https://bugzilla.wikimedia.org/show_bug.cgi?id=71480
Bug ID: 71480
Summary: Prevent puppet from creating local user when they are
defined in LDAP
Product: Wikimedia Labs
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Infrastructure
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected]
Web browser: ---
Mobile Platform: ---
We had a few LDAP rolling upgrades over the past few days. When puppet realize
a User type, it apparently detects a provider of the user. When LDAP works, it
does not create the user, but whenever LDAP does not, puppet fallbacks to
adduser and creates a local user.
An example is the beta cluster which recently had a local 'mwdeploy' user being
created by puppet on deployment-rsync01 and deployment-bastion. The process we
run (such as scap) ends up altering / creating files with the local UID and
whenever LDAP comes back we have a few permissions errors all over the place.
Puppet User supports a 'provider' attribute which can be set to 'ldap'. Bryan
suggested to use hiera to set that on labs.
Ref:
https://docs.puppetlabs.com/references/latest/type.html#user-attribute-provider
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
