Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-3204

Find LDAP users and groups created mid-transaction.

    Details

    • Type: New Feature
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Template:
    • Team:
      Night's Watch
    • CS Priority:
      Normal
    • CS Frequency:
      3 - 25-50% of Customers
    • CS Severity:
      3 - Serious
    • CS Business Value:
      3 - $$$$
    • CS Impact:
      Hide
      This is related to how the OS process management caches LDAP data. This is to some extent an OS level problem because the puppet process doesn't know about the updated LDAP data.

      The only way we can think of to solve this in Puppet is around fully restarting the puppet service to deal with this such as a postrun command or running puppet via cron.
      Show
      This is related to how the OS process management caches LDAP data. This is to some extent an OS level problem because the puppet process doesn't know about the updated LDAP data. The only way we can think of to solve this in Puppet is around fully restarting the puppet service to deal with this such as a postrun command or running puppet via cron.

      Description

      I recently noticed the following:

      Aug 23 18:09:35 extdns03 puppetdr987: [ID 702911 daemon.error] (//extdns03/common_foglight/foglight_agents_setup/Exec[/opt/foglight/script/setup.sh]) Failed to call refresh on Exec[/opt/foglight/script/setup.sh]: Invalid user: foglight
      

      While I'm reasonably sure that the user did exist at that point. So after long and painful debugging I did the following:

      extdns01# RUBYLIB=. irb
      irb(main):001:0> require 'puppet'
      => true
      irb(main):002:0> Puppet::Util.uid('boom')
      => nil
       
      [ Now, in a different window, ran "adduser boom" ]
       
      irb(main):003:0> Puppet::Util.uid('boom')
      => nil
      irb(main):004:0>
      

      I guess puppet should flush the uid/gid cache on any user/group operation, or possibly even every time.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  redmine.exporter redmine.exporter
                • Votes:
                  5 Vote for this issue
                  Watchers:
                  19 Start watching this issue

                  Dates

                  • Created:
                    Updated: