Use the group resource to manage a local group.
A group resource block manages groups on a node:
group 'www-data' do action :modify members 'maintenance' append true end
The full syntax for all of the properties that are available to the group resource is:
group 'name' do append TrueClass, FalseClass excluded_members Array gid String, Integer group_name String # defaults to 'name' if not specified members Array non_unique TrueClass, FalseClass notifies # see description provider Chef::Provider::Group subscribes # see description system TrueClass, FalseClass action Symbol # defaults to :create if not specified end
where
group
is the resourcename
is the name of the resource block:action
identifies the steps the chef-client will take to bring the node into the desired stateappend
, excluded_members
, gid
, group_name
, members
, non_unique
, provider
, and system
are properties of this resource, with the Ruby type shown. See “Properties” section below for more information about all of the properties that may be used with this resource.This resource has the following actions:
:create
:manage
:modify
:nothing
:remove
This resource has the following properties:
append
Ruby Types: TrueClass, FalseClass
How members should be appended and/or removed from a group. When true
, members
are appended and excluded_members
are removed. When false
, group members are reset to the value of the members
property. Default value: false
.
excluded_members
Ruby Type: Array
Remove users from a group. May only be used when append
is set to true
.
gid
Ruby Types: String, Integer
The identifier for the group.
group_name
Ruby Type: String
The name of the group. Default value: the name
of the resource block See “Syntax” section above for more information.
ignore_failure
Ruby Types: TrueClass, FalseClass
Continue running a recipe if a resource fails for any reason. Default value: false
.
members
Ruby Type: Array
Which users should be set or appended to a group. When more than one group member is identified, the list of members should be an array: members ['user1', 'user2']
.
non_unique
Ruby Types: TrueClass, FalseClass
Allow gid
duplication. May only be used with the Groupadd
provider. Default value: false
.
notifies
Ruby Type: Symbol, ‘Chef::Resource[String]’
A resource may notify another resource to take action when its state changes. Specify a 'resource[name]'
, the :action
that resource should take, and then the :timer
for that action. A resource may notifiy more than one resource; use a notifies
statement for each resource to be notified.
A timer specifies the point during the chef-client run at which a notification is run. The following timers are available:
:before
:delayed
:immediate
, :immediately
The syntax for notifies
is:
notifies :action, 'resource[name]', :timer
provider
Ruby Type: Chef Class
Optional. Explicitly specifies a provider. See “Providers” section below for more information.
retries
Ruby Type: Integer
The number of times to catch exceptions and retry the resource. Default value: 0
.
retry_delay
Ruby Type: Integer
The retry delay (in seconds). Default value: 2
.
subscribes
Ruby Type: Symbol, ‘Chef::Resource[String]’
A resource may listen to another resource, and then take action if the state of the resource being listened to changes. Specify a 'resource[name]'
, the :action
to be taken, and then the :timer
for that action.
A timer specifies the point during the chef-client run at which a notification is run. The following timers are available:
:before
:delayed
:immediate
, :immediately
The syntax for subscribes
is:
subscribes :action, 'resource[name]', :timer
system
Ruby Types: TrueClass, FalseClass
Show if a group belongs to a system group. Set to true
if the group belongs to a system group.
Where a resource represents a piece of the system (and its desired state), a provider defines the steps that are needed to bring that piece of the system from its current state into the desired state.
The chef-client will determine the correct provider based on configuration data collected by Ohai at the start of the chef-client run. This configuration data is then mapped to a platform and an associated list of providers.
Generally, it’s best to let the chef-client choose the provider, and this is (by far) the most common approach. However, in some cases, specifying a provider may be desirable. There are two approaches:
yum_package "foo" do
instead of package "foo" do
, script "foo" do
instead of bash "foo" do
, and so on—when availableprovider
property within the resource block to specify the long name of the provider as a property of a resource. For example: provider Chef::Provider::Long::Name
This resource has the following providers:
Chef::Provider::Group
, group
Chef::Provider::Group::Aix
, group
Chef::Provider::Group::Dscl
, group
Chef::Provider::Group::Gpasswd
, group
Chef::Provider::Group::Groupadd
, group
Chef::Provider::Group::Groupmod
, group
Chef::Provider::Group::Pw
, group
Chef::Provider::Group::Suse
, group
Chef::Provider::Group::Usermod
, group
Chef::Provider::Group::Windows
, group
The following examples demonstrate various approaches for using resources in recipes. If you want to see examples of how Chef uses resources in recipes, take a closer look at the cookbooks that Chef authors and maintains: https://github.com/chef-cookbooks.
Append users to groups
group 'www-data' do action :modify members 'maintenance' append true end
Add a user to group on the Windows platform
group 'Administrators' do members ['domain\foo'] append true action :modify end
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs-archive.chef.io/release/12-13/resource_group.html