Puppet:将多个 AD 用户添加到本地组
Puppet: Adding multiple AD users to local group
我正在尝试将 Windows Server 2012 上的多个 AD 用户添加到 Administrators 组,但出现错误。如果我在 params.pp 文件中只指定一个用户,那么它工作正常。
params.pp
$user_to_add = [
'ad8\iisuser',
'ad8\dbuser',
],
$group_name = 'Administrators',
add_user_to_local_group.pp
class common::add_user_to_local_group (
$user_to_add = $common::params::user_to_add,
$group_name = $common::params::group_name,
) inherits common::params {
$user_to_add.each |$user_name| {
group { "Add $user_name to local group":
ensure => present,
name => $group_name,
members => [ $user_name ],
}
}
}
错误:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while eval
uating a Resource Statement, Cannot alias Group[Add ad8\dbuser to local group] to [\"Administrators\"] at /etc/puppetlabs/code/en
vironments/automation/modules/common/manifests/add_user_to_local_group.pp:6; resource [\"Group\", \"Administrators\"] already declared
at /etc/puppetlabs/code/environments/automation/modules/common/manifests/add_user_to_local_group.pp:6 at /etc/puppetlabs/code/environme
nts/automation/modules/common/manifests/add_user_to_local_group.pp:6:9 on node lab.ad8.com","issue_kind":"RUNTIME_ERROR","stacktrace
":["Warning: The 'stacktrace' property is deprecated and will be removed in a future version of Puppet. For security reasons, stacktrac
es are not returned with Puppet HTTP Error responses."]}
您正试图通过为两个资源提供不同的标题来规避资源 uniqueness/multiple 声明,但资源还必须具有唯一的名称变量 https://docs.puppet.com/puppet/4.9/lang_resources.html#namenamevar. The namevar for the group resource is name, which is aliased from the title if not specified in the attributes (hence the error message output being what it is) https://docs.puppet.com/puppet/latest/type.html#group-attribute-name.
因此,当您为
声明两个资源时
group { "Add $user_name to local group":
ensure => present,
name => $group_name,
members => [ $user_name ],
}
具有与迭代散列时相同的 name 属性(因为 $group_name 两者相同),那么您将抛出多重声明错误。这也是为什么当你只指定一个用户时它对你有用,因为你有 namevar 唯一性。
要解决此问题,您只需要一个 group 资源即可同时添加两个用户,而不是依次添加。
class common::add_user_to_local_group (
$user_to_add = $common::params::user_to_add,
$group_name = $common::params::group_name,
) inherits common::params {
group { $group_name:
ensure => present,
members => $user_to_add,
}
}
我还建议将单词 'user' 的使用复数化以进行澄清 ($user_to_add --> $users_to_add)。另一个改进可能是允许传入多个组并迭代具有关联成员哈希的组,但您可以自己决定。
我正在尝试将 Windows Server 2012 上的多个 AD 用户添加到 Administrators 组,但出现错误。如果我在 params.pp 文件中只指定一个用户,那么它工作正常。
params.pp
$user_to_add = [
'ad8\iisuser',
'ad8\dbuser',
],
$group_name = 'Administrators',
add_user_to_local_group.pp
class common::add_user_to_local_group (
$user_to_add = $common::params::user_to_add,
$group_name = $common::params::group_name,
) inherits common::params {
$user_to_add.each |$user_name| {
group { "Add $user_name to local group":
ensure => present,
name => $group_name,
members => [ $user_name ],
}
}
}
错误:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while eval
uating a Resource Statement, Cannot alias Group[Add ad8\dbuser to local group] to [\"Administrators\"] at /etc/puppetlabs/code/en
vironments/automation/modules/common/manifests/add_user_to_local_group.pp:6; resource [\"Group\", \"Administrators\"] already declared
at /etc/puppetlabs/code/environments/automation/modules/common/manifests/add_user_to_local_group.pp:6 at /etc/puppetlabs/code/environme
nts/automation/modules/common/manifests/add_user_to_local_group.pp:6:9 on node lab.ad8.com","issue_kind":"RUNTIME_ERROR","stacktrace
":["Warning: The 'stacktrace' property is deprecated and will be removed in a future version of Puppet. For security reasons, stacktrac
es are not returned with Puppet HTTP Error responses."]}
您正试图通过为两个资源提供不同的标题来规避资源 uniqueness/multiple 声明,但资源还必须具有唯一的名称变量 https://docs.puppet.com/puppet/4.9/lang_resources.html#namenamevar. The namevar for the group resource is name, which is aliased from the title if not specified in the attributes (hence the error message output being what it is) https://docs.puppet.com/puppet/latest/type.html#group-attribute-name.
因此,当您为
声明两个资源时group { "Add $user_name to local group":
ensure => present,
name => $group_name,
members => [ $user_name ],
}
具有与迭代散列时相同的 name 属性(因为 $group_name 两者相同),那么您将抛出多重声明错误。这也是为什么当你只指定一个用户时它对你有用,因为你有 namevar 唯一性。
要解决此问题,您只需要一个 group 资源即可同时添加两个用户,而不是依次添加。
class common::add_user_to_local_group (
$user_to_add = $common::params::user_to_add,
$group_name = $common::params::group_name,
) inherits common::params {
group { $group_name:
ensure => present,
members => $user_to_add,
}
}
我还建议将单词 'user' 的使用复数化以进行澄清 ($user_to_add --> $users_to_add)。另一个改进可能是允许传入多个组并迭代具有关联成员哈希的组,但您可以自己决定。