[chef] Re: Re: Re: Re: Creating authorized_keys for LDAP users.


Chronological Thread 
  • From: Douglas Garstang < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Creating authorized_keys for LDAP users.
  • Date: Mon, 26 Jan 2015 15:52:30 -0800

David,

I'm using the standard LDAP cookbook for Ubuntu. I don't have a lot of control over how it does restarts. I do have the ohai reload at the end of my wrapper cookbook, so that should yield the same result as having it inside the upstream cookbook.

If the users aren't immediately available after the LDAP cookbook has run, it sounds like a bug with the LDAP cookbook.

Doug.

On Mon, Jan 26, 2015 at 3:47 PM, David Petzel < " target="_blank"> > wrote:
I don't believe so, if you are on the node itself, you'd have access to attributes even before the node has been saved. The situation you describe would apply to other nodes looking at this nodes data.

This really sounds like an Ohai race condition. In your case the second run now has LDAP enabled properly so Ohai is able to detect the users. Does your LDAP recipe restart any services? Are those services restarted delayed or immediate?  If you have any delayed restarts in that recipe immediate might help here. Without knowing what the recipe its a little hard, but maybe add a notification on your last resource in your ldap recipe to call the ohai reload similar to the second example in https://docs.chef.io/resource_ohai.html#examples.



What I am seeing, (I'm using vagrant), is that on the first chef run, the LDAP users are not in in the node structure. However, if I reprovision, (without making any changes), then the users ARE there.

In hindsight, isn't this just the typical node[] not being populated until after the chef run issue?





--



Archive powered by MHonArc 2.6.16.

§