Notice: /Stage[main[/ppusers::dummy/User[dummy]/groups: groups

2014-07-08

t.duis gravatar image

Notice: /Stage[main[/ppusers::dummy/User[dummy]/groups: groups changed 'dialout,video,dialout,video; to 'dialout,video'

This is on SLES11 SP2 (x64) platform and every run it tries to fix what is not broken.

I have upgraded to PE 3.4.3 (Puppet Enterprise 3.2.3) both agent and server.

Please am i the only with this 'feature'?

2 Answers

2014-07-14

Stefan gravatar image

can you please post the output of getent group|grep dummy? It looks like certain groups appear twice in /etc/groups and that's why puppet counts the membership twice. Now when puppet tries to change the group memberships, it will run usermod -G ... but usermod only operates on the first group it finds.

So please check your /etc/groups file. If it does indeed have duplicate group entries, remove them.

2014-07-15

t.duis gravatar image

updated 2014-07-15 02:21:27 -0600

getent group|grep -i video



So youre right it produces double groups, but in /etc/group there are not double groups and the user is not twice member of the group.

puppet resource user dummy

user { 'dummy':
  ensure           => 'present',
  comment          => 'ssh tunnel',
  gid              => '7115',
  groups           => ['dialout', 'video', 'dialout', 'video'],
  home             => '/opt/ssht1278',
  password         => '!',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/false',
  uid              => '1111',

Strange 'bug' on CentOS this gives no problem. Response from puppetlabs is is /etc/nsswitch and after changing:

group:  compat files ldap


group: files ldap

fixes this issue. As we are using ldap for IDM accounts we need to test....

