[chef] Re: Re: Re: sssd pam interface problems

[AJ Christensen < >]

lol?

http://www.opscode.com/careers/

--AJ

On 16 February 2013 22:23, Justin Alan Ryan 
<
 >
 wrote:
> I thought PagerDuty was gonna hire me, have under 4k in the bank, let me 
> know if opscode has an opening.
>
> 415-852-1889.
>
> Sent by Awesome.
>
> On Feb 15, 2013, at 6:21 AM, Sean OMeara 
> <
 >
>  wrote:
>
>> RIght now, unfortunately, you will have to do it over multiple runs.
>>
>> This is a good use case for "phases", as talked about a few weeks ago
>> on the mailing list.
>>
>> -s
>>
>> On Fri, Feb 15, 2013 at 6:45 AM,  
>> <
 >
>>  wrote:
>>>
>>> We decided to implement ldap authorization on our environment and faced 
>>> some
>>> problems during the process.
>>>
>>> Brief info:
>>>
>>> We have chef server and cookbooks which serving ldap client and server.
>>> OS:Centos 6.3 x86_64
>>>
>>> On our ldap server we have slapd daemon which configures throw 
>>> chef-client.With
>>> this we don't have any problems.
>>> On our client side we have sssd daemon which provides NSS and PAM 
>>> interface
>>> toward the system.
>>>
>>> Situation:
>>> We have for a example new server.
>>> To bootstrap it we execute chef-client on it.
>>> Everything is fine.But then it starts to process ldap_client cookbook,
>>> it installs daemon and it's config file then restarts it.
>>> After this it process ssh cookbook which process data_bag and creates
>>> required home directory,creates ssh keys,and change ownership.
>>>
>>> During 1st run when sssd daemon wasn't started and pam interface wasn't
>>> provided
>>> so instead this :
>>> ls -all /home:
>>> drwxr-xr-x 3 user1 user1 4096 Feb 15 10:30 user1
>>> drwxr-xr-x 3 user2 user2 4096 Feb 15 10:30 user2
>>>
>>> we have this:
>>> drwxr-xr-x 3 root root 4096 Feb 15 10:30 user1
>>> drwxr-xr-x 3 root root 4096 Feb 15 10:30 user2
>>>
>>> It is happening because sssd daemon was stopped and new pam interface
>>> wasn't provided,so current chef-run couldn't contact our ldap server.
>>>
>>> BUT when we execute chef-client second time and sssd is running
>>> we receive desired result:
>>> drwxr-xr-x 3 user1 user1 4096 Feb 15 10:30 user1
>>> drwxr-xr-x 3 user2 user2 4096 Feb 15 10:30 user2
>>>
>>> Ownership of the home directories are correct.
>>> Output:
>>>
>>>    create new directory /home/user1/.ssh[2013-02-15T11:13:14+02:00] INFO:
>>> directory[/home/user1/.ssh] owner changed to 5001
>>>    [2013-02-15T11:13:14+02:00] INFO: directory[/home/user1/.ssh] group 
>>> changed
>>> to 5001
>>>    [2013-02-15T11:13:14+02:00] INFO: directory[/home/user1/.ssh] mode 
>>> changed
>>> to 700
>>>
>>>    change mode from '' to '0700'
>>>    change owner from '' to 'user1'
>>>    change group from '' to 'user1'
>>>
>>> So the question is:
>>> is it possible during chef-client run somehow reinit it's resources so it 
>>> could
>>> know about new PAM interface?
>>>
>>> P.S:Sorry for my bad english