我有点不清楚为什么会出现这个错误。从支柱加载用户之前是有效的。我将模块从“base”重命名为“common”,以避免与 salt 中的“base”状态混淆,然后出现此错误。
/pillar/top.sls:
base:
'*':
- common.users
'appserver-*':
- app-shared.users
'ssh-bastion*':
- ssh-bastion.users
/pillar/common/users.sls:
# Example User Entry
#
# tusername:
# fullname: Test Username (optional)
# uid: 1007
# gid: 1007
# shell: /bin/zsh (optional)
# groups: (optional)
# - sudo
# - ops
# pub_ssh_keys: (optional)
# - ssh-key # noqa: 204
users:
foo:
uid: 2000
gid: 2000
shell: /bin/zsh
pub_ssh_keys:
- ssh-rsa << obfuscated >> foo # noqa: 204
bar:
uid: 2001
gid: 2001
pub_ssh_keys:
- ssh-rsa << obfuscated >> bar # noqa: 204
状态文件
/salt/common/users.sls
{% for username, details in pillar.get('users', {}).items() %}
{{ username }}:
{% do salt["log.info"]("Processing user "+ username) %}
group:
- present
- name: {{ username }}
- gid: {{ details.get('gid', '') }}
user:
- present
- name: {{ username }}
{% if 'fullname' in details %}
- fullname: {{ details.get('fullname','') }}
{% endif %}
{% if 'shell' in details %}
- shell: {{ shell }}
{% else %}
- shell: /bin/bash
{% endif %}
- home: /home/{{ username }}
- uid: {{ details.get('uid', '') }}
- gid: {{ details.get('gid', '') }}
{% if 'groups' in details %}
- groups:
{% for group in details.get('groups', []) %}
- {{ group }}
{% endfor %}
- require:
{% for group in details.get('groups', []) %}
- group: {{ group }}
{% endfor %}
{% endif %}
{% if 'pub_ssh_keys' in details %}
ssh_auth:
- present
- user: {{ username }}
- names:
{% for pub_ssh_key in details.get('pub_ssh_keys', []) %}
- {{ pub_ssh_key }}
{% endfor %}
- require:
- user: {{ username }}
{% endif %}
{% endfor %}
ec2-user:
user.absent
ubuntu:
user.absent
当我尝试应用状态时,我得到:
~$ sudo salt-call state.highstate
[ERROR ] Rendering exception occurred
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/salt/utils/templates.py", line 502, in render_jinja_tmpl
output = template.render(**decoded_context)
File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1291, in render
self.environment.handle_exception()
File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 925, in handle_exception
raise rewrite_traceback_stack(source=source)
File "<template>", line 18, in top-level template code
jinja2.exceptions.UndefinedError: 'shell' is undefined
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/salt/utils/templates.py", line 261, in render_tmpl
output = render_str(tmplstr, context, tmplpath)
File "/usr/lib/python3/dist-packages/salt/utils/templates.py", line 509, in render_jinja_tmpl
raise SaltRenderError("Jinja variable {}{}".format(exc, out), buf=tmplstr)
salt.exceptions.SaltRenderError: Jinja variable 'shell' is undefined
[CRITICAL] Rendering SLS 'base:common.users' failed: Jinja variable 'shell' is undefined
local:
Data failed to compile:
----------
Rendering SLS 'base:common.users' failed: Jinja variable 'shell' is undefined
我不明白当(在我看来)任何对
'shell'
的引用都包含在 'shell'
中时,Jinja 会如何抱怨
{% if 'shell' in details %}
未定义
PEBKAC
问题是
- shell: {{ shell }}
。我看了好几遍也没看出明显的地方。
就像错误所说,
shell
未定义。将整个 if
块替换为 - shell: {{ details.get('shell', '/bin/bash') }}
就可以了:
{% for username, details in pillar.get('users', {}).items() %}
{{ username }}:
{% do salt["log.info"]("Processing user "+ username) %}
group:
- present
- name: {{ username }}
- gid: {{ details.get('gid', '') }}
user:
- present
- name: {{ username }}
{% if 'fullname' in details %}
- fullname: {{ details.get('fullname','') }}
{% endif %}
- shell: {{ details.get('shell', '/bin/bash') }}
- home: /home/{{ username }}
- uid: {{ details.get('uid', '') }}
- gid: {{ details.get('gid', '') }}
{% if 'groups' in details %}
- groups:
{% for group in details.get('groups', []) %}
- {{ group }}
{% endfor %}
- require:
{% for group in details.get('groups', []) %}
- group: {{ group }}
{% endfor %}
{% endif %}
{% if 'pub_ssh_keys' in details %}
ssh_auth:
- present
- user: {{ username }}
- names:
{% for pub_ssh_key in details.get('pub_ssh_keys', []) %}
- {{ pub_ssh_key }}
{% endfor %}
- require:
- user: {{ username }}
{% endif %}
{% endfor %}
ec2-user:
user.absent
ubuntu:
user.absent