[Puppet Users] Help with LDAP, Users, and Puppet..

Mon, 01 Nov 2010 14:10:38 -0700 

We have an environment where we have to place some files on systems owned by 
'ldap' users... that is, users that are not local, but are held in LDAP. We've 
done everything we can to stabalize our LDAP environment, but we still run into 
an issue where hosts randomly pop out failures like:

err     Could not evaluate: Could not find user xxx     
/Stage[main]//Node[cseng_base]/Auth::Key[xxx]/File[/home/xxx]   2010-11-01 
20:46 UTC
warning Skipping because of failed dependencies 
/Stage[main]//Node[cseng_base]/Auth::Key[xxx]/File[/home/xxx/.ssh]      
2010-11-01 20:46 UTC
warning Skipping because of failed dependencies 
/Stage[main]//Node[cseng_base]/Auth::Key[xxx]/File[/home/xxx/.ssh/authorized_keys]
      2010-11-01 20:46 UTC
notice  Dependency File[/home/xxx] has failures: true   
/Stage[main]//Node[cseng_base]/Auth::Key[xxx]/File[/home/xxx/.ssh/authorized_keys]
      2010-11-01 20:46 UTC
notice  Dependency File[/home/xxx] has failures: true   
/Stage[main]//Node[cseng_base]/Auth::Key[xxx]/File[/home/xxx/.ssh]      
2010-11-01 20:46 UTC
notice  created 
/Stage[main]//Node[cseng_base]/Auth::Key[yyy]/File[/home/yyy]/ensure    
2010-11-01 20:46 UTC
notice  created 
/Stage[main]//Node[cseng_base]/Auth::Key[yyy]/File[/home/yyy/.ssh]/ensure       
2010-11-01 20:46 UTC
notice  defined content as '{md5}71e80c50ae9c737cbfbc82fb56a792af'      
/Stage[main]//Node[cseng_base]/Auth::Key[yyy]/File[/home/yyy/.ssh/authorized_keys]/ensure
You can see two different users that are both in LDAP.. but one fails when 
puppet tries to set its permissions ,and the other succeeds. 

1) Any thoughts on why puppet randomly fails the lookup of the user id?
2) Why is puppet looking up the userid anyways — i just want it to do verify 
that the username is 'xxx' and walk away. Whats the mechanism puppet is using 
for this? 

On the systems we use 'files db ldap' as our nsswitch.conf priority, and 'db' 
is a local copy of the ldap data using 'nsscache' on a regular basis. Looking 
up a user should never fail.... and it doesnt seem to when we log in and check 
by hand, so I don't know why puppet is failing.

—Matt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to