hide preview

What's next? verify your email address for reply notifications!

Stephen-Wood-rb 10y, 147d ago

Worked like a charm. Thanks for sharing this state recipe.

hide preview

What's next? verify your email address for reply notifications!

luupux-rb 9y, 145d ago

Many tHanks This is Very Good example for novice user

hide preview

What's next? verify your email address for reply notifications!

LerpDurp-rb 8y, 67d ago

What should the name of the file be and what pathname should it have? I know these could be almost anything, but a hint would help the novice.

remark link
hide preview

What's next? verify your email address for reply notifications!

russell 6y, 61d ago

I setup my directory structure with a:

  • state file /srv/salt/users/init.sls
  • pillar file /srv/pillar/users/init.sls

In both my state and pillar top.sls files I reference - users for '*': so that my users get installed on all minions.

hide preview

What's next? verify your email address for reply notifications!

Highloop-rb 7y, 323d ago

Just curious about the - crypt: argument; looking on the doc, I can't find it. The most similar one is - password... Is that yet right for 2015.8.8 ?

remark link
hide preview

What's next? verify your email address for reply notifications!

russell 6y, 61d ago

Yeah, seems like it was switched to password and crypt was removed. I updated the example in the post.

hide preview

What's next? verify your email address for reply notifications!

s23UIQKS 6y, 235d ago [edited]

We have 4 users in a single group. The group is for sysadmins. How to add the group in sudoers via saltstack?

remark link
hide preview

What's next? verify your email address for reply notifications!

russell 6y, 235d ago

You have a number of options.

The path of least resistance is to simply use an existing group like sudo or admin which is typically already granted elevated privileges in the sudoers config file.

Alternatively you may use salt to manage either:

  • the sudoers config file (typically /etc/sudoers)
  • a file dropped into the sudoers drop directory (typically /etc/sudoers.d)
hide preview

What's next? verify your email address for reply notifications!

4H9X7aSM 6y, 61d ago

I can't seem to get this to work on Ubuntu 16.04 hosts.

There seems to be an issue from the past that was similar: https://github.com/saltstack/salt/issues/7690

Any pointers? Cheers, Leo

Function: user.present
  Result: False
 Comment: The following requisites were not found:
                             require:
                                 group: sudo
remark link
hide preview

What's next? verify your email address for reply notifications!

russell 6y, 61d ago [edited]

Hey Leo — I have a groups/init.sls state file that I run on all my minions to make sure the sudo group exists. I wonder if Ubuntu 16.04 doesn't ship this with group anymore.

group-sudo:
  group.present:
    - name: sudo
remark link parent
hide preview

What's next? verify your email address for reply notifications!

4H9X7aSM 6y, 61d ago

Hi Russell, Thanks for the reply! The strange thing with this error is that 'sudo' is a default group on Ubuntu (as a Debian derivative).

remark link parent
hide preview

What's next? verify your email address for reply notifications!

russell 6y, 61d ago [edited]

Yeah, I would try adding a state to make sure the sudo group exists.

SaltStack builds a sort of graph of state dependencies. This error appears to relate not to the actual sudo group but to the fact that the sudo group isn't listed in SaltStack's dependency tree.

It's harmless to add a state to ensure the sudo group exists. SaltStack will do nothing if it exists.

hide preview

What's next? verify your email address for reply notifications!

unverified 5y, 282d ago

If you manually add user to group seems that salt doesn't remove it on apply. Do you know if there's any documentation for that?

remark link
hide preview

What's next? verify your email address for reply notifications!

unverified 5y, 282d ago

From documentation it says (https://docs.saltstack.com/en/2017.7/ref/states/all/salt.states.user.html#salt.states.user.present):

remove_groups
Remove groups that the user is a member of that weren't specified in the state, Default is True.

But that doesn't work for me.

remark link parent
hide preview

What's next? verify your email address for reply notifications!

russell 5y, 282d ago

That sounds like a defect to me!

Please create an issue report.

hide preview

What's next? verify your email address for reply notifications!