Ask Your Question
0

Puppet Agent requires restart before picking up LDAP changes

asked 2016-05-04 15:20:05 -0500

mikachewie gravatar image

updated 2016-05-04 15:21:16 -0500

This has been a reoccurring issue with the Puppet Agent.

Everything works fine in Ubuntu 14.04.

We are launching a new Ubuntu 16.04 instance and installing the most recent Xenial-Puppet agent ( http://apt.puppetlabs.com/puppetlabs-...).

$ puppet --version
4.4.2

Our freeipa module runs and mirrors our config on Ubuntu 16.4. During a Puppet run, I even have it run an exec AFTER freeipa is finished being configured that successfully returns "getent passwd test_user" and it will return the correct user.

Run Down --->

  file { '/etc/test_dirt':
    ensure => 'directory',
    owner  => 'test_user',
    group  => 'test_user,
    mode   => '0750',
  }

Error: Could not set 'present' on ensure: Could not find user test_user

$ getent passwd test_user    
test_user:*:709600016:709600016:Testy Testles:/nethome/test_user:/bin/bash

Then, of course, on the next manual run -- everything is hunkadory and it can set the user/group correctly. Which means it's requiring two runs -- which is a pretty big problem for our auto-scale in.

Anyone else have this struggle + a workaround?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-04 19:02:13 -0500

DarylW gravatar image

updated 2016-05-04 19:31:40 -0500

We've seen a similar issue, the problem is that ldap is done via a pam module, and until the thread is restarted, the process can't access the same information. Our only solution is to run puppet twice in our initial user_data. The second run doesn't take very long, but is not idempotent.

The only other option is to configure it specifically on it's own in a 'smaller' puppet run that only sets up ldap (diferent environment?), and follow it up with your full puppet run.

Reading though links of links you provided, I did find someone's 'workaround'

https://github.com/seanscottking/chownwinbindhomedirs.sh

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2016-05-04 15:20:05 -0500

Seen: 42 times

Last updated: May 04 '16