我正在尝试将用户分配到带有清单的多个群组,但我遇到了墙。
尝试1:
class usergroup {
group { "user_one":
ensure => present,
gid => 500,
}
group { "user_two":
ensure => present,
gid => 501,
}
group { "dev_site_one":
ensure => present,
gid => 502,
}
group { "dev_site_two":
ensure => present,
gid => 503,
}
group { "dev_site_three":
ensure => present,
gid => 504,
}
user { "user_one":
ensure => present,
uid => 500,
gid => 500,
gid => 502,
gid => 503,
gid => 504,
}
user { "user_two":
ensure => present,
uid => 501,
gid => 501,
}
}
运行此:
puppet apply --noop ./init.pp
收益率:
错误:在用户[user_one]上复制参数'gid' 节点上的/etc/puppet/modules/webserver/manifests/init.pp:159 my_web_server
尝试2:
我试图像这样突破每个gid声明:
class usergroup {
group { "user_one":
ensure => present,
gid => 500,
}
group { "user_two":
ensure => present,
gid => 501,
}
group { "dev_site_one":
ensure => present,
gid => 502,
}
group { "dev_site_two":
ensure => present,
gid => 503,
}
group { "dev_site_three":
ensure => present,
gid => 504,
}
user { "user_one":
ensure => present,
uid => 500,
gid => 500,
}
user { "user_one":
gid => 502,
}
user { "user_two":
ensure => present,
uid => 501,
gid => 501,
}
}
运行此:
puppet apply --noop ./init.pp
收益率:
错误:重复声明:已声明用户[user_one] 文件/etc/puppet/modules/webserver/manifests/init.pp:156;不能 重新启动/etc/puppet/modules/webserver/manifests/init.pp:160 on 节点my_web_server
...其中160是我尝试将gid 502分配给user_one的地方。
问题
有没有办法用Puppet分配多个组,还是我必须手动分配这些组?
答案 0 :(得分:14)
是的,有办法!
查看http://docs.puppetlabs.com/references/latest/type.html#user。
参数 gid 指定用户的主要组,它必须是唯一的。可以使用 groups 参数指定其他组。
假设 500 应该是主要群组......
user { "user_one":
ensure => present,
uid => 500,
gid => 500,
groups => [502, 503, 504],
}
......应该做的工作。
答案 1 :(得分:0)
如果需要,您也可以使用群组名称,如下所示。
group { "group_one":
ensure => present,
gid => 500,}
group { "group_two":
ensure => present,
gid => 501,}
user { "user_one":
ensure => present,
comment => 'New user being created',
uid => 505,
groups => ["group_one","group_two"],}