SaltStack: found conflicting ID

Question

My sls file:

/etc/sudoers.d/foo:
  file.managed:
    - contents: |
      foo ALL = NOPASSWD: /usr/bin/systemctl restart minio_storage-foo.service
      foo ALL = NOPASSWD: /bin/systemctl restart minio_storage-foo.service
    - template: jinja
    - mode: 0440

Error message:

salt:/srv # salt-ssh aptguettler state.sls minio_storage

[CRITICAL] Rendering SLS 'base:minio_storage.django' failed: while constructing a mapping
  in "<unicode string>", line 29, column 7
found conflicting ID 'foo ALL = NOPASSWD'
  in "<unicode string>", line 31, column 7
aptguettler:
    - Rendering SLS 'base:minio_storage.django' failed: while constructing a mapping
        in "<unicode string>", line 29, column 7
      found conflicting ID 'foo ALL = NOPASSWD'
        in "<unicode string>", line 31, column 7

What is wrong?

score 4 · Answer 1 · answered May 17 '19 at 12:56

This:

- contents: |

introduces a value for contents that is a block style literal scalar that runs for all following indented lines. The indention must be more than the indent of the key contents. Since your next line

  foo ALL = NOPASSWD: /usr/bin/systemctl restart minio_storage-foo.service

is not indented more, it terminates the block style literal scalar (to the empty string), and then introduces the next key foo ALL = NOPASSWD with as value /usr/bin/systemctl restart minio_storage-foo.service for the mapping that is the first item of the sequence. However the next line has the same key, for that mapping and mapping keys have to be unique in YAML, hence the error.

As you found yourself you need to indent the lines following the literal scalar indicator (|), and it should be obvious why that is: a value for a key needs to be indented more than the key, otherwise you would not know when the next key for the mapping was introduced.

guettli · Answer 2 · 2019-05-17T12:27:15.000

1

Don't ask me why, but this works.

/etc/sudoers.d/foo:
  file.managed:
    - contents: |
       foo ALL = NOPASSWD: /usr/bin/systemctl restart minio_storage-foo.service
       foo ALL = NOPASSWD: /bin/systemctl restart minio_storage-foo.service
    - template: jinja
    - mode: 0440

Do you spot the difference?

There is one more space before "foo ALL". Grrrr YAML.

edited May 17 '19 at 12:27

answered May 17 '19 at 12:20

guettli

3,113
14
59
110

SaltStack: found conflicting ID

2 Answers2