[Puppet-dev] Fwd: Adding users (in hiera) to multiple groups fails for OEL 5 and OEL 6

Wed, 05 Dec 2012 17:33:19 -0800 

Hi,

Apologies if this should have been pointed at puppet-users in first
instance.

I've noticed what I believe to be a bug relating to adding a user to
multiple groups using hiera. Target o/s are Oracle Enterprise Linux 5.5 and
6. Apologies that I do not have a RHEL system to also test against.

My hiera extract is as follows;

  stephen:
    uid: 1003
    gid: stephen
    groups: -* dip,ftp,lock*


puppet agent -tv

err: Failed to apply catalog: Parameter groups failed: Group names must be
provided as an array, *not a comma-separated list.*

BUT

  stephen:
    uid: 1003
    gid: stephen
    groups: - *dip ftp lock*

err: /Stage[main]/Afg_adminusers/User[stephen]/ensure: change from absent
to present failed: Could not create user stephen: Execution of
'/usr/sbin/useradd -u 1003 -g stephen -*G dip ftp lock* -M stephen'
returned 6: useradd: unknown group dip ftp lock

second run...

err: /Stage[main]/Afg_adminusers/User[stephen]/groups: change from  to dip
ftp lock failed: Invalid value dip ftp lock: Groups must be comma-separated

The syntax being used appears to be incorrect for useradd. Should be...

[root@esllatics2b ~]# /usr/sbin/useradd -u 1003 -g stephen* -G dip,ftp,lock
*-M stephen
Creating mailbox file: File exists

...i.e. comma separated additional groups are required from command line,
but I cant use the same list in hiera file.

My nasty hack to make it work;

vi /opt/puppet/lib/ruby/site_ruby/1.8/puppet/type/user.rb

      validate do |value|
        if value =~ /^\d+$/
          raise ArgumentError, "Group names must be provided, not GID
numbers."
        end
# ORIG HASHED OFF        raise ArgumentError, "Group names must be provided
as an array, not a comma-separated list." if value.include?(",")
        raise ArgumentError, "Group names must be provided as an array, not
a comma-separated list." if value.include?*("not-commas")*
      end


notice: /Stage[main]/Afg_adminusers/User[stephen]/groups: groups changed
'dip,ftp,lock' to 'dip,dip,ftp,lock,ftp,lock'
notice: Finished catalog run in 2.51 seconds

:)

However...every time I run puppet agent...I get the same output as above,
even though "stephen" has the correct group memberships.

Your help appreciated.

Regs,

Stephen

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en.

Reply via email to