Puppet users - Oct 2013 - User and group issues

I am currently in the process of cleaning up some of my puppet config files 
in particular some user and some virtual templates:

I get the following error:

*"err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Duplicate definition: Group[testgroup] is already defined in file 
/etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at 
/etc/puppet/manifests/templates/accounts.pp:22 on node 
puppettest.test.internal"*

If I remove 

My files:

*users.pp*

*class users *
*{*
* @accounts::virtual
*
* { *
* ''test.user'':*
* realname        =>  ''testusername'',*
* pass            =>  ''testpass'',*
* gid => "testgroup",*
* }
*
* *
* @accounts::virtual *
* { *
* ''test.user2'':*
* realname        =>  ''testuser2name'',*
* pass            =>  ''testpass'',*
* gid => "testgroup2",*
* }
*
* *
* @accounts::virtual *
* { *
* ''test.user3'':*
* realname        =>  ''testuser3name'',*
* pass              =>  ''testpass'',*
* gid      => "testgroup",*
* }*

*accounts.pp*
*
*
*define accounts::virtual ($realname,$pass,$gid,$sshkey="") *
*{ *
* user *
* { *
* $title:*
* ensure            =>  present,*
* comment           =>  "${realname} ${gid} User",*
* gid               =>  $title,*
* shell             =>  ''/bin/bash'',*
* require           =>  Group[$gid],*
* home              =>  "/home/${title}",*
* managehome        =>  true,*
* password          =>  $pass,*
* }*
* *
* group *
* { *
* $gid:*
* ensure => present,*
* }*
* *
* file *
* { *
* "/home/${title}":*
* ensure            =>  directory,*
* owner             =>  $title,*
* group             =>  $gid,*
* mode              =>  0700,*
* require           =>  [ User[$title], Group[$gid] ],*
* }*
* *
* # If we have an SSH key present then insert it onto the user*
* if ( $sshkey != "" ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure  =>      "present",*
* type    =>      "ssh-rsa",*
* key     =>      "$sshkey",*
* user    =>      "$title",*
* require =>      User["$title"],*
* name    =>      "$title",*
* }*
* }*
* *
* # If there is no key specified, make sure this value is blank *
* if ( $sshkey == "" ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure  =>      "absent",*
* user    =>      "$title",*
* require =>      User["$title"],*
* }*
* }*
*}*

then inside *site.pp*
*
*
*include users*
*realize
(Accounts::Virtual[''test.user'',''test.user2'',''test.user3''])*
*
*
If I remove test.user3 it all works fine, so this is something related to 
the group being declared or what puppet thinks is declared twice because of 
the way I have created a virtual class. Is there any obvious solutions to 
this besides absolutely declaring each user individually?


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Hello
You have both users with the gid ''testgroup''. I think you mean
group
''testgroup''.
I think its common/best practice for each user''s gid to be uniq and
named
the same as the user
Neil
On 28 Oct 2013 16:18, <boxrick@gmail.com> wrote:
> I am currently in the process of cleaning up some of my puppet config
> files in particular some user and some virtual templates:
>
> I get the following error:
>
> *"err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Duplicate definition: Group[testgroup] is already defined in file
> /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at
> /etc/puppet/manifests/templates/accounts.pp:22 on node
> puppettest.test.internal"*
>
> If I remove
>
> My files:
>
> *users.pp*
>
> *class users *
> *{*
> * @accounts::virtual
> *
> * { *
> * ''test.user'':*
> * realname        =>  ''testusername'',*
> * pass            =>  ''testpass'',*
> * gid => "testgroup",*
> * }
> *
> * *
> * @accounts::virtual *
> * { *
> * ''test.user2'':*
> * realname        =>  ''testuser2name'',*
> * pass            =>  ''testpass'',*
> * gid => "testgroup2",*
> * }
> *
> * *
> * @accounts::virtual *
> * { *
> * ''test.user3'':*
> * realname        =>  ''testuser3name'',*
> * pass              =>  ''testpass'',*
> * gid      => "testgroup",*
> * }*
>
> *accounts.pp*
> *
> *
> *define accounts::virtual ($realname,$pass,$gid,$sshkey="") *
> *{ *
> * user *
> * { *
> * $title:*
> * ensure            =>  present,*
> * comment           =>  "${realname} ${gid} User",*
> * gid               =>  $title,*
> * shell             =>  ''/bin/bash'',*
> * require           =>  Group[$gid],*
> * home              =>  "/home/${title}",*
> * managehome        =>  true,*
> * password          =>  $pass,*
> * }*
> * *
> * group *
> * { *
> * $gid:*
> * ensure => present,*
> * }*
> * *
> * file *
> * { *
> * "/home/${title}":*
> * ensure            =>  directory,*
> * owner             =>  $title,*
> * group             =>  $gid,*
> * mode              =>  0700,*
> * require           =>  [ User[$title], Group[$gid] ],*
> * }*
> * *
> * # If we have an SSH key present then insert it onto the user*
> * if ( $sshkey != "" ) *
> * {*
> * ssh_authorized_key *
> * { *
> * $title:*
> * ensure  =>      "present",*
> * type    =>      "ssh-rsa",*
> * key     =>      "$sshkey",*
> * user    =>      "$title",*
> * require =>      User["$title"],*
> * name    =>      "$title",*
> * }*
> * }*
> * *
> * # If there is no key specified, make sure this value is blank *
> * if ( $sshkey == "" ) *
> * {*
> * ssh_authorized_key *
> * { *
> * $title:*
> * ensure  =>      "absent",*
> * user    =>      "$title",*
> * require =>      User["$title"],*
> * }*
> * }*
> *}*
>
> then inside *site.pp*
> *
> *
> *include users*
> *realize
(Accounts::Virtual[''test.user'',''test.user2'',''test.user3''])*
> *
> *
> If I remove test.user3 it all works fine, so this is something related to
> the group being declared or what puppet thinks is declared twice because of
> the way I have created a virtual class. Is there any obvious solutions to
> this besides absolutely declaring each user individually?
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAohVBc8L4OAnY%3DYTHVYZ5W%3DkcUtN55ATt_d%3DZYAKad4_--PCg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Monday, October 28, 2013 11:03:09 AM UTC-5, box...@gmail.com
wrote:
>
> I am currently in the process of cleaning up some of my puppet config 
> files in particular some user and some virtual templates:
>
> I get the following error:
>
> *"err: Could not retrieve catalog from remote server: Error 400 on 
> SERVER: Duplicate definition: Group[testgroup] is already defined in file 
> /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at 
> /etc/puppet/manifests/templates/accounts.pp:22 on node 
> puppettest.test.internal"*
>
>
The declarations appearing directly in a defined type''s body are issued
once for each declared instance of that defined type.  No resource may be 
declared more than once.  Thus every resource declared by a defined type 
instance must be specific to that instance.  Resources shared between 
instances, such as a common Group, must be factored out.

One possible approach here would be to issue virtual declarations of all 
possible groups in some central class, and then have your accounts::virtual 
definition realize the appropriate group instead of declaring it.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2c19fa5e-28ef-41ea-9a88-a0a3fd192b3f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

I see that makes sense, would you be able to give a quick example of the 
required syntax?

On Tuesday, October 29, 2013 1:58:23 PM UTC, jcbollinger
wrote:
>
>
>
> On Monday, October 28, 2013 11:03:09 AM UTC-5, box...@gmail.com wrote:
>>
>> I am currently in the process of cleaning up some of my puppet config 
>> files in particular some user and some virtual templates:
>>
>> I get the following error:
>>
>> *"err: Could not retrieve catalog from remote server: Error 400 on
>> SERVER: Duplicate definition: Group[testgroup] is already defined in
file
>> /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine
at
>> /etc/puppet/manifests/templates/accounts.pp:22 on node 
>> puppettest.test.internal"*
>>
>>
>
> The declarations appearing directly in a defined type''s body are
issued
> once for each declared instance of that defined type.  No resource may be 
> declared more than once.  Thus every resource declared by a defined type 
> instance must be specific to that instance.  Resources shared between 
> instances, such as a common Group, must be factored out.
>
> One possible approach here would be to issue virtual declarations of all 
> possible groups in some central class, and then have your accounts::virtual
> definition realize the appropriate group instead of declaring it.
>
>
> John
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9e3e1730-48cd-4f86-aac2-d0390d6dab1a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Tuesday, October 29, 2013 10:31:56 AM UTC-5, box...@gmail.com
wrote:
>
> I see that makes sense, would you be able to give a quick example of the 
> required syntax?
>
>
Here is a simple example.  If you have more than a tiny number of users 
and/or groups, however, or if they change with any frequency, then you 
should probably externalize your data instead encoding it directly in your 
classes.  Externalizing your data is a whole other kettle of fish, though.

<module path>/accounts/manifests/groups.pp:
----
class accounts::groups {
  @group { ''testgroup'': ensure => present }
  @group { ''testgroup2'': ensure => present }
}

<module path>/accounts/manifests/virtual.pp:
----
# note the file name --
# NOT accounts.pp as in the orginal post
define accounts::virtual ($realname,$pass,$gid,$sshkey="") {
  include accounts::groups

  realize Group[$gid]

  user { $title:
    ensure => present,
    gid => $gid,
    # ...
  }  
  # Note: User autorequires Group[$gid] if it is Puppet-managed,
  # so there''s no need to declare that explicitly.

  # ...
}


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a67c8e99-4b47-486e-bfa1-7443db42a13a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.