Issue #14245 has been updated by Timur Batyrshin.
Status changed from Rejected to Re-opened
I don't care too much about ralsh output (I've just put it here to show the
case and describe the cause for the following) so I'll agree with you here.
However the issue here is puppet action which should not be committed at all
without regard to its cause:
notice: /Stage[main]/Tomcat/User[tomcat7]/groups: groups changed
'ssl-user,ssl-user' to 'ssl-user'
According to docs when membership is set to minimum puppet includes the user
into the groups listed and does nothing if the user is already member of this
groups. But in this case it tries to do some actions to the user when he is
already a member of the group specified which is wrong.
----------------------------------------
Bug #14245: Ralsh duplicates groups when found in several nss backends.
https://projects.puppetlabs.com/issues/14245#change-61979
Author: Timur Batyrshin
Status: Re-opened
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
When a user is found in several nss group backends ralsh shows it as being
included into a group more than once and puppet continually tries to remove the
user from that group.
To clarify:
I have a following resource in my manifest:
<pre>
user { 'tomcat7':
groups => 'ssl-user',
}
</pre>
Until recently everything was just fine but lately the following actions began
to appear:
<pre>
notice: /Stage[main]/Tomcat/User[tomcat7]/groups: groups changed
'ssl-user,ssl-user' to 'ssl-user'
</pre>
The reason for that behaviour turned out to be the following line in
/etc/nsswitch.conf:
<pre>
root@susegrp1:~# cat /etc/nsswitch.conf | grep group
group: files ldap compat
</pre>
When I remove the line everything returns back to normal way.
Here is the output of actual state of resource on the system and as seen by
puppet:
<pre>
root@susegrp1:~# id tomcat7
uid=108(tomcat7) gid=114(tomcat7) groups=301(ssl-user),114(tomcat7)
root@susegrp1:~# getent group | grep ssl-user
ssl-user:x:301:tomcat7
ssl-user:x:301:tomcat7
root@susegrp1:~# ralsh user tomcat7
warning: User tomcat7 found in both useradd and useradd; skipping the useradd
version
user { 'tomcat7':
ensure => 'present',
gid => '114',
groups => ['ssl-user', 'ssl-user'],
home => '/usr/share/tomcat7',
password => '*',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/false',
uid => '108',
}
</pre>
I've reproduced this on puppet version 2.7.11-13 and not tested others.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
