The path of least resistance is to simply use an existing group like sudo or admin which is typically already granted elevated privileges in the sudoers config file.
Alternatively you may use salt to manage either:
the sudoers config file (typically /etc/sudoers)
a file dropped into the sudoers drop directory (typically /etc/sudoers.d)
Hey Leo — I have a groups/init.sls state file that I run on all my minions to make sure the sudo group exists. I wonder if Ubuntu 16.04 doesn't ship this with group anymore.
Yeah, I would try adding a state to make sure the sudo group exists.
SaltStack builds a sort of graph of state dependencies. This error appears to relate not to the actual sudo group but to the fact that the sudo group isn't listed in SaltStack's dependency tree.
It's harmless to add a state to ensure the sudo group exists. SaltStack will do nothing if it exists.
Comments
Worked like a charm. Thanks for sharing this state recipe.
Many tHanks This is Very Good example for novice user
What should the name of the file be and what pathname should it have? I know these could be almost anything, but a hint would help the novice.
I setup my directory structure with a:
/srv/salt/users/init.sls/srv/pillar/users/init.slsIn both my state and pillar
top.slsfiles I reference- usersfor'*':so that my users get installed on all minions.Just curious about the - crypt: argument; looking on the doc, I can't find it. The most similar one is - password... Is that yet right for 2015.8.8 ?
Yeah, seems like it was switched to
passwordandcryptwas removed. I updated the example in the post.We have 4 users in a single group. The group is for sysadmins. How to add the group in sudoers via saltstack?
You have a number of options.
The path of least resistance is to simply use an existing group like
sudooradminwhich is typically already granted elevated privileges in the sudoers config file.Alternatively you may use salt to manage either:
/etc/sudoers)/etc/sudoers.d)I can't seem to get this to work on Ubuntu 16.04 hosts.
There seems to be an issue from the past that was similar: https://github.com/saltstack/salt/issues/7690
Any pointers? Cheers, Leo
Hey Leo — I have a
groups/init.slsstate file that I run on all my minions to make sure thesudogroup exists. I wonder if Ubuntu 16.04 doesn't ship this with group anymore.Hi Russell, Thanks for the reply! The strange thing with this error is that 'sudo' is a default group on Ubuntu (as a Debian derivative).
Yeah, I would try adding a state to make sure the
sudogroup exists.SaltStack builds a sort of graph of state dependencies. This error appears to relate not to the actual
sudogroup but to the fact that thesudogroup isn't listed in SaltStack's dependency tree.It's harmless to add a state to ensure the
sudogroup exists. SaltStack will do nothing if it exists.If you manually add user to group seems that salt doesn't remove it on apply. Do you know if there's any documentation for that?
From documentation it says (https://docs.saltstack.com/en/2017.7/ref/states/all/salt.states.user.html#salt.states.user.present):
remove_groups
Remove groups that the user is a member of that weren't specified in the state, Default is
True.But that doesn't work for me.
That sounds like a defect to me!
Please create an issue report.