Puppet users - Apr 2011 - Should @user with managehome also track the actual home directory?

On my test system, I noticed that (with virtual users) if you remove /
home/username, puppet doesn''t realize there is a problem, as the
resource doesn''t track the home directory.

When you userdel then it notices and creates everything as it should
be.

In a virtual user configuration, what''s the best way to ensure that
the home directory is also present, in addition to the /etc/passwd
entries (or, dependent on each other)?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 04/04/2011 10:00 PM, Forrie wrote:
> On my test system, I noticed that (with virtual users) if you remove /
> home/username, puppet doesn''t realize there is a problem, as the
> resource doesn''t track the home directory.
> 
> When you userdel then it notices and creates everything as it should
> be.
Sounds like a bug to me. A user with managehome => true but no home
directory should not be in sync. You may want to report this (or vote on
the bug if it''s been reported already).
> In a virtual user configuration, what''s the best way to ensure
that
> the home directory is also present, in addition to the /etc/passwd
> entries (or, dependent on each other)?
I don''t understand what the user''s being virtual has to do
with this,
please elaborate.

A simple workaround is to wrap the user type in your own define. This
define will manage the home dir as a file type resource and you don''t
use managehome at all. I think it''s quite common to do that, since
people probably want to ensure the existence of .ssh/authorized_keys or
similar things as well.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

>
> Sounds like a bug to me. A user with managehome => true but no home
> directory should not be in sync. You may want to report this (or vote on
> the bug if it''s been reported already).
I wasn''t able to find a bug similar to this based on the search
criteria, so I filed bug #7002.
>
> > In a virtual user configuration, what''s the best way to
ensure that
> > the home directory is also present, in addition to the /etc/passwd
> > entries (or, dependent on each other)?
>
> I don''t understand what the user''s being virtual has to
do with this,
> please elaborate.
What I mean is provided that "managehome" doesn''t actually
"manage"
the directory after creation, what''s a clever way to tie in this
(somewhat obvious) dependency into the user creation/tracking.
Perhaps with some wrapper around the call.
> A simple workaround is to wrap the user type in your own define. This
> define will manage the home dir as a file type resource and you
don''t
> use managehome at all. I think it''s quite common to do that, since
> people probably want to ensure the existence of .ssh/authorized_keys or
> similar things as well.
Thanks, yes I think I''m going to try doing this.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Apr 6, 4:16 pm, Forrie <for...@gmail.com>
wrote:
> > Sounds like a bug to me. A user with managehome => true but no home
> > directory should not be in sync. You may want to report this (or vote
on
> > the bug if it''s been reported already).
>
> I wasn''t able to find a bug similar to this based on the search
> criteria, so I filed bug #7002.
>
>
>
> > > In a virtual user configuration, what''s the best way to
ensure that
> > > the home directory is also present, in addition to the
/etc/passwd
> > > entries (or, dependent on each other)?
>
> > I don''t understand what the user''s being virtual has
to do with this,
> > please elaborate.
>
> What I mean is provided that "managehome" doesn''t
actually "manage"
> the directory after creation, what''s a clever way to tie in this
> (somewhat obvious) dependency into the user creation/tracking.
> Perhaps with some wrapper around the call.

You are right, in the sense that you have accurately described the
relevant part of the meaning of the "managehome" parameter.  You are
also right that this sense of "manage" is not quite what we usually
mean when we say that Puppet is managing something, thus the parameter
does have a somewhat unfortunate name.  I don''t personally account
this a bug, but we shall see what happens with ticket 7002.

> > A simple workaround is to wrap the user type in your own define. This
> > define will manage the home dir as a file type resource and you
don''t
> > use managehome at all. I think it''s quite common to do that,
since
> > people probably want to ensure the existence of .ssh/authorized_keys
or
> > similar things as well.
>
> Thanks, yes I think I''m going to try doing this.

Indeed, I would not characterize this as a workaround at all.  If you
want to manage a directory in the usual Puppet sense of the term, then
declaring a resource for it is the standard and appropriate way to
proceed.

Do note also that User providers that support "managing" home
directories may do more than just create that directory when the user
is added.  In particuar, they may initially populate the directory
with various files and subdirectories.  If you are using the
''useradd''
provider (which is common), then you can find details in the manpage
of the ''useradd'' program, and especially its -m option.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

One workaround is to also is to set user first to "absent" that will
delete
the user.  Once that is done, create the user with "ensure ->
present" and
that will create user with correct home directory.  Keep in mind that above
doesn''t delete a home directory either so all you really loose is the
time
that the user was deleted, which can be very short if you manually run
puppet.

I would consider this a bug, I think that a user without a home directory
but explicitly set should have his directory created by puppet.



On Thu, Apr 7, 2011 at 7:52 AM, jcbollinger
<John.Bollinger@stjude.org>wrote:
>
>
> On Apr 6, 4:16 pm, Forrie <for...@gmail.com> wrote:
> > > Sounds like a bug to me. A user with managehome => true but no
home
> > > directory should not be in sync. You may want to report this (or
vote
> on
> > > the bug if it''s been reported already).
> >
> > I wasn''t able to find a bug similar to this based on the
search
> > criteria, so I filed bug #7002.
> >
> >
> >
> > > > In a virtual user configuration, what''s the best
way to ensure that
> > > > the home directory is also present, in addition to the
/etc/passwd
> > > > entries (or, dependent on each other)?
> >
> > > I don''t understand what the user''s being
virtual has to do with this,
> > > please elaborate.
> >
> > What I mean is provided that "managehome" doesn''t
actually "manage"
> > the directory after creation, what''s a clever way to tie in
this
> > (somewhat obvious) dependency into the user creation/tracking.
> > Perhaps with some wrapper around the call.
>
>
> You are right, in the sense that you have accurately described the
> relevant part of the meaning of the "managehome" parameter.  You
are
> also right that this sense of "manage" is not quite what we
usually
> mean when we say that Puppet is managing something, thus the parameter
> does have a somewhat unfortunate name.  I don''t personally account
> this a bug, but we shall see what happens with ticket 7002.
>
>
> > > A simple workaround is to wrap the user type in your own define.
This
> > > define will manage the home dir as a file type resource and you
don''t
> > > use managehome at all. I think it''s quite common to do
that, since
> > > people probably want to ensure the existence of
.ssh/authorized_keys or
> > > similar things as well.
> >
> > Thanks, yes I think I''m going to try doing this.
>
>
> Indeed, I would not characterize this as a workaround at all.  If you
> want to manage a directory in the usual Puppet sense of the term, then
> declaring a resource for it is the standard and appropriate way to
> proceed.
>
> Do note also that User providers that support "managing" home
> directories may do more than just create that directory when the user
> is added.  In particuar, they may initially populate the directory
> with various files and subdirectories.  If you are using the
''useradd''
> provider (which is common), then you can find details in the manpage
> of the ''useradd'' program, and especially its -m option.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.