Is it common practices to deploy your service with vagrant instead of a user with private keys in production? The topic is not broached in the book-but that said, the book covers a lot.

For instance if several devs, each with their own staging env, programmatically ssh into a vagrant built box as a user? Needless to say the same context would apply to any other environment (e.g. production).

How best to do this using Puppet? My inclination is to create a module that sends private keys to .ssh on guest and creates a user and adds them to privileged groups (rvm, puppet)?

d

For production, not so much. Vagrant was really made for easy development environments.

Usually the production environment runs the application as a user, say “application”. Developers either SSH in as themselves and through a combination of file permissions and sudo will deploy the app. It’s also possible for all the developers to log in as the application user which makes administration a lot easier.

Puppet can then manage the users if you want. There are built in types such as http://docs.puppetlabs.com/references/stable/type.html#sshauthorizedkey to manage the keys, so it would be pretty straightforward to write a module that abstracts that.

Yeah, seems easiest to have a shared user account, otherwise there are so many potential problems with file/directory ownership. If someone nefarious has a shell account on a production server things have already gone terribly wrong anyhow.