Craig Box
2010-Jul-11 21:16 UTC
[Puppet Users] Adding external users, and home directories that depend on them, in the same run
I am using Puppet to configure Ubuntu machines as LDAP clients, which makes a variety of external users available to my machines, and then attempting to create home directories with SSH keys for some of those users that I have just ''added''. (At this point we are not sharing/ automounting /home.) The basic order of action is this: - install libnss-ldapd, which depends on/starts nscd/nslcd - install ldap-auth-config & various config files - run auth-client-config, which sets up the PAM config files to include LDAP users (1) - restart nscd (2) - create homedirs for LDAP users If I run these steps manually, at point (1) I can get results from ''getent passwd'' that include LDAP users, but I can''t su to an LDAP user. If I then restart nscd — it''s not enough to just invalidate the cache — I can then su. I have a carefully constructed set of require/notify resources which causes all the right actions to happen, but every time I run Puppet (puppetd --test), I get told the user does not exist: err: //homedirs/Homedirectory[example]/File[/home/example]/ensure: change from absent to directory failed: Could not set directory on ensure: Could not find user example at /etc/puppet/modules/homedirs/ manifests/init.pp:37 At this point though, I *can* su to the example user. If I then run puppet again, it sometimes fails on a second time through, but oddly always works by the third. At point (2) I have a Service resource to restart nscd, and have even caused it to Exec a sleep of up to 15 seconds afterwards - no change. This leads me to wonder if the state of the users that exist is calculated/cached at the beginning of puppet''s run, and won''t be updated during, if something happens to change the state. Is this likely, and if so, what could I do to work around it? Thanks Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Craig Box
2010-Jul-11 22:05 UTC
[Puppet Users] Re: Adding external users, and home directories that depend on them, in the same run
A small update: turns out nscd is optional, so I''ve set apt to not require recommends, and now I can get this sequence: - install libnss-ldapd, libpam-ldapd and nslcd - install ldap-auth-config & various config files - run auth-client-config, which sets up the PAM config files to include LDAP users (1) - create homedirs for LDAP users Failure case is otherwise still the same. Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.