I am attempting to add certificates to a user's home directory for use with mcollective. This involves the puppetlabs/mcollective class and mcollective::user definition, plus our local modules site_mcollective and 'orgname' modules and the provided orgname::mcollective::user definition. The users are members of LDAP and show up via 'getent', therefore they appear present. However, the home directories are not, so I added managehome => true to the manifest to ensure they are created so the directories underneath can be created. However, Puppet does not create the missing home directory, therefore causing the user definition to generate an error on the missing directory and skip the rest due to missing dependencies. See the attachment for sanitized output. I can possibly provide raw output through secure communications channels, contact firstname.lastname@example.org if interested.
As there is no availability within the DSL to test for the existence of a directory and otherwise skip the rest of the definition, I am left with some unattractive alternatives:
- Exec with onlyif that tests for existence of the directory - can work but now I'm manually managing the directory permissions/ownership and this introduces the potential for errors.
- Define the manifest to only include userids that have logged into the specific node - this works but breaks a roles/profiles hierarchy into node-specific configuration implementation.
- Force the users to log in at least once to each node - Easy right now, difficult over time as nodes are added or rebuilt.
- Live with it - ignore the errors in the logs and puppetdb.
Live with it actually seems like the least bad idea given that it has the least amount of side effects or ongoing management issues, though it does impede log analysis.