这是我想要完成的 .
我有一个salt状态管理linux,/ etc / skel模板中的用户和组,稍后将管理许多其他用户相关的模板 .
简而言之:
一些状态是通过在for循环中读取具有用户和属性的支柱而创建的 .
有些州是通过阅读具有群体和 property 的支柱而创建的 .
将存在作为用户主要组的组,并非所有组都将具有主用户,并且所有创建的用户将创建以用户命名的主组 . 在创建用户之前,似乎必须使用salt创建组 . 因此,对于每个用户状态,其中状态由循环创建,并且用户由该状态创建,需要需要相应的组 . 然而,群体状态不是静态存在的,它们也是从群体支柱动态创建的 . 因此,salt不一定每次都按照相同的顺序呈现每个状态,因为它是字母排序,但是在完成所有必需条件之后确定顺序 . (顺便说一句 . 我试图保持这种简短的总结,而不是在盐渲染主题上找到一个兔子洞 . )
我认为我遇到的问题是在创建用户状态时尚未创建组状态 .
我已在状态下面发布了require配置,该配置会生成错误 . 当需求存在时,它不会创建用户但会创建组,当删除需求时,它会创建组和用户 .
如果我删除了需求行,我目前得到了我的预期结果,但不确定随着这种增长,我总是会长期获得预期的结果 .
此外,我非常有兴趣找到一种方法,在另一个动态创建的声明中要求动态创建状态 .
任何想法来修改这个来解决这个问题将永远在这里赞赏:)
这是状态文件:
/etc/skel:
file.directory:
- name: /etc/skel
- user: root
- group: root
- dir_mode: 755
/etc/skel/.bash_logout:
file.managed:
- name: /etc/skel/.bash_logout
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bash_logout.sls
/etc/skel/.bash_profile:
file.managed:
- name: /etc/skel/.bash_profile
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bash_profile.sls
/etc/skel/.bashrc:
file.managed:
- name: /etc/skel/.bashrc
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bashrc.sls
{% for group in pillar['user_management']['groups'] %}
{{- group }}:
group.present:
- name: "{{ pillar['user_management']['groups'][group]['name'] }}"
- gid: "{{ pillar['user_management']['groups'][group]['gid'] }}"
- system: "{{ pillar['user_management']['groups'][group]['system'] }}"
{%- if pillar['user_management']['groups'][group]['addusers'] %}
- addusers:
{%- for add_user_name in pillar['user_management']['groups'][group]['addusers'] %}
- {{ add_user_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['groups'][group]['delusers'] %}
- delusers:
{%- for del_user_name in pillar['user_management']['groups'][group]['delusers'] %}
- {{ del_user_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['groups'][group]['members'] %}
- members:
{%- for member_name in pillar['user_management']['groups'][user]['members'] %}
- {{ member_name }}
{%- endfor %}
{%- endif %}
{% endfor %}
{% for user in pillar['user_management']['users'] %}
{{- user }}:
user.present:
- name: "{{ pillar['user_management']['users'][user]['name'] }}"
- uid: "{{ pillar['user_management']['users'][user]['uid'] }}"
- gid: "{{ pillar['user_management']['users'][user]['gid'] }}"
- gid_from_name: "{{ pillar['user_management']['users'][user]['gid_from_name'] }}"
{%- if pillar['user_management']['users'][user]['groups'] %}
- groups:
{%- for group_name in pillar['user_management']['users'][user]['groups'] %}
- {{ group_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['users'][user]['optional_groups'] %}
- optional_groups:
{%- for optional_group_name in pillar['user_management']['users'][user]['optional_groups'] %}
- {{ optional_group_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['users'][user]['remove_groups'] %}
- remove_groups:
{%- for remove_group_name in pillar['user_management']['users'][user]['remove_groups'] %}
- {{ remove_group_name }}
{%- endfor %}
{%- endif %}
- home: "{{ pillar['user_management']['users'][user]['home'] }}"
- createhome: "{{ pillar['user_management']['users'][user]['createhome'] }}"
- password: "{{ pillar['user_management']['users'][user]['password'] }}"
- enforce_password: "{{ pillar['user_management']['users'][user]['enforce_password'] }}"
- empty_password: "{{ pillar['user_management']['users'][user]['empty_password'] }}"
- shell: "{{ pillar['user_management']['users'][user]['shell'] }}"
- unique: "{{ pillar['user_management']['users'][user]['unique'] }}"
- system: "{{ pillar['user_management']['users'][user]['system'] }}"
- fullname: "{{ pillar['user_management']['users'][user]['fullname'] }}"
- require:
- group: {{ user|replace("user", "group") }}
{% endfor %}
这是用户支柱文件:
user_management:
users:
user_mdresden:
name: mdresden
uid: 10000
gid: 10000
gid_from_name: True
groups:
- wheel
optional_groups:
- users
remove_groups:
# - list
home: /home/mdresden
createhome: True
password: '$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/'
enforce_password: True
empty_password: False
shell: "/bin/bash"
unique: True
system: False
fullname: "Matthew Dresden"
user_csunderarajulu:
name: csunderarajulu
uid: 10001
gid: 10001
gid_from_name: True
groups:
# - list
optional_groups:
- users
remove_groups:
# - list
home: /home/csunderarajulu
createhome: True
password: '$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/'
enforce_password: True
empty_password: False
shell: "/bin/bash"
unique: True
system: False
fullname: "Chandrasekaran Sunderarajulu"
这是组支柱文件:
user_management:
groups:
group_mdresden:
name: mdresden
gid: 10000
system: False
addusers:
# - list
# - list
delusers:
# - list
# - list
members:
group_csunderarajulu:
name: csunderarajulu
gid: 10001
system: False
addusers:
# - list
# - list
delusers:
# - list
# - list
members:
错误似乎只发生在实际运行中,而不是启用测试 . 以下是用户的错误:
user_|-user_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
7
__sls__:
user_management.users.manage
changes:
----------
comment:
One or more requisite failed: user_management.users.manage.group_csunderarajulu
result:
False
user_|-user_mdresden_|-mdresden_|-present:
----------
__run_num__:
6
__sls__:
user_management.users.manage
changes:
----------
comment:
One or more requisite failed: user_management.users.manage.group_mdresden
result:
False
这是我删除要求时的结果:
user_|-user_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
7
changes:
----------
fullname:
Chandrasekaran Sunderarajulu
gid:
10001
groups:
- csunderarajulu
- users
home:
/home/csunderarajulu
homephone:
name:
csunderarajulu
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
10001
workphone:
comment:
New user csunderarajulu created
duration:
106.136
name:
csunderarajulu
result:
True
start_time:
20:55:32.687433
user_|-user_mdresden_|-mdresden_|-present:
----------
__run_num__:
6
changes:
----------
fullname:
Matthew Dresden
gid:
10000
groups:
- mdresden
- users
- wheel
home:
/home/mdresden
homephone:
name:
mdresden
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
10000
workphone:
comment:
New user mdresden created
duration:
153.671
name:
mdresden
result:
True
start_time:
20:55:32.532969
虽然组创建看似成功,但组创建的输出也显示错误 .
以下是显示错误的组的输出:
group_|-group_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
5
changes:
----------
Failed:
----------
gid:
10001
comment:
Group {0} has been created but, some changes could not be applied
duration:
34.491
name:
csunderarajulu
result:
False
start_time:
13:40:14.615013
group_|-group_mdresden_|-mdresden_|-present:
----------
__run_num__:
4
changes:
----------
Failed:
----------
gid:
10000
comment:
Group {0} has been created but, some changes could not be applied
duration:
168.642
name:
mdresden
result:
False
start_time:
13:40:14.445528
以下是输出:salt-call --local state.show_sls user_management.users.manage
local:
----------
/etc/skel:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel
|_
----------
user:
root
|_
----------
group:
root
|_
----------
dir_mode:
755
- directory
|_
----------
order:
10000
/etc/skel/.bash_logout:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bash_logout
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bash_logout.sls
- managed
|_
----------
order:
10001
/etc/skel/.bash_profile:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bash_profile
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bash_profile.sls
- managed
|_
----------
order:
10002
/etc/skel/.bashrc:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bashrc
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bashrc.sls
- managed
|_
----------
order:
10003
group_csunderarajulu:
----------
__env__:
base
__sls__:
user_management.users.manage
group:
|_
----------
name:
csunderarajulu
|_
----------
gid:
10001
|_
----------
system:
False
- present
|_
----------
order:
10005
group_mdresden:
----------
__env__:
base
__sls__:
user_management.users.manage
group:
|_
----------
name:
mdresden
|_
----------
gid:
10000
|_
----------
system:
False
- present
|_
----------
order:
10004
user_csunderarajulu:
----------
__env__:
base
__sls__:
user_management.users.manage
user:
|_
----------
name:
csunderarajulu
|_
----------
uid:
10001
|_
----------
gid:
10001
|_
----------
gid_from_name:
True
|_
----------
optional_groups:
- users
|_
----------
home:
/home/csunderarajulu
|_
----------
createhome:
True
|_
----------
password:
$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/
|_
----------
enforce_password:
True
|_
----------
empty_password:
False
|_
----------
shell:
/bin/bash
|_
----------
unique:
True
|_
----------
system:
False
|_
----------
fullname:
Chandrasekaran Sunderarajulu
|_
----------
require:
|_
----------
group:
group_csunderarajulu
- present
|_
----------
order:
10007
user_mdresden:
----------
__env__:
base
__sls__:
user_management.users.manage
user:
|_
----------
name:
mdresden
|_
----------
uid:
10000
|_
----------
gid:
10000
|_
----------
gid_from_name:
True
|_
----------
groups:
- wheel
|_
----------
optional_groups:
- users
|_
----------
home:
/home/mdresden
|_
----------
createhome:
True
|_
----------
password:
$6$wrBLmNvzyQcHsunt$N6qAv4QR/9A4oPb07zeBbdMQTG7dhxMt.5nXUYY3STwqyRlYvGi5G/GmItOu2M.wLzAOz0ClhEsQIUXMGwIwp1
|_
----------
enforce_password:
True
|_
----------
empty_password:
False
|_
----------
shell:
/bin/bash
|_
----------
unique:
True
|_
----------
system:
False
|_
----------
fullname:
Matthew Dresden
|_
----------
require:
|_
----------
group:
group_mdresden
- present
|_
----------
order:
10006
它产生预期的需求组名称 . 例如group_mdresden,它是州生成的组的名称
1 回答
谢谢Christophe Drevet-Drogue,
我的州文件中的gid和uid用双引号括起来 . 这导致它被解释为字符串而不是整数,这是它所期望的 . 那个问题引起了所有其他问题 .
所以原始问题的答案是,我发布的示例足以完成我在问题中提出的问题 .