Issue #20760 has been updated by Thomas Bettray.
sorry for this bad formatting - I am new to redmine... ---------------------------------------- Bug #20760: AIX extended user attributes may not contain spaces and/or brackets in puppet definitions https://projects.puppetlabs.com/issues/20760#change-91098 * Author: Thomas Bettray * Status: Unreviewed * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: 2.7.20 * Keywords: * Branch: ---------------------------------------- When trying to update the extended attributes of a user, puppet will fail to apply this if one of the present attributes contains spaces and/or brackets (not sure which one of them breaks it...). Puppet version is 2.7.20 running on AIX 6.1 TL8 SP2. # lsuser test test id=12345 pgrp=staff groups=staff home=/home/test shell=/bin/ksh login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=(VAS OR files) logintimes= loginretries=5 pwdwarntime=7 account_locked=false minage=0 maxage=12 maxexpired=2 minalpha=2 minother=2 mindiff=2 maxrepeats=4 minlen=7 histexpire=1 histsize=5 pwdchecks= dictionlist=/usr/local/wordlist default_roles= fsize=-1 cpu=-1 data=262144 stack=65536 core=2097151 rss=-1 nofiles=2000 unsuccessful_login_count=2 roles= The interesting part is the "SYSTEM=(VAS OR files)" here containing spaces and brackets. if trying to apply the following rules: # cat usertest.pp user {'test': ensure => present, uid => '12345', gid => 'staff', groups => 'staff', home => '/home/test', attributes => ['gecos=Test'], } This will fail: # puppet apply /tmp/usertest.pp warning: iconv doesn't seem to support UTF-8/UTF-16 conversions notice: /Stage[main]//User[test]/home: home changed '/home/newtest' to '/home/test' err: /Stage[main]//User[test]/attributes: change from rlogin=true registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7 admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536 sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes= histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks= data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7 dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4 unsuccessful_login_count=2 to default_roles= account_locked=false registry=files rlogin=true minlen=7 auth1=SYSTEM fsize=-1 maxexpired=2 admin=false stack=65536 histexpire=1 auth2=NONE roles= core=2097151 cpu=-1 minalpha=2 SYSTEM=(VAS sugroups=ALL histsize=5 logintimes= rss=-1 minother=2 admgroups= daemon=true data=262144 pwdchecks= loginretries=5 nofiles=2000 mindiff=2 tpath=nosak dictionlist=/usr/local/rwe/etc/config.words pwdwarntime=7 su=true login=true gecos=Test unsuccessful_login_count=2 maxrepeats=4 umask=22 ttys=ALL failed: Could not set attributes on user[test]: Execution of '/usr/bin/chuser rlogin=true registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7 admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536 sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes= histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks= data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7 dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4 unsuccessful_login_count=2 gecos=Test test' returned 22: Error changing "SYSTEM" to "(VAS" : Value is invalid. notice: Finished catalog run in 0.72 seconds A possible workaround: # cat usertest2.pp user {'test': ensure => present, uid => '12345', gid => 'staff', groups => 'staff', home => '/home/newtest', attributes => ['gecos=Test', 'SYSTEM="(VAS OR files)"'], } # puppet apply /tmp/usertest2.pp warning: iconv doesn't seem to support UTF-8/UTF-16 conversions notice: /Stage[main]//User[test]/home: home changed '/home/test' to '/home/newtest' notice: /Stage[main]//User[test]/attributes: attributes changed 'rlogin=true registry=files account_locked=false default_roles= auth1=SYSTEM minlen=7 admin=false maxexpired=2 fsize=-1 auth2=NONE histexpire=1 stack=65536 sugroups=ALL SYSTEM=(VAS minalpha=2 cpu=-1 core=2097151 roles= logintimes= histsize=5 daemon=true admgroups= minother=2 rss=-1 loginretries=5 pwdchecks= data=262144 tpath=nosak mindiff=2 nofiles=2000 login=true su=true pwdwarntime=7 dictionlist=/usr/local/rwe/etc/config.words ttys=ALL umask=22 maxrepeats=4 unsuccessful_login_count=2' to 'default_roles= account_locked=false registry=files rlogin=true minlen=7 auth1=SYSTEM fsize=-1 maxexpired=2 admin=false stack=65536 histexpire=1 auth2=NONE roles= core=2097151 cpu=-1 minalpha=2 SYSTEM="(VAS OR files)" sugroups=ALL histsize=5 logintimes= rss=-1 minother=2 admgroups= daemon=true data=262144 pwdchecks= loginretries=5 nofiles=2000 mindiff=2 tpath=nosak dictionlist=/usr/local/rwe/etc/config.words pwdwarntime=7 su=tr ue login=true gecos=Test unsuccessful_login_count=2 maxrepeats=4 umask=22 ttys=ALL' notice: Finished catalog run in 0.72 seconds ==>> this works. To me it seems like puppet tries to copy the existing extended attributes and set them again in addition to the extended attribute requested to be changed. Unfortunately AIX extended attributes are not just key=value pairs but eventually key=value with some spaces pairs. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
