Hi Randy,
We are experiencing this very same issue and were recently looking for a solution. We use centrify to pull in AD accounts for authorization. The nodes are pulling in tons of data for all of these user groups and accounts.
If we're not doing anything with specific user accounts in recipes/templates, should we be safe to just disable the Ohai plugin that pulls in the user accounts from AD?
Ian D. Rossi
CD - Server Infrastructure
Phone 23834
From: Van Fossan,Randy [ " target="_blank"> ]
Sent: Wednesday, March 28, 2012 11:10 AM
To: " target="_blank">
Subject: [chef] ohai, number ldap accounts
Fellow chef’s,
I have a question about ldap accounts that ohai pulls down. We are a large shop with thousands of servers and we have a large number of ldap accounts (only a few are currently managed by chef). As per the issue in OHAI-165, I believe it may be affecting performance on our chef server.
One solution proffered is to place Ohai::Config[:disabled_plugins] = [ "passwd" ] in the client config to disable this. However, if we do this, won’t the ldap accounts be unavailable in resources? Meaning, If I assign the ownership of a file to an ldap account in a file resource, won’t that cause a failure. This since chef will not know anything about that account..
file “/tmp/myfile” do
owner “ldapacct1”
group “ldapgroup1”
mode "0600"
end
http://tickets.opscode.com/browse/OHAI-165
Anyone have any guidance on this issue? I would like to keep all the ldap info out of ohai, but still be able to use ldap accounts in a resource.
Thanks
Randy
Archive powered by MHonArc 2.6.16.