[Puppet Users] Re: ensure user and group created

2014-02-28 Thread Ryan Anderson 
This was a known problem with earlier puppet releases where adding local 
users would fail if they existed in a network name service (LDAP, NIS, 
etc), so more recent 3.x puppet versions of the user resource have a 
'forcelocal' option. Use this, and it will work.

On Wednesday, February 26, 2014 4:17:05 PM UTC-6, bluethundr wrote:

 Hey all,

  I've created a puppet module to control LDAP in my environment. The ldap 
 packages on both the centos and ubuntu hosts seem to require a user and 
 group called 'ldap' (respectively).

 in my ldap::install class I have the following defined:

 user { ldap:
 ensure = present,
   }

   group { ldap:
 ensure = present,   }


 But on each puppet run after the user and group is created the following 
 error occurs: 

 err: /Stage[main]/Ldap::Install/User[ldap]/ensure: change from absent to 
 present failed: Could not create user ldap: Execution of '/usr/sbin/usera
 dd -M ldap' returned 9: useradd: group ldap exists - if you want to add 
 this user to that group, use -g.

 Is there any way to achieve being able to create this user and group and 
 avoid the error on each run thereafter?

 Thanks
 Tim

 -- 
 GPG me!!

 gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

  

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/80becae8-c0bb-4287-98f7-c7984037f050%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: ensure user and group created

2014-02-27 Thread jcbollinger 


On Wednesday, February 26, 2014 4:17:05 PM UTC-6, bluethundr wrote:

 Hey all,

  I've created a puppet module to control LDAP in my environment. The ldap 
 packages on both the centos and ubuntu hosts seem to require a user and 
 group called 'ldap' (respectively).

 in my ldap::install class I have the following defined:

 user { ldap:
 ensure = present,
   }

   group { ldap:
 ensure = present,   }



You may be overthinking this.  Certainly on CentOS and probably on Ubuntu, 
the standard OpenLDAP packages take care of ensuring the needed user and 
group configuration is setup up.

It is not entirely superfluous to manage them in Puppet as well if you're 
worried about them being removed later, but do note that the user and group 
may have standard UID and GID numbers, respectively, in each distribution, 
and that assigning them different ones may cause you grief.  Also note that 
these are generally a 'system' user and group, and as such they should take 
UID and GID numbers in a different (lower) range than than standard users 
and groups do.

Note also that your User declaration is probably underspecified.  In 
addition to declaring it a 'system' user, you should also declare that it 
must belong to group 'ldap'.  I suspect that doing so will resolve your 
problem, though if *not* doing so causes a problem then that constitutes a 
minor bug.  Feel free to file a ticket.
 


 But on each puppet run after the user and group is created the following 
 error occurs: 

 err: /Stage[main]/Ldap::Install/User[ldap]/ensure: change from absent to 
 present failed: Could not create user ldap: Execution of '/usr/sbin/usera
 dd -M ldap' returned 9: useradd: group ldap exists - if you want to add 
 this user to that group, use -g.

 Is there any way to achieve being able to create this user and group and 
 avoid the error on each run thereafter?



I'm confident that there is.  Try adding

  system = true

to both the User and the Group declaration, and adding

  gid = 'ldap'

to the group declaration.  Let us know how it works out.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7786ab6f-aeb7-4e6d-98dd-1e577883421e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.