endHere's the second recipe, the one that tries to perform user operations after LDAP is configured.I initially thought it might have been a sssd/nscd caching issue so I disabled those. Did not help. I also put a 30 second sleep in. Also did not help.All,Chef complains that the user doesn't exist. However, if I log into the VM where this happens, I can query the user and everything is fine. If I run the chef client again, the error does not happen.
I have a recipe that configures LDAP, and that's working fine. I have another recipe that runs afterwards in the run list that tries to configure individual users authorized_keys file etc.
I am wondering if this could be some sort of compile/converge issue where chef is looking at the recipe, and checking if the users exist before it runs. That could explain why it works a second time, but fails on the first since LDAP hasn't been configured yet.
include_recipe "foo-ldap"
bag = data_bag("ssh-keys")
for item in bag do
user = data_bag_item('ssh-keys', item)
user_id = user['id']
group_id = user['group']
bash "foo" do
user "#{user_id}"
code <<-EOF
touch /tmp/FILE
EOF
end
directory "/home/#{user_id}" do
action :create
owner "#{user_id}"
group "#{group_id}"
recursive true
end
directory "/home/#{user_id}/.ssh" do
action :create
owner "#{user_id}"
group "#{group_id}"
recursive true
endUnfortunately, I'm pretty sure that Noah Kantrowitz, who seems to have a rather vehement dislike of me personally will probably find fault with this question. Apologies in advance to readers of that thread if that happens. He will probably say that I have already asked this question in the IRC channel. I asked a similar question. He summarily dismissed me when I asked again with added information.
Regards,
Douglas Garstang
Archive powered by MHonArc 2.6.16.