General discussion about Chef

[chef] Re: Re: RE: Re: Re: Re: Re: How to detect user does exist?


Chronological Thread 
  • From: Michael Glenney < >
  • To: " " < >
  • Subject: [chef] Re: Re: RE: Re: Re: Re: Re: How to detect user does exist?
  • Date: Mon, 2 Mar 2015 08:31:13 -0700
If a node is in ec2 it'll have an ec2 attribute.  So you can just do:

group "sensu" do

  action :modify

  members "vagrant"

  append true

  not_if node['ec2']

end

You could also use chef sugar (https://github.com/sethvargo/chef-sugar) to check and see if you're using vagrant

group "sensu" do

  action :modify

  members "vagrant"

  append true

  only_if { vagrant? }

end

https://github.com/sethvargo/chef-sugar#vagrant


Mike G.

New Context



On Sun, Mar 1, 2015 at 10:40 PM, Matthew Moretti < " target="_blank"> > wrote:

I agree on both counts. Etc.endpwent is required; I missed that. And, I also agree that this probably isn’t the right tool for the job. I think the first solution posed is better.

As far as nsswitch goes, it looks like the Ruby library interacts with the glibc function of the same name, whose documentation does imply that it’ll look in NIS, LDAP, etc. So…maybe?

Matt


On Sun, Mar 1, 2015 at 11:42 PM, Kevin Keane Subscription < " target="_blank"> > wrote:

Looking over the documentation, I think this code has a file handle leak; you are supposed to call Etc.endpwent() to close the file.

It looks to me like the Etc module is too low-level to be appropriate for this use case. Also, the documentation is not clear on whether it uses nsswitch, or reads /etc/passwd directly. Using nsswitch would pick up users from sources like LDAP, winbindd or other sources.

Kevin Keane

The NetTech

http://www.4nettech.com

Our values: Privacy, Liberty, Justice

See https://www.4nettech.com/corp/the-nettech-values.html


-----Original message-----
From: Matthew Moretti < " target="_blank"> >
Sent: Sunday 1st March 2015 19:54
To: " target="_blank">
Subject: [chef] Re: Re: Re: Re: How to detect user does exist?

Documentation for Ruby’s ‘Etc’ module is here. You could use it in place of your shell guard like so:

group "sensu" do
  action :modify
  members "vagrant"
  append true
  only_if { Etc.getpwnam('vagrant') rescue false }
end

The “rescue” is required because .getpwnam raises an exception if the user can’t be found. If you want to avoid the sin of in-line “rescue”, this is a bit better:

group "sensu" do
  action :modify
  members "vagrant"
  append true
  only_if do
    begin
      Etc.getpwnam('vagrant')
    rescue ArgumentError
      false
    end
  end
end

I’ll be honest, I prefer the “getent passwd vagrant” solution more. It’s easier to read, and isn’t any less efficient or more platform dependent than the Ruby solution as far as I can tell.

Matt Moretti


On Sun, Mar 1, 2015 at 8:47 PM, Anthony Kong < " title="This external link will open in a new window" target="_blank"> > wrote:
Hi Mark,

Can you shed more light on it? Do you have a url to the documentation or some example?

Cheers,


Tony Kong


Don’t EVER make the mistake that you can design something better than what you get from ruthless massively parallel trial-and-error with a feedback cycle. That’s giving your intelligence much too much credit.

- Linus Torvalds


On Mon, Mar 2, 2015 at 4:12 AM, Mark Pimentel < " title="This external link will open in a new window" target="_blank"> > wrote:

For a more ruby-esque way you can use the built-in method Etc.

On Feb 28, 2015 5:56 PM, "Eric Helgeson" < " title="This external link will open in a new window" target="_blank"> > wrote:
Hey Anthony,

You can use a guard in this case to check and execute the resource 'only_if' the condition is true. You can use ruby or specify a command.

```
$ cat test.rb
group "sensu" do
  action :modify
  members "vagrant"
  append true
  only_if "getent passwd vagrant"
end

$ chef-apply test.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
  * group[sensu] action modify (skipped due to only_if)
```


HTH​


On Sat, Feb 28, 2015 at 4:42 PM, Anthony Kong < " title="This external link will open in a new window" target="_blank"> > wrote:

Hi 

I have this definition on my cookbook

group "sensu" do

  action :modify

  members "vagrant"

  append true

end


it will throw an exception when I run it on ec2 because there is no user vagrant

How can I avoid the exception? Is there any way to detect the user exist? I have checked the doc https://docs.chef.io/resource_group.html but there is nothing obvious

Cheers,  






Archive powered by MHonArc 2.6.16.

§