hyzhang
2011-Apr-15 20:34 UTC
[Puppet Users] puppet can not set password for a local user account. Plus puppet can not add members to a group
Hi,
I try to create a user account for example test1 and set the password
for it. Both puppet master and client are CentOS 5.5.
My code on master:
class localaccountmgmt {
user { ''test1'':
allowdupe => ''true'',
ensure => ''present'',
gid => ''60'',
home => ''/opt/home/test1'',
shell => ''/bin/bash'',
uid => ''120'',
managehome => ''true'',
password => ''$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0''
}
group { ''group1'':
ensure => ''present'',
gid => ''10'',
members => ''test1,test2,test3, test4''
}
}
The password is a encrypted version of the real password that I copied
from the /etc/shadow for the same user from another machine.
I restarted puppet daemon from my puppet test client. the test1 user
and its home directory and group group1 are created successfully. But
the password is not working. And the group group1 does not have any
members.
Does anyone have the problem before? Is this some problem with puppet
itself?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
chakkerz
2011-Apr-15 21:49 UTC
[Puppet Users] Re: puppet can not set password for a local user account. Plus puppet can not add members to a group
It should work (great i know). First think i notice is that your code
is missing the comma on the last argument, though that isn''t a show
stopper and rather a style issue.
Also, you should probably add a require => Group["group1"], to your
user.
On my system it''s unhappy about your group number 10 so i changed that
to 101, and then it complains about group number 60 (for the user) so
i made that 101. And of course i didn''t have /opt/home ... but then:
[root@sl6repo yum.repos.d]# egrep "test1|group1" /etc/
{passwd,shadow,group}
/etc/passwd:test1:x:120:101::/opt/home/test1:/bin/bash
/etc/shadow:test1:$1$E/GiXjje$cd3/
noPMwSCtyaD9QFG0s0:15079:0:99999:7:::
/etc/group:group1:x:101:
here is your modified code:
user { ''test1'':
allowdupe => ''true'',
ensure => ''present'',
gid => ''101'',
home => ''/opt/home/test1'',
shell => ''/bin/bash'',
uid => ''120'',
managehome => ''true'',
password => ''$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0'',
require => Group["group1"],
}
group { ''group1'':
ensure => ''present'',
gid => ''101'',
members => ''test1,test2,test3, test4''
}
though I''m on puppet 2.6 and a Scientific Linux 6.0 system ... the
same thing works fine on RHEL5.5 5.6 6.0 with puppet 25.* and 2.6.* .
Cheers
chakkerz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
hyzhang
2011-Apr-17 01:35 UTC
[Puppet Users] Re: puppet can not set password for a local user account. Plus puppet can not add members to a group
Hey Post back to the group .. you''ll probably get more out of it :) Anyways, on that page you linked to , there is a table: http://docs.puppetlabs.com/references/latest/type.html#user-3 You are using the useradd provider because puppet is using that provider behind the scenes. I know it sounds contrived, but all it''s doing is what you would do manually if you used useradd (the command). Also, i doubt you can set group members that don''t exist on the host. OK ... two thoughts 1) on RHEL5.5 and 5.6 I''ve seen puppet not be able to change a user straight away ... its quirky and odd, and I wonder if I''m just insane, but when i change a comment it doesn''t always work straight away. Try restarting the puppetmaster (server) and the puppetd service (client). 2) try removing the user from the system (vipw or userdel) ... and a third thing: 3) your UID is below 500 which is considered a system/service user . Try either raising it above 500 OR add system => true, ... I haven''t got a CentOS or RHEL 5.x handy, or a puppet 0.25.x so I can''t check if there is a different behaviour there that isn''t in RHEL6 with puppet 2.6 ... Good Luck On Apr 15, 5:49 pm, chakkerz <chakk...@gmail.com> wrote:> It should work (great i know). First think i notice is that your code > is missing the comma on the last argument, though that isn''t a show > stopper and rather a style issue. > > Also, you should probably add a require => Group["group1"], to your > user. > > On my system it''s unhappy about your group number 10 so i changed that > to 101, and then it complains about group number 60 (for the user) so > i made that 101. And of course i didn''t have /opt/home ... but then: > > [root@sl6repo yum.repos.d]# egrep "test1|group1" /etc/ > {passwd,shadow,group} > /etc/passwd:test1:x:120:101::/opt/home/test1:/bin/bash > /etc/shadow:test1:$1$E/GiXjje$cd3/ > noPMwSCtyaD9QFG0s0:15079:0:99999:7::: > /etc/group:group1:x:101: > > here is your modified code: > user { ''test1'': > allowdupe => ''true'', > ensure => ''present'', > gid => ''101'', > home => ''/opt/home/test1'', > shell => ''/bin/bash'', > uid => ''120'', > managehome => ''true'', > password => ''$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0'', > require => Group["group1"], > } > > group { ''group1'': > ensure => ''present'', > gid => ''101'', > members => ''test1,test2,test3, test4'' > } > > though I''m on puppet 2.6 and a Scientific Linux 6.0 system ... the > same thing works fine on RHEL5.5 5.6 6.0 with puppet 25.* and 2.6.* . > > Cheers > chakkerz-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2011-Apr-18 13:41 UTC
[Puppet Users] Re: puppet can not set password for a local user account. Plus puppet can not add members to a group
On Apr 15, 3:34 pm, hyzhang <hyzh...@jcvi.org> wrote:> I try to create a user account for example test1 and set the password > for it. Both puppet master and client are CentOS 5.5. > > My code on master: > > class localaccountmgmt { > user { ''test1'': > allowdupe => ''true'', > ensure => ''present'', > gid => ''60'', > home => ''/opt/home/test1'', > shell => ''/bin/bash'', > uid => ''120'', > managehome => ''true'', > password => ''$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0'' > } > > group { ''group1'': > ensure => ''present'', > gid => ''10'', > members => ''test1,test2,test3, test4'' > } > > } > > The password is a encrypted version of the real password that I copied > from the /etc/shadow for the same user from another machine. > > I restarted puppet daemon from my puppet test client. the test1 user > and its home directory and group group1 are created successfully. But > the password is not working. And the group group1 does not have any > members.Do read the reference on resource types (http://docs.puppetlabs.com/ references/latest/type.html) when you''re having trouble with specific resources in your manifests (if not sooner). If you do so now, you will see that most Group providers do not manage group membership; this is reflective of differences in system-specific auth infrastructure. On most systems, including CentOS, secondary group membership is specified on a per-user basis via User''s "groups" property. Do consult the type reference here, especially about the difference between the "gid" and "groups" properties. As for the password, do you have package "ruby-shadow" installed on the client, before starting puppetd? You probably need it to enable Puppet to actually manage passwords. If it''s missing then puppetd will emit a warning message at startup (maybe just when --debug output is enabled), but it will still run successfully in most respects. Also, I would be surprised if Puppet''s --debug output did not have something illuminating to say specifically about why it was unable to set the particular password. If you need further assistance, then the debug-level log output from the client will probably help us help you. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.