[chef] Re: Chef and LDAP Users


Chronological Thread 
  • From: Douglas Garstang < >
  • To:
  • Subject: [chef] Re: Chef and LDAP Users
  • Date: Wed, 30 Jul 2014 15:53:43 -0700

Replying to myself. :)

Actually, if I put this, at the very end of the LDAP recipe...

bash "foo1" do
    user "root"
    code <<-EOF
        getent passwd doug > /tmp/foo1
    EOF
end

bash "foo" do
    user "doug"
    code <<-EOF
        touch /tmp/FILE
    EOF
end


The contents of the file /tmp/foo1 have:

tmp]# cat foo1
doug:x:1097:2299:Doug Garstang ops team:/home/doug:/bin/bash


which would tend to indicate to me that LDAP is functional. However, the very next bash block fails. Chef reports:

"can't find user for doug"

So, the user seems to exist for the system, but not for chef.

Thanks,
Doug.




On Wed, Jul 30, 2014 at 3:39 PM, Douglas Garstang < " target="_blank"> > wrote:
All,

I have a recipe that configures LDAP, and that's working fine. I have another recipe that runs afterwards in the run list that tries to configure individual users authorized_keys file etc.

Chef complains that the user doesn't exist. However, if I log into the VM where this happens, I can query the user and everything is fine. If I run the chef client again, the error does not happen.

I initially thought it might have been a sssd/nscd caching issue so I disabled those. Did not help. I also put a 30 second sleep in. Also did not help.

I am wondering if this could be some sort of compile/converge issue where chef is looking at the recipe, and checking if the users exist before it runs. That could explain why it works a second time, but fails on the first since LDAP hasn't been configured yet.

Here's the second recipe, the one that tries to perform user operations after LDAP is configured.

include_recipe "foo-ldap"

bag = data_bag("ssh-keys")
for item in bag do
    user = data_bag_item('ssh-keys', item)
    user_id = user['id']
    group_id = user['group']

    bash "foo" do
        user "#{user_id}"
        code <<-EOF
        touch /tmp/FILE
        EOF
    end

    directory "/home/#{user_id}" do
        action :create
        owner "#{user_id}"
        group "#{group_id}"
        recursive true
    end

    directory "/home/#{user_id}/.ssh" do
        action :create
        owner "#{user_id}"
        group "#{group_id}"
        recursive true
    end

end

Unfortunately, I'm pretty sure that Noah Kantrowitz, who seems to have a rather vehement dislike of me personally will probably find fault with this question. Apologies in advance to readers of that thread if that happens. He will probably say that I have already asked this question in the IRC channel. I asked a similar question. He summarily dismissed me when I asked again with added information.

Regards,
Douglas Garstang




--
Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: ">
Cell: +1-805-340-5627



Archive powered by MHonArc 2.6.16.

§