Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1153

Incorrect ordering of group and user resource purging

    Details

    • Template:
    • Team:
      Platform OS

      Description

      I am using the following below code to purge/remove all unmanaged (to Puppet) users and groups on a system so that only OS groups and users I allow can exist.

      I receive errors in my log though because Puppet will attempt to remove a (primary) group before it removes the corresponding user. Although a subsequent run has no errors (the user was eventually purged) I am left with undesired groups until I run Puppet again. The current work around is to run Puppet multiple times and modify monitoring scripts to ignore the group deletion errors.

      Attempts at using before, require, ->, etc. notation do not cause the desired order (purge users then groups).

      I'd propose that Puppet be modified such that it either honors the specified ordering or as a rule always processes user removal/purging before it processes any group removal/purging.

      Error in log:

      Error: /Group[vagrant]/ensure: change from present to absent failed: Could not delete group vagrant: Execution of '/usr/sbin/groupdel vagrant' returned 8: groupdel: cannot remove the primary group of user 'vagrant'
      

      (note that vagrant was not logged in)
      (This was on an Ubuntu 12.04 server)

      Iteration # 1 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
        }
      

      Iteration # 2 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
          before	=> Resources['group'],
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
        }
      

      Iteration # 3 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
          require	=> Resources['user'],
        }
      

      Iteration # 4 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
          before	=> Resources['group'],
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
          require	=> Resources['user'],
        }
      

      Iteration # 5 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
        }
       
        Resources['user'] -> Resources['group']
      

      Iteration # 6 (failed):

        resources { 'user':
          purge => true,
          unless_system_user => false,
          before	=> Resources['group'],
        }
       
        resources { 'group':
          purge => true,
          unless_system_user => false,
          require	=> Resources['user'],
        }
       
        Resources['user'] -> Resources['group']
      

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  redmine.exporter redmine.exporter
                  QA Contact:
                  Narmadha Perumal
                • Votes:
                  7 Vote for this issue
                  Watchers:
                  15 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: