Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
PUP 6.23.0, PUP 7.8.0, PUP 6.24.0, PUP 7.9.0, PUP 7.10.0, PUP 7.11.0, PUP 7.12.0, PUP 6.25.1
-
None
-
Night's Watch
-
3
-
NW - 2021-11-17, NW - 2021-12-06
-
Needs Assessment
-
Bug Fix
-
This release moves the `ssh_authorized_key` resources creation moment at the end of the user type flow, after all user properties and parameters were resolved to avoid order dependency errors.
-
Needs Assessment
Description
Puppet Version: 7.8.0 6.23.0 6.24.0 6.24.1 6.25.1
Puppet Server Version: -
OS Name/Version: RHEL 7 RHEL 8 CENTOS 7 CENTOS 8
The user resource is not working as expected since puppet agent 6.23/7.8.
During a puppet run, if a user is created by any utility (package / exec), the puppet user resource try to luseradd the same user instead of lusermod as the user already exists.
The following code:
exec { '/sbin/luseradd -u 50080 -M myuser': }
|
-> user { 'myuser':
|
uid => 50081,
|
forcelocal => true,
|
}
|
produce an error on user resource
Desired Behavior:
before version 6.23
Notice: /Stage[main]/Main/Exec[/sbin/luseradd -u 50080 -M myuser]/returns: executed successfully
|
Notice: /Stage[main]/Main/User[myuser]/uid: uid changed '50080' to 50081
|
Actual Behavior:
version 6.23 and after
Notice: /Stage[main]/Main/Exec[/sbin/luseradd -u 50080 -M myuser]/returns: executed successfully
|
Error: Could not create user myuser: Execution of '/usr/sbin/luseradd -g myuser -u 50081 -M myuser' returned 3: Account creation failed: entry already present in file.
|
Error: /Stage[main]/Main/User[myuser]/ensure: change from 'absent' to 'present' failed: Could not create user myuser: Execution of '/usr/sbin/luseradd -g myuser -u 50081 -M myuser' returned 3: Account creation failed: entry already present in file.
|
Seem regression introduced by https://tickets.puppetlabs.com/browse/PUP-11067
seems puppet 7.9 has fixed default behavior with https://tickets.puppetlabs.com/browse/PUP-11131 but not done on puppet 6.
with:
- if !self[:purge_ssh_keys].empty? |
+ if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false |
return [] if self[:ensure] == :present && !provider.exists? |
(I don't see exactly the link between the regression and this purge_ssh_keys setting, but changing this, is fixing it)
But if the purge_ssh_keys is set to true, it is not working anymore even in puppet 7.12 agent...
exec { '/sbin/luseradd -u 50080 -M myuser': }
|
-> user { 'myuser':
|
uid => 50081,
|
forcelocal => true,
|
purge_ssh_keys => true,
|
}
|
Notice: /Stage[main]/Main/Exec[/sbin/luseradd -u 50080 -M myuser]/returns: executed successfully
|
Error: Could not create user myuser: Execution of '/usr/sbin/luseradd -g myuser -u 50081 -M myuser' returned 3: Account creation failed: entry already present in file.
|
Error: /Stage[main]/Main/User[myuser]/ensure: change from 'absent' to 'present' failed: Could not create user myuser: Execution of '/usr/sbin/luseradd -g myuser -u 50081 -M myuser' returned 3: Account creation failed: entry already present in file.
|
|
