environnements/developpement/modules/user/manifests/init.pp
index 6f09675..9303414 100644
--- a/environnements/developpement/modules/user/manifests/init.pp
+++ b/environnements/developpement/modules/user/manifests/init.pp
@@ -1,4 +1,5 @@
 # init.pp
- 
+
+import "defines/*.pp" 
 import "*.pp"

# unixadmins.pp
#
# Réalisation des utilisateurs présents sur toutes les machines
# gérées par puppet.

class user::unixadmins inherits user::virtual {
    # Realize les administrateurs système
    realize(
        Template_user["a1"],
        Template_user["a2"],
        Template_user["a3"],
        Template_user["a4"],
        Template_user["a5"],
        Template_user["a6"],
        Template_user["a7"],
        Template_user["a8"],
    )
}

# habituels.pp
#
# Réalisation des utilisateurs présents habituellement sur les machines

class user::habituels inherits user::virtual {
    # Realize les administrateurs système
    realize(
        Template_user["u1"],
        Template_user["u2"],
        Template_user["u3"],
        Template_user["u4"],
        Template_user["u5"],
        Template_user["u6"],
        Template_user["u7"],
        Template_user["u8"],
    )
}

diff --git a/environnements/developpement/manifests/nodes.pp b/environnements/developpement/manifests/nodes.pp
index cbb645e..aa27503 100644
--- a/environnements/developpement/manifests/nodes.pp
+++ b/environnements/developpement/manifests/nodes.pp
@@ -2,7 +2,9 @@
  
 node basenode {
     include user::root
+    include user::unixadmins
 }
  
 node "puppet.example.test" inherits basenode {
+    include user::habituels
 }

for i in $(seq 1 10)
do
    mkdir -p /etc/puppet/environnements/developpement/modules/user/files/{u,a}${i}/.ssh
    # authorized_keys des utilisateurs (clé avec phrase vide)
    ssh-keygen -b 2048 -t rsa -N "" -f /etc/puppet/environnements/developpement/modules/user/files/u${i}/.ssh/cle
    cp -pf /etc/puppet/environnements/developpement/modules/user/files/u${i}/.ssh/{cle.pub,authorized_keys}
    # authorized_keys des administrateurs : pas de clé (clé vide) - pour éviter d'avoir des erreurs.
    touch /etc/puppet/environnements/developpement/modules/user/files/a${i}/.ssh/authorized_keys
done

 
[root@puppet developpement]# puppetd --no-daemonize --onetime --test --server puppet.example.test --environment developpement  --noop   
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Template_user[a1] is already defined in file 
/etc/puppet/environnements/developpement/modules/user/manifests/virtual.pp at line 14; cannot redefine at /etc/puppet/environnements/deoppement/modules/user/manifests/virtual.pp:87
on node puppet.example.test
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

[root@puppet developpement]# puppetd --no-daemonize --onetime --test --server puppet.example.test --environment developpement 
info: Caching catalog for puppet.example.test
info: Applying configuration version '1297980552'
notice: //user::virtual/Template_user[u3]/User[u3]/ensure: created
notice: //user::virtual/Template_user[u3]/File[/home/u3/.ssh/authorized_keys]/ensure: content changed '{md5}d9f4127f33ecbd15d64c703ff41e
e' to '{md5}d9f4127f33ecbd15d64c703ff41e199e'
notice: //user::virtual/Template_user[a6]/User[a6]/ensure: created
notice: //user::virtual/Template_user[a6]/File[/home/a6/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[u6]/User[u6]/ensure: created
notice: //user::virtual/Template_user[u6]/File[/home/u6/.ssh/authorized_keys]/ensure: content changed '{md5}0e315f76c34d21fc08020c7171c8
1' to '{md5}0e315f76c34d21fc08020c7171c824c1'
notice: //user::virtual/Template_user[a2]/User[a2]/ensure: created
notice: //user::virtual/Template_user[a2]/File[/home/a2/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[a1]/User[a1]/ensure: created
notice: //user::virtual/Template_user[a1]/File[/home/a1/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[u7]/User[u7]/ensure: created
notice: //user::virtual/Template_user[u7]/File[/home/u7/.ssh/authorized_keys]/ensure: content changed '{md5}93e04bc76832e859b9ed03e8fc72
4' to '{md5}93e04bc76832e859b9ed03e8fc729604'
notice: //user::virtual/Template_user[a8]/User[a8]/ensure: created
notice: //user::virtual/Template_user[a8]/File[/home/a8/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[a3]/User[a3]/ensure: created
notice: //user::virtual/Template_user[a3]/File[/home/a3/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[u4]/User[u4]/ensure: created
notice: //user::virtual/Template_user[u4]/File[/home/u4/.ssh/authorized_keys]/ensure: content changed '{md5}bf7927d6d1cb0686149c8bb6a373
c' to '{md5}bf7927d6d1cb0686149c8bb6a37356ac'
notice: //user::virtual/Template_user[u8]/User[u8]/ensure: created
notice: //user::virtual/Template_user[u8]/File[/home/u8/.ssh/authorized_keys]/ensure: content changed '{md5}ed22c514d2b2268f1462624694ad
c' to '{md5}ed22c514d2b2268f1462624694adc27c'
notice: //user::virtual/Template_user[a4]/User[a4]/ensure: created
notice: //user::virtual/Template_user[a4]/File[/home/a4/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[u1]/User[u1]/ensure: created
notice: //user::virtual/Template_user[u1]/File[/home/u1/.ssh/authorized_keys]/ensure: content changed '{md5}2fb6c6706225141c0d27bed28309
d' to '{md5}2fb6c6706225141c0d27bed28309e82d'
notice: //user::virtual/Template_user[u5]/User[u5]/ensure: created
notice: //user::virtual/Template_user[u5]/File[/home/u5/.ssh/authorized_keys]/ensure: content changed '{md5}56686af3aba9e86b07b561649678
3' to '{md5}56686af3aba9e86b07b561649678a3c3'
notice: //user::virtual/Template_user[a5]/User[a5]/ensure: created
notice: //user::virtual/Template_user[a5]/File[/home/a5/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: //user::virtual/Template_user[u2]/User[u2]/ensure: created
notice: //user::virtual/Template_user[u2]/File[/home/u2/.ssh/authorized_keys]/ensure: content changed '{md5}674058f9beddaa7e87be5985e928
b' to '{md5}674058f9beddaa7e87be5985e928907b'
notice: //user::virtual/Template_user[a7]/User[a7]/ensure: created
notice: //user::virtual/Template_user[a7]/File[/home/a7/.ssh/authorized_keys]/ensure: content changed '{md5}d41d8cd98f00b204e9800998ecf8
e' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
notice: Finished catalog run in 3.37 seconds

cat > /etc/puppet/environnements/developpement/modules/user/manifests/delusers.pp <<EOF
# delusers.pp

class user::delusers {
EOF

for i in $(seq 1 10)
do
    cat >> /etc/puppet/environnements/developpement/modules/user/manifests/delusers.pp <<EOF
    user { "u$i": ensure => absent }
    user { "a$i": ensure => absent }
EOF
done
echo "}" >> /etc/puppet/environnements/developpement/modules/user/manifests/delusers.pp

diff --git a/environnements/developpement/manifests/nodes.pp b/environnements/developpement/manifests/nodes.pp
index aa27503..863fb53 100644
--- a/environnements/developpement/manifests/nodes.pp
+++ b/environnements/developpement/manifests/nodes.pp
@@ -5,6 +5,9 @@ node basenode {
     include user::unixadmins
 }
  
-node "puppet.example.test" inherits basenode {
-    include user::habituels
+node "puppet.example.test" {
+    #include user::habituels
+
+    # pour supprimer tous les utilisateurs créés
+    include user::delusers
 }

[root@puppet developpement]# puppetd --no-daemonize --onetime --test --server puppet.example.test --environment developpement
info: Caching catalog for puppet.example.test
info: Applying configuration version '1297979796'
notice: //user::delusers/User[a8]/ensure: removed
notice: //user::delusers/User[a5]/ensure: removed
notice: //user::delusers/User[a6]/ensure: removed
notice: //user::delusers/User[u7]/ensure: removed
notice: //user::delusers/User[u4]/ensure: removed
notice: //user::delusers/User[a3]/ensure: removed
notice: //user::delusers/User[a2]/ensure: removed
notice: //user::delusers/User[u1]/ensure: removed
notice: //user::delusers/User[u8]/ensure: removed
notice: //user::delusers/User[u5]/ensure: removed
notice: //user::delusers/User[a4]/ensure: removed
notice: //user::delusers/User[a1]/ensure: removed
notice: //user::delusers/User[u2]/ensure: removed
notice: //user::delusers/User[u6]/ensure: removed
notice: //user::delusers/User[a7]/ensure: removed
notice: //user::delusers/User[u3]/ensure: removed
notice: Finished catalog run in 0.68 seconds

for i in $(seq 201 215)
do
    echo "10.0.1.200 puppet.example.test puppet" >> /vz/private/$i/etc/hosts
done

# création d'un certificat
puppetd --server puppet.example.test --waitforcert=30 --test

# listing des certificats en attente de validation par le puppetmaster
puppetca --list
# > clientpuppet1.example.test
# validation du certificat en attente
puppetca --sign clientpuppet1.example.test

# sur le client1
[root@clientpuppet1 /]# puppetd --server puppet.example.test --waitforcert=30 --test
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for clientpuppet1.example.test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate

# sur puppetmaster
[root@puppet developpement]# puppetca --list
clientpuppet1.example.test
[root@puppet developpement]# puppetca --sign clientpuppet1.example.test
clientpuppet1.example.test
notice: Signed certificate request for clientpuppet1.example.test
notice: Removing file Puppet::SSL::CertificateRequest clientpuppet1.example.test at '/var/lib/puppet/ssl/ca/requests/clientpuppet1.example.test.pem'

# sur le client1 - la fin une fois le certificat validé
info: Caching certificate for clientpuppet1.example.test
info: Caching certificate_revocation_list for ca
info: Caching catalog for clientpuppet1.example.test
info: Applying configuration version '1297963606'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds