Hello,
I have written a module to add user and it does work with one user. But if
I use two user puppet tells me:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Group[badm] is already declared in file
/etc/puppet/git/modules/useradd/manifests/init.pp at line 9; cannot
redeclare on node vm6740.muc.baag
How can I change the group creating part to get rid of this error?
Here is my module file
~/git/test.git/modules/useradd/manifests$ cat init.pp
define useradd ( $name, $uid, $group, $gid, $password, $shell, $sshkeytype,
$sshkey) {
$homedir = $kernel ? {
''SunOS'' => ''/export/home'',
default => ''/home''
}
group { $group:
gid => "$gid",
}
$username = $title
user { $username:
ensure => present,
comment => "$name",
uid => "$uid",
gid => "$gid",
shell => "$shell",
home => "$homedir/$username",
managehome => true,
password => "$password",
require => group["$group"],
}
exec { $username:
command => "/bin/cp -R /etc/skel $homedir/$username; /bin/chown -R
$username:$group $homedir/$username ",
creates => "$homedir/$username",
require => user["$username"],
}
ssh_authorized_key { $username:
user => "$username",
type => "$sshkeytype",
key => "$sshkey",
require => exec["$username"],
}
}
and here are the manifests files.
~/git/test.git/manifests$ cat nodes.pp
node ''vm6739'' {
include git_puppet_update
}
node ''vm6740'' {
import "create_admin_user.pp"
}
~/git/test.git/manifests$ cat create_admin_user.pp
useradd { "test":
name => "test",
uid => "881",
gid => "888",
group => "badm",
shell => "/bin/bash",
password =>
''Yvrp7r/L.ah8AliUXLMM9LZN/hQOtaYXUXNFQ8kOaqzUp1/jkH61SaE7gz/'',
sshkeytype => "rsa",
sshkey =>
"5j5llTO3cVcbPQYlII/5Arzwnj5gyzpm3xZL3o9vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
}
useradd { "testuser1":
name => "test user1",
uid => "2012",
gid => "888",
group => "badm",
shell => "/bin/bash",
password =>
''$6$0vY.Ob.b$uOClxSzliv.Jxt1XoWXjbLXtnf5JzqL5pP.caiF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1'',
sshkeytype => "rsa",
sshkey =>
"AAAAB3NzaC1yc2EAAAADAQABAAABAQC8tCVus/i5CN8KpqsEy1L3KIa0xRS9/QqgNc39q877hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Sergey Arlashin
2013-Aug-06 07:09 UTC
Re: [Puppet Users] useradd Duplicate declaration: Group
Hello,
try
group { "addgroup_$group":
name => $group,
git => $gid
}
--
Best regards,
Sergey Arlashin
On Aug 6, 2013, at 10:30 AM, Andreas Dvorak
<andreas.dvorak@googlemail.com> wrote:
> Hello,
>
> I have written a module to add user and it does work with one user. But if
I use two user puppet tells me:
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Group[badm] is already declared in file
/etc/puppet/git/modules/useradd/manifests/init.pp at line 9; cannot redeclare on
node vm6740.muc.baag
>
> How can I change the group creating part to get rid of this error?
>
>
> Here is my module file
> ~/git/test.git/modules/useradd/manifests$ cat init.pp
> define useradd ( $name, $uid, $group, $gid, $password, $shell, $sshkeytype,
$sshkey) {
> $homedir = $kernel ? {
> ''SunOS'' => ''/export/home'',
> default => ''/home''
> }
> group { $group:
> gid => "$gid",
> }
> $username = $title
> user { $username:
> ensure => present,
> comment => "$name",
> uid => "$uid",
> gid => "$gid",
> shell => "$shell",
> home => "$homedir/$username",
> managehome => true,
> password => "$password",
> require => group["$group"],
> }
> exec { $username:
> command => "/bin/cp -R /etc/skel $homedir/$username;
/bin/chown -R $username:$group $homedir/$username ",
> creates => "$homedir/$username",
> require => user["$username"],
> }
> ssh_authorized_key { $username:
> user => "$username",
> type => "$sshkeytype",
> key => "$sshkey",
> require => exec["$username"],
> }
> }
> and here are the manifests files.
> ~/git/test.git/manifests$ cat nodes.pp
> node ''vm6739'' {
> include git_puppet_update
> }
> node ''vm6740'' {
> import "create_admin_user.pp"
> }
>
> ~/git/test.git/manifests$ cat create_admin_user.pp
> useradd { "test":
> name => "test",
> uid => "881",
> gid => "888",
> group => "badm",
> shell => "/bin/bash",
> password =>
''Yvrp7r/L.ah8AliUXLMM9LZN/hQOtaYXUXNFQ8kOaqzUp1/jkH61SaE7gz/'',
> sshkeytype => "rsa",
> sshkey =>
"5j5llTO3cVcbPQYlII/5Arzwnj5gyzpm3xZL3o9vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
> }
> useradd { "testuser1":
> name => "test user1",
> uid => "2012",
> gid => "888",
> group => "badm",
> shell => "/bin/bash",
> password =>
''$6$0vY.Ob.b$uOClxSzliv.Jxt1XoWXjbLXtnf5JzqL5pP.caiF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1'',
> sshkeytype => "rsa",
> sshkey =>
"AAAAB3NzaC1yc2EAAAADAQABAAABAQC8tCVus/i5CN8KpqsEy1L3KIa0xRS9/QqgNc39q877hHJDffhqwlYoWfl1755hWeNeNZWQBcF2",
> }
>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscribe@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Andreas Dvorak
2013-Aug-06 11:34 UTC
Re: [Puppet Users] useradd Duplicate declaration: Group
Hi Sergey,
thank you but that did not help. I got the error message:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Group[addgroup_badm] is already declared in file
/etc/puppet/git/modules/useradd/manifests/init.pp at line 12; cannot
redeclare on node vm6740.muc.baag
And I tried this
group { "$group_$username":
name => "$group",
gid => "$gid",
ensure => present,
}
but I got this error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias
Group[testuser1] to ["badm"] at
/etc/puppet/git/modules/useradd/manifests/init.pp:13; resource
["Group",
"baaderadm"] already declared at
/etc/puppet/git/modules/useradd/manifests/init.pp:13 at
/etc/puppet/git/modules/useradd/manifests/init.pp:13 on node vm6740.muc.baag
Regards,
Andreas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
On Tuesday, August 6, 2013 1:30:37 AM UTC-5, Andreas Dvorak wrote:> > Hello, > > I have written a module to add user and it does work with one user. But if > I use two user puppet tells me: > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Duplicate declaration: Group[badm] is already declared in file > /etc/puppet/git/modules/useradd/manifests/init.pp at line 9; cannot > redeclare on node vm6740.muc.baag > > How can I change the group creating part to get rid of this error? > >You must not declare the same resource twice, where "same" means having the same type and the same name or title. Doing so would open the possibility of inconsistent resource declarations, and Puppet doesn''t even begin to entertain that.> > Here is my module file > ~/git/test.git/modules/useradd/manifests$ cat init.pp > define useradd ( $name, $uid, $group, $gid, $password, $shell, > $sshkeytype, $sshkey) { >It''s pretty unusual to make a defined type be the top-level object of a module. I guess it probably works, but I suspect you will find that generalizing the module a bit will be to your advantage. For instance, make it a ''user'' or ''users'' module, with the useradd definition within (i.e. user::useradd). That will also give you a place to put some of the other things you are likely to want for user management.> $homedir = $kernel ? { > ''SunOS'' => ''/export/home'', > default => ''/home'' > } > group { $group: > gid => "$gid", > } >As you already know, it''s that group declaration that is causing you trouble. In order to support the possibility that more than one managed user belongs to a given group, you must factor the group declaration out of this definition, so that it appears once for all members overall. More on that below.> $username = $title > user { $username: > ensure => present, > comment => "$name", > uid => "$uid", > gid => "$gid", > shell => "$shell", > home => "$homedir/$username", > managehome => true, > password => "$password", > require => group["$group"], > } > exec { $username: > command => "/bin/cp -R /etc/skel $homedir/$username; /bin/chown -R > $username:$group $homedir/$username ", > creates => "$homedir/$username", > require => user["$username"], > } >What''s the point of that Exec? Do you anticipate that enabling the User''s ''managehome'' property (as you have done) will be insufficient?> ssh_authorized_key { $username: > user => "$username", > type => "$sshkeytype", > key => "$sshkey", > require => exec["$username"], > } > } > and here are the manifests files. > ~/git/test.git/manifests$ cat nodes.pp > node ''vm6739'' { > include git_puppet_update > } > node ''vm6740'' { > import "create_admin_user.pp" >No, this is wrong. The ''import'' function does not do what you think. It has very few legitimate uses, and this is not among them. Instead, put the present contents of create_admin_user.pp into a class (maybe user::admin_users), put the class into a module, and ''include'' that class by name.> } > > ~/git/test.git/manifests$ cat create_admin_user.pp > useradd { "test": > name => "test", > uid => "881", > gid => "888", > group => "badm", > shell => "/bin/bash", > password => > ''Yvrp7r/L.ah8AliUXLMM9LZN/hQOtaYXUXNFQ8kOaqzUp1/jkH61SaE7gz/'', > sshkeytype => "rsa", > sshkey => > "5j5llTO3cVcbPQYlII/5Arzwnj5gyzpm3xZL3o9vaAX1pA4F1Lq87ZBrZxrTS2F0G7hHJDffhqwlYoWfl1755hWeNeNZWQBcF2", > } > useradd { "testuser1": > name => "test user1", > uid => "2012", > gid => "888", > group => "badm", > shell => "/bin/bash", > password => > ''$6$0vY.Ob.b$uOClxSzliv.Jxt1XoWXjbLXtnf5JzqL5pP.caiF0JMxjptxEq9gj72KrU7CqB7ez0gCt6fAB1'', > sshkeytype => "rsa", > sshkey => > "AAAAB3NzaC1yc2EAAAADAQABAAABAQC8tCVus/i5CN8KpqsEy1L3KIa0xRS9/QqgNc39q877hHJDffhqwlYoWfl1755hWeNeNZWQBcF2", > } > >There are several ways you could handle group management outside the [user::]useradd definition. One is simply to declare the desired groups, once each, outside its scope: group { ''badm'': gid => ''888'' } user::useradd { ''test1'': ... no group or gid ... require => Group[''badm''] } user::useradd { ''test2'': ... no group or gid ... require => Group[''badm''] } Alternatively, if you have a complete list of groups that are available for any node, but you want to manage only those that are actually needed, then you could declare all the possible groups virtually: class user::groups { @group { ''badm'': gid => 888, ensure => ''present'' } @group { ''bsvc'': gid => 898, ensure => ''present'' } @group { ''busr'': gid => 908, ensure => ''present'' } } and have the useradd definition realize the appropriate one (which can safely be done more than once): define user::useradd($name, $uid, $group [, ...]) { include ''user::groups'' realize Group[$group] user { $title: ensure => ''present'', uid => $uid, # can be either name or numeric ID: gid => $group, require => Group[$group], [...] } } (Virtual resources that are never realized for a given node will not be included in that node''s catalog.) There are other variations, too, such as some very elegant ones involving tagging and resource collectors, but for now I advise you to keep it simple while you acclimate to Puppet. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Andreas Dvorak
2013-Aug-07 10:10 UTC
[Puppet Users] Re: useradd Duplicate declaration: Group
Thank you very much John, to explain that. My module is working now. But what I tried was to have a list of user outside of the module. I would like to seperate the values of the user from the module. Have you got a hint to do that for me? Best regards, Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
On Wednesday, August 7, 2013 5:10:56 AM UTC-5, Andreas Dvorak wrote:> > Thank you very much John, to explain that. > My module is working now. > > But what I tried was to have a list of user outside of the module. I would > like to seperate the values of the user from the module. Have you got a > hint to do that for me? > >What prevents you from doing that? If you are specifically talking about the admin users class, which I suggested putting into the ''user'' module, then you can instead put it in some other module, or else just get rid of it and put its contents into one or more node blocks. The point of using a class is to facilitate re-use and/or multiple points of use. I had supposed you wanted one or both of those because of the way you were trying to use ''import'', but if you don''t need either then you don''t need a class. Also, Puppet provides no name hiding, so you can refer to any class, definition, or variable anywhere via its qualified name (e.g. "user::adduser"). For variables only, the variable declaration must already have been parsed. Module boundaries present no barrier here. More generally, there are several ways you could record data specific to your site''s nodes, and communicate it to Puppet to inform catalog compilation. They fall into two general categories: 1. Encode the data into your Puppet manifests. There are several variations on this theme, varying from simply including the data directly in declarations (your present approach) to declaring literal data structures in variables that your classes and definitions can process. 2. Load your data from an external source. There are innumerable ways to do this, but in practice, the best place for you to start if you want to go this route would be Hiera. Generally, this route proceeds via loading the external data into one or more Puppet variables, which your classes and definitions thereafter process. I should say that if you were using an external node classifier (ENC) then you could rely on that to feed some or all of the needed data to Puppet by setting global variables. I would put that in category 2, but others might categorize it differently. I apologize if that''s more information than you wanted, or if it''s not specific enough. If you want better targeted advice then I need to understand the problem better. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.