On Thursday, March 31, 2016 at 7:13:30 AM UTC-5, Patrick G. wrote:
>
> /home does exists but /home/admin doesn’t because it is a new user.
>
> How should I give puppet permission to create this directory?
>
It's unclear whether you need to give Puppet permission, whether you need
to give it an additional resource to manage, or whether you just need to
instruct Puppet to manage resources in a different relative order. I'd
rate a permission problem the least likely of those possibilities.
If you expect the new user's home directory to be created as part of the
process of creating a new user under Puppet management, then
1. the relevant User resource must be synced before any ssh key
attributed to them, and
2. that resource's parameters should specify that the user home
directory is to be managed.
You have not the module you are using well enough for me to distinguish it
from the dozens of other SSH modules, but your log excerpt shows it using
the standard Ssh_authorized_key resource type. That type automatically
causes the key's associated user to be managed before the key itself if
that user is in fact under management as a User resource, so I conclude
that either there is no such User in the catalog all (in which case I'm
uncertain why you characterize the context as creating a new user) or else
that User is not configured as you need it to be.
For example, for this to work properly in conjunction with creating a new
user, you might need the relevant User resource to be configured with *at
least* these properties and parameters:
user { 'admin':
ensure => 'present',
uid => 1, # or whatever
gid => 1, # or whatever
home => '/home/admin',
managehome => true
}
Alternatively, if your local user management subsystem does not support
managing user home directories directly in concert with creating users,
then you might need to manage the home directory explicitly, as a File
resource. In that case you will want to specify a relationship between
that File and the User or Ssh::Key that causes the home directory to be
managed first.
If you do have a permission problem after all, however, then in order to
solve it you need to understand its nature. Are there mandatory access
controls (i.e. SELinux policy) preventing Puppet from doing what it needs
to do? Is /home on a remote file system that squashes root privileges? Is
puppet running as an unprivileged user? There may be other possibilities.
You can't solve such a problem without knowing in some detail what the
problem is.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/19307bc1-64db-40d2-8558-485993edcc4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
