[chef] Chef and LDAP Users

[Douglas Garstang < >]

All,

I have a recipe that configures LDAP, and that's working fine. I have another recipe that runs afterwards in the run list that tries to configure individual users authorized_keys file etc.

Chef complains that the user doesn't exist. However, if I log into the VM where this happens, I can query the user and everything is fine. If I run the chef client again, the error does not happen.

I initially thought it might have been a sssd/nscd caching issue so I disabled those. Did not help. I also put a 30 second sleep in. Also did not help.

I am wondering if this could be some sort of compile/converge issue where chef is looking at the recipe, and checking if the users exist before it runs. That could explain why it works a second time, but fails on the first since LDAP hasn't been configured yet.

Here's the second recipe, the one that tries to perform user operations after LDAP is configured.

include_recipe "foo-ldap"

bag = data_bag("ssh-keys")
for item in bag do
    user = data_bag_item('ssh-keys', item)
    user_id = user['id']
    group_id = user['group']

    bash "foo" do
        user "#{user_id}"
        code <<-EOF
        touch /tmp/FILE
        EOF
    end

    directory "/home/#{user_id}" do
        action :create
        owner "#{user_id}"
        group "#{group_id}"
        recursive true
    end

    directory "/home/#{user_id}/.ssh" do
        action :create
        owner "#{user_id}"
        group "#{group_id}"
        recursive true
    end

end

Unfortunately, I'm pretty sure that Noah Kantrowitz, who seems to have a rather vehement dislike of me personally will probably find fault with this question. Apologies in advance to readers of that thread if that happens. He will probably say that I have already asked this question in the IRC channel. I asked a similar question. He summarily dismissed me when I asked again with added information.

Regards,
Douglas Garstang