这是我想要完成的。
我有一个 salt state,用于管理 linux 中的用户和组,/etc/skel 模板,稍后将管理许多其他与用户相关的模板。
简而言之:
有些状态是通过在 for 循环中读取具有用户和属性的柱子创建的。
一些状态是通过读取具有组和属性的柱子创建的。
将存在作为用户主要组的组,并非所有组都有主要用户,并且所有创建的用户都将创建一个以用户命名的主要组。似乎必须在创建用户之前用 salt 创建组。因此,对于每个用户状态,状态由循环创建,用户由该状态创建,需要一个相应的组。然而,组状态不是静态存在的,它们也是从组支柱动态创建的。因此,salt 不一定每次都按照按字母顺序排列的相同顺序呈现每个状态,而是在解决所有必要条件后确定顺序。 (顺便说一句。我尽量保持这种总结的简短,而不是在 salt 渲染主题上陷入困境。)
我认为我遇到的问题是在创建用户状态时尚未创建组状态。
我已经在状态下方发布了生成错误的要求配置。当需求存在时,它不会创建用户但会创建组,当需求被删除时,它会创建组和用户。
如果我删除 require 行,我目前会得到我的预期结果,但不确定随着它的增长我是否会长期得到预期结果。
此外,我非常有兴趣找到一种方法来从动态创建的状态中请求某些内容到另一个动态创建的状态中。
如有任何修改此问题以解决该问题的想法,我们将一如既往地感谢您:)
这是状态文件:
/etc/skel:
file.directory:
- name: /etc/skel
- user: root
- group: root
- dir_mode: 755
/etc/skel/.bash_logout:
file.managed:
- name: /etc/skel/.bash_logout
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bash_logout.sls
/etc/skel/.bash_profile:
file.managed:
- name: /etc/skel/.bash_profile
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bash_profile.sls
/etc/skel/.bashrc:
file.managed:
- name: /etc/skel/.bashrc
- user: root
- group: root
- mode: 644
- source: salt://user_management/templates/etc/skel/bashrc.sls
{% for group in pillar['user_management']['groups'] %}
{{- group }}:
group.present:
- name: "{{ pillar['user_management']['groups'][group]['name'] }}"
- gid: "{{ pillar['user_management']['groups'][group]['gid'] }}"
- system: "{{ pillar['user_management']['groups'][group]['system'] }}"
{%- if pillar['user_management']['groups'][group]['addusers'] %}
- addusers:
{%- for add_user_name in pillar['user_management']['groups'][group]['addusers'] %}
- {{ add_user_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['groups'][group]['delusers'] %}
- delusers:
{%- for del_user_name in pillar['user_management']['groups'][group]['delusers'] %}
- {{ del_user_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['groups'][group]['members'] %}
- members:
{%- for member_name in pillar['user_management']['groups'][user]['members'] %}
- {{ member_name }}
{%- endfor %}
{%- endif %}
{% endfor %}
{% for user in pillar['user_management']['users'] %}
{{- user }}:
user.present:
- name: "{{ pillar['user_management']['users'][user]['name'] }}"
- uid: "{{ pillar['user_management']['users'][user]['uid'] }}"
- gid: "{{ pillar['user_management']['users'][user]['gid'] }}"
- gid_from_name: "{{ pillar['user_management']['users'][user]['gid_from_name'] }}"
{%- if pillar['user_management']['users'][user]['groups'] %}
- groups:
{%- for group_name in pillar['user_management']['users'][user]['groups'] %}
- {{ group_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['users'][user]['optional_groups'] %}
- optional_groups:
{%- for optional_group_name in pillar['user_management']['users'][user]['optional_groups'] %}
- {{ optional_group_name }}
{%- endfor %}
{%- endif %}
{%- if pillar['user_management']['users'][user]['remove_groups'] %}
- remove_groups:
{%- for remove_group_name in pillar['user_management']['users'][user]['remove_groups'] %}
- {{ remove_group_name }}
{%- endfor %}
{%- endif %}
- home: "{{ pillar['user_management']['users'][user]['home'] }}"
- createhome: "{{ pillar['user_management']['users'][user]['createhome'] }}"
- password: "{{ pillar['user_management']['users'][user]['password'] }}"
- enforce_password: "{{ pillar['user_management']['users'][user]['enforce_password'] }}"
- empty_password: "{{ pillar['user_management']['users'][user]['empty_password'] }}"
- shell: "{{ pillar['user_management']['users'][user]['shell'] }}"
- unique: "{{ pillar['user_management']['users'][user]['unique'] }}"
- system: "{{ pillar['user_management']['users'][user]['system'] }}"
- fullname: "{{ pillar['user_management']['users'][user]['fullname'] }}"
- require:
- group: {{ user|replace("user", "group") }}
{% endfor %}
这是用户支柱文件:
user_management:
users:
user_mdresden:
name: mdresden
uid: 10000
gid: 10000
gid_from_name: True
groups:
- wheel
optional_groups:
- users
remove_groups:
# - list
home: /home/mdresden
createhome: True
password: '$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/'
enforce_password: True
empty_password: False
shell: "/bin/bash"
unique: True
system: False
fullname: "Matthew Dresden"
user_csunderarajulu:
name: csunderarajulu
uid: 10001
gid: 10001
gid_from_name: True
groups:
# - list
optional_groups:
- users
remove_groups:
# - list
home: /home/csunderarajulu
createhome: True
password: '$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/'
enforce_password: True
empty_password: False
shell: "/bin/bash"
unique: True
system: False
fullname: "Chandrasekaran Sunderarajulu"
这是组支柱文件:
user_management:
groups:
group_mdresden:
name: mdresden
gid: 10000
system: False
addusers:
# - list
# - list
delusers:
# - list
# - list
members:
group_csunderarajulu:
name: csunderarajulu
gid: 10001
system: False
addusers:
# - list
# - list
delusers:
# - list
# - list
members:
错误似乎只发生在实际运行中,而不是启用测试。 这是用户的错误:
user_|-user_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
7
__sls__:
user_management.users.manage
changes:
----------
comment:
One or more requisite failed: user_management.users.manage.group_csunderarajulu
result:
False
user_|-user_mdresden_|-mdresden_|-present:
----------
__run_num__:
6
__sls__:
user_management.users.manage
changes:
----------
comment:
One or more requisite failed: user_management.users.manage.group_mdresden
result:
False
这是我删除要求后的结果:
user_|-user_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
7
changes:
----------
fullname:
Chandrasekaran Sunderarajulu
gid:
10001
groups:
- csunderarajulu
- users
home:
/home/csunderarajulu
homephone:
name:
csunderarajulu
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
10001
workphone:
comment:
New user csunderarajulu created
duration:
106.136
name:
csunderarajulu
result:
True
start_time:
20:55:32.687433
user_|-user_mdresden_|-mdresden_|-present:
----------
__run_num__:
6
changes:
----------
fullname:
Matthew Dresden
gid:
10000
groups:
- mdresden
- users
- wheel
home:
/home/mdresden
homephone:
name:
mdresden
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
10000
workphone:
comment:
New user mdresden created
duration:
153.671
name:
mdresden
result:
True
start_time:
20:55:32.532969
虽然组创建看似成功,但组创建的输出也显示错误。
这是显示错误的组的输出:
group_|-group_csunderarajulu_|-csunderarajulu_|-present:
----------
__run_num__:
5
changes:
----------
Failed:
----------
gid:
10001
comment:
Group {0} has been created but, some changes could not be applied
duration:
34.491
name:
csunderarajulu
result:
False
start_time:
13:40:14.615013
group_|-group_mdresden_|-mdresden_|-present:
----------
__run_num__:
4
changes:
----------
Failed:
----------
gid:
10000
comment:
Group {0} has been created but, some changes could not be applied
duration:
168.642
name:
mdresden
result:
False
start_time:
13:40:14.445528
这是输出: salt-call --local state.show_sls user_management.users.manage
local:
----------
/etc/skel:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel
|_
----------
user:
root
|_
----------
group:
root
|_
----------
dir_mode:
755
- directory
|_
----------
order:
10000
/etc/skel/.bash_logout:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bash_logout
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bash_logout.sls
- managed
|_
----------
order:
10001
/etc/skel/.bash_profile:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bash_profile
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bash_profile.sls
- managed
|_
----------
order:
10002
/etc/skel/.bashrc:
----------
__env__:
base
__sls__:
user_management.users.manage
file:
|_
----------
name:
/etc/skel/.bashrc
|_
----------
user:
root
|_
----------
group:
root
|_
----------
mode:
644
|_
----------
source:
salt://user_management/templates/etc/skel/bashrc.sls
- managed
|_
----------
order:
10003
group_csunderarajulu:
----------
__env__:
base
__sls__:
user_management.users.manage
group:
|_
----------
name:
csunderarajulu
|_
----------
gid:
10001
|_
----------
system:
False
- present
|_
----------
order:
10005
group_mdresden:
----------
__env__:
base
__sls__:
user_management.users.manage
group:
|_
----------
name:
mdresden
|_
----------
gid:
10000
|_
----------
system:
False
- present
|_
----------
order:
10004
user_csunderarajulu:
----------
__env__:
base
__sls__:
user_management.users.manage
user:
|_
----------
name:
csunderarajulu
|_
----------
uid:
10001
|_
----------
gid:
10001
|_
----------
gid_from_name:
True
|_
----------
optional_groups:
- users
|_
----------
home:
/home/csunderarajulu
|_
----------
createhome:
True
|_
----------
password:
$6$wBMXk1u6Jxapb5GR$o4YckBYhVjZZ28vyOkcPwBLMH2tcgWAPqdqzLLOGGY5DCM1aaz/rNfnjpMdcmE4GFt/5dzwu8z3YXViptLTMT/
|_
----------
enforce_password:
True
|_
----------
empty_password:
False
|_
----------
shell:
/bin/bash
|_
----------
unique:
True
|_
----------
system:
False
|_
----------
fullname:
Chandrasekaran Sunderarajulu
|_
----------
require:
|_
----------
group:
group_csunderarajulu
- present
|_
----------
order:
10007
user_mdresden:
----------
__env__:
base
__sls__:
user_management.users.manage
user:
|_
----------
name:
mdresden
|_
----------
uid:
10000
|_
----------
gid:
10000
|_
----------
gid_from_name:
True
|_
----------
groups:
- wheel
|_
----------
optional_groups:
- users
|_
----------
home:
/home/mdresden
|_
----------
createhome:
True
|_
----------
password:
$6$wrBLmNvzyQcHsunt$N6qAv4QR/9A4oPb07zeBbdMQTG7dhxMt.5nXUYY3STwqyRlYvGi5G/GmItOu2M.wLzAOz0ClhEsQIUXMGwIwp1
|_
----------
enforce_password:
True
|_
----------
empty_password:
False
|_
----------
shell:
/bin/bash
|_
----------
unique:
True
|_
----------
system:
False
|_
----------
fullname:
Matthew Dresden
|_
----------
require:
|_
----------
group:
group_mdresden
- present
|_
----------
order:
10006
它产生预期的需求组名。 group_mdresden 例如,这是国家生产的组的名称
最佳答案
感谢 Christophe Drevet-Drogue,
我的状态文件中的 gid 和 uid 用双引号引起来。 这导致它被解释为字符串而不是它所期望的整数。该问题导致所有其他问题。
所以原始问题的答案是,我发布的示例足以完成我在问题中提出的问题。
关于python - 如何从同样动态创建 salt 状态的循环中要求动态创建的 salt 状态?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35758028/