The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Feature #8081

Need user provider to work with NIS

Added by Andreas Kuntzagk over 3 years ago. Updated over 2 years ago.

Status:Needs More InformationStart date:06/24/2011
Priority:NormalDue date:
Assignee:Andreas Kuntzagk% Done:

0%

Category:-
Target version:-
Affected Puppet version:2.6.8 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

have this resource definition:

ssh_authorized_key { "nagios@login2":
key   => [REDACTED]
user    => "nagios",
type    => "ssh-dss",
require => Service['nis'],
}

This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an “User does not exist”.

daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' >> '/etc/sudoers']/returns) executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true
... 

This is the info I got on ML:

Its just using the Ruby Etc library to do the lookup according to puppet/util/posix.rb. Which won’t match NIS accounts.

History

#1 Updated by Andreas Kuntzagk over 3 years ago

  • Affected Puppet version set to 2.6.8

#2 Updated by James Turnbull over 3 years ago

  • Status changed from Unreviewed to Needs Decision
  • Assignee set to Nigel Kersten

#3 Updated by Nigel Kersten over 2 years ago

  • Assignee changed from Nigel Kersten to eric sorenson

#4 Updated by eric sorenson over 2 years ago

  • Status changed from Needs Decision to Needs More Information
  • Assignee changed from eric sorenson to Andreas Kuntzagk

I don’t think this requires code changes in Puppet. I’ve certainly used puppet to configure user-owned home directories and dot-files when the users were not in /etc/passwd, though I used ldap rather than NIS. The thing I found though, was that changing nsswitch.conf and restarting nscd introduced a race in puppet, where the init.d restarts would return back to puppet before the service was actually working, causing exactly this error.

If this is still an issue for you, can you see if something like this is going on with NIS by adding a restart => /usr/local/bin/myrestartscript attribute on the Service[nis] resource which calls out to the real restart script and does a little sleep/retry loop on id nagios ?

Also available in: Atom PDF