I'm trying to manage a Windows server with chef, and need to create some users, add them to a group, and add that group to another group.
user 'test.user' do
password 'password'
action :create
end
group 'TestGroup' do
action :create
members [ 'test.user' ]
append true
end
group 'OtherGroup' do # This is line 43
action :create
members [ 'TestGroup' ]
append true
end
That results in an error:
[2015-02-12T09:54:35+00:00] FATAL: ArgumentError: group[OtherGroup] (users::staff line 43) had an error: ArgumentError: A new member could not be added to a local group because the member has the wrong account type.
It's like Chef can't add a group to a group. Adding users to a group is fine.
Oddly it only seems to affect a custom group. I can add to the built in Users and Administrators groups fine.
group 'Administrators' do
action :modify
members [ 'TestGroup' ]
append true
end
I have also tried creating the OtherGroup empty first, and then :modifying it, but the same problem happens.
Best Answer
You have not specified which version of Windows Server you are working with, nor the version of Chef - so these are a few assumptions.
From the Chef docs, it does not appear that adding a group as a member of a groups is supported:
From the error message, we can derive that the operation being attempted is adding a local group to another local group.
The Windows API method that Chef is using under the hood states (emphasis mine):
There does not appear to be much spec/test coverage for the underlying API calls in Chef - but from the call to this method it appears that the intention of adding members to a group is expected to be a Domain User only, not another local group.