On Tuesday, August 6, 2013 1:30:37 AM UTC-5, Andreas Dvorak wrote:
>
> Hello,
>
> I have written a module to add user and it does work with one user. But if
> I use two user puppet tells me:
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Duplicate declaration: Group[badm] is already declared in file
> /etc/puppet/git/modules/useradd/manifests/init.pp at line 9; cannot
> redeclare on node vm6740.muc.baag
>
> How can I change the group creating part to get rid of this error?
>
>
You must not declare the same resource twice, where "same" means having the
same type and the same name or title. Doing so would open the possibility
of inconsistent resource declarations, and Puppet doesn't even begin to
entertain that.
>
> Here is my module file
> ~/git/test.git/modules/useradd/manifests$ cat init.pp
> define useradd ( $name, $uid, $group, $gid, $password, $shell,
> $sshkeytype, $sshkey) {
>
It's pretty unusual to make a defined type be the top-level object of a
module. I guess it probably works, but I suspect you will find that
generalizing the module a bit will be to your advantage. For instance,
make it a 'user' or 'users' module, with the useradd definition within
(i.e. user::useradd). That will also give you a place to put some of the
other things you are likely to want for user management.
> $homedir = $kernel ? {
> 'SunOS' => '/export/home',
> default => '/home'
> }
> group { $group:
> gid => "$gid",
> }
>
As you already know, it's that group declaration that is causing you
trouble. In order to support the possibility that more than one managed
user belongs to a given group, you must factor the group declaration out of
this definition, so that it appears once for all members overall. More on
that below.
> $username = $title
> user { $username:
> ensure => present,
> comment => "$name",
> uid => "$uid",
> gid => "$gid",
> shell => "$shell",
> home => "$homedir/$username",
> managehome => true,
> password => "$password",
> require => group["$group"],
> }
> exec { $username:
> command => "/bin/cp -R /etc/skel $homedir/$username; /bin/chown -R
> $username:$group $homedir/$username ",
> creates => "$homedir/$username",
> require => user["$username"],
> }
>
What's the point of that Exec? Do you anticipate that enabling the User's
'managehome' property (as you have done) will be insufficient?
> ssh_authorized_key { $username:
> user => "$username",
> type => "$sshkeytype",
> key => "$sshkey",
> require => exec["$username"],
> }
> }
> and here are the manifests files.
> ~/git/test.git/manifests$ cat nodes.pp
> node 'vm6739' {
> include git_puppet_update
> }
> node 'vm6740' {
> import "create_admin_user.pp"
>
No, this is wrong. The 'import' function does not do what you think. It
has very few legitimate uses, and this is not among them. Instead, put the
present contents of create_admin_user.pp into a class (maybe
user::admin_users), put the class into a module, and 'include' that class
by name.
> }
>
> ~/git/test.git/manifests$ cat create_admin_user.pp
> useradd { "test":
> name => "test",
> uid => "881",
> gid => "888",
> group => "badm",
> shell => "/bin/bash",
> password =>
> 'Yvrp7r/L.ah8AliUXLMM9LZN/hQOtaYXUXNFQ8kOaqzUp1/jkH61SaE7gz/',
> sshkeytype => "rsa",
> sshkey =>
> "5j5llTO3cVcbPQYlII/5Arzwnj5gyzpm3xZL3o9vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
> }
> useradd { "testuser1":
> name => "test user1",
> uid => "2012",
> gid => "888",
> group => "badm",
> shell => "/bin/bash",
> password =>
> '$6$0vY.Ob.b$uOClxSzliv.Jxt1XoWXjbLXtnf5JzqL5pP.caiF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1',
> sshkeytype => "rsa",
> sshkey =>
> "AAAAB3NzaC1yc2EAAAADAQABAAABAQC8tCVus/i5CN8KpqsEy1L3KIa0xRS9/QqgNc39q877hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
> }
>
>
There are several ways you could handle group management outside the
[user::]useradd definition. One is simply to declare the desired groups,
once each, outside its scope:
group { 'badm': gid => '888' }
user::useradd { 'test1':
... no group or gid ...
require => Group['badm']
}
user::useradd { 'test2':
... no group or gid ...
require => Group['badm']
}
Alternatively, if you have a complete list of groups that are available for
any node, but you want to manage only those that are actually needed, then
you could declare all the possible groups virtually:
class user::groups {
@group { 'badm': gid => 888, ensure => 'present' }
@group { 'bsvc': gid => 898, ensure => 'present' }
@group { 'busr': gid => 908, ensure => 'present' }
}
and have the useradd definition realize the appropriate one (which can
safely be done more than once):
define user::useradd($name, $uid, $group [, ...]) {
include 'user::groups'
realize Group[$group]
user { $title:
ensure => 'present',
uid => $uid,
# can be either name or numeric ID:
gid => $group,
require => Group[$group],
[...]
}
}
(Virtual resources that are never realized for a given node will not be
included in that node's catalog.)
There are other variations, too, such as some very elegant ones involving
tagging and resource collectors, but for now I advise you to keep it simple
while you acclimate to Puppet.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
