Issue #20760 has been reported by Thomas Bettray.
----------------------------------------
Bug #20760: AIX extended user attributes may not contain spaces and/or brackets
in puppet definitions
https://projects.puppetlabs.com/issues/20760
* Author: Thomas Bettray
* Status: Unreviewed
* Priority: Normal
* Assignee:
* Category:
* Target version:
* Affected Puppet version: 2.7.20
* Keywords:
* Branch:
----------------------------------------
When trying to update the extended attributes of a user, puppet will fail to
apply this if one of the present attributes contains spaces and/or brackets
(not sure which one of them breaks it...). Puppet version is 2.7.20 running on
AIX 6.1 TL8 SP2.
# lsuser test
test id=12345 pgrp=staff groups=staff home=/home/test shell=/bin/ksh login=true
su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak
ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=(VAS
OR files) logintimes= loginretries=5 pwdwarntime=7 account_locked=false
minage=0 maxage=12 maxexpired=2 minalpha=2 minother=2 mindiff=2 maxrepeats=4
minlen=7 histexpire=1 histsize=5 pwdchecks= dictionlist=/usr/local/wordlist
default_roles= fsize=-1 cpu=-1 data=262144 stack=65536 core=2097151 rss=-1
nofiles=2000 unsuccessful_login_count=2 roles=
The interesting part is the "SYSTEM=(VAS OR files)" here containing spaces and
brackets.
if trying to apply the following rules:
# cat usertest.pp
user {'test':
ensure => present,
uid => '12345',
gid => 'staff',
groups => 'staff',
home => '/home/test',
attributes => ['gecos=Test'],
}
This will fail:
# puppet apply /tmp/usertest.pp
warning: iconv doesn't seem to support UTF-8/UTF-16 conversions
notice: /Stage[main]//User[test]/home: home changed '/home/newtest' to
'/home/test'
err: /Stage[main]//User[test]/attributes: change from rlogin=true
registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7
admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536
sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes=
histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks=
data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7
dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4
unsuccessful_login_count=2 to default_roles= account_locked=false
registry=files rlogin=true minlen=7 auth1=SYSTEM fsize=-1 maxexpired=2
admin=false stack=65536 histexpire=1 auth2=NONE roles= core=2097151 cpu=-1
minalpha=2 SYSTEM=(VAS sugroups=ALL histsize=5 logintimes= rss=-1 minother=2
admgroups= daemon=true data=262144 pwdchecks= loginretries=5 nofiles=2000
mindiff=2 tpath=nosak dictionlist=/usr/local/rwe/etc/config.words pwdwarntime=7
su=true login=true gecos=Test
unsuccessful_login_count=2 maxrepeats=4 umask=22 ttys=ALL failed: Could not
set attributes on user[test]: Execution of '/usr/bin/chuser rlogin=true
registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7
admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536
sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes=
histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks=
data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7
dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4
unsuccessful_login_count=2 gecos=Test test' returned 22: Error changing
"SYSTEM" to "(VAS" : Value is invalid.
notice: Finished catalog run in 0.72 seconds
A possible workaround:
# cat usertest2.pp
user {'test':
ensure => present,
uid => '12345',
gid => 'staff',
groups => 'staff',
home => '/home/newtest',
attributes => ['gecos=Test', 'SYSTEM="(VAS OR files)"'],
}
# puppet apply /tmp/usertest2.pp
warning: iconv doesn't seem to support UTF-8/UTF-16 conversions
notice: /Stage[main]//User[test]/home: home changed '/home/test' to
'/home/newtest'
notice: /Stage[main]//User[test]/attributes: attributes changed 'rlogin=true
registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7
admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536
sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes=
histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks=
data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7
dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4
unsuccessful_login_count=2' to 'default_roles= account_locked=false
registry=files rlogin=true minlen=7 auth1=SYSTEM fsize=-1 maxexpired=2
admin=false stack=65536 histexpire=1 auth2=NONE roles= core=2097151 cpu=-1
minalpha=2 SYSTEM="(VAS OR files)" sugroups=ALL histsize=5 logintimes= rss=-1
minother=2 admgroups= daemon=true data=262144 pwdchecks= loginretries=5
nofiles=2000 mindiff=2 tpath=nosak dictionlist=/usr/local/rwe/etc/config.words
pwdwarntime=7 su=tr
ue login=true gecos=Test unsuccessful_login_count=2 maxrepeats=4 umask=22
ttys=ALL'
notice: Finished catalog run in 0.72 seconds
==>> this works.
To me it seems like puppet tries to copy the existing extended attributes and
set them again in addition to the extended attribute requested to be changed.
Unfortunately AIX extended attributes are not just
key=value
pairs but eventually
key=value with some spaces
pairs.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
