Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
PUP 5.3.3
-
RHEL 6 and 7
-
Platform Core
-
Platform Core KANBAN
-
Bug Fix
-
When forcelocal is set to true, the groupadd and useradd modules now use local commands for modifying and deleting user and group resources. Prior to this, local commands were only used for adding group and user resources when forcelocal was set to true.
-
No Action
Description
The user and group resources do not use local commands when modifying a user or group. This can result in failure to make changes to locally added user or groups if that user or group already exists in LDAP.
Example error:
2017-11-21 09:19:49 -0500 Puppet (err): Could not set gid on group[munge]: Execution of '/usr/sbin/groupmod -g 73 munge' returned 4: groupmod: GID '73' already exists
|
2017-11-21 09:19:49 -0500 /Stage[main]/Munge::User/Group[munge]/gid (err): change from 486 to 73 failed: Could not set gid on group[munge]: Execution of '/usr/sbin/groupmod -g 73 munge' returned 4: groupmod: GID '73' already exists
|
Using lgroupmod on this particular system was only way to allow Puppet to continue to function.
lgroupmod -g 73 munge
|
This issue presented itself when Puppet was told to set munge UID/GID after the package had already auto-created the user/group with different UID/GID. The module that adds the user/group uses forcelocal=>true
https://github.com/treydock/puppet-munge/blob/master/manifests/user.pp
I propose that both user and group resources respect forcelocal for all types of operations.
Attachments
Issue Links
- relates to
-
-
- Resolved
-
