[PUP-2575] OS X group resource triggers spurious notice of a change Created: 2014/05/14  Updated: 2019/04/04  Resolved: 2015/11/02

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 4.3.0

Type: Bug Priority: Normal
Reporter: redmine.exporter Assignee: Eric Sorenson
Resolution: Fixed Votes: 2
Labels: redmine
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Story Points: 1
Sprint: Client 2015-11-11
Release Notes: Bug Fix
Release Notes Summary: Previously, if the manifest specified group members in a different order than the OSX group provider returned them in, then puppet would generate a spurious notice that the resource was not insync. The same would also happen if you specified the same member more than once.
QA Contact: Eric Thompson

 Description   

If I create a simple group resource on OS X:

group { "admin": members => ["root", "clay", "localadmin"] }

and apply it multiple times, each time it triggers a "notice" that the membership has changed, even though the group provider did not make any changes.

# puppet -d
group { "admin": members => ["root", "clay", "localadmin"] }
info: Loading facts in antivirus
info: Loading facts in cached_ldap_data
info: Loading facts in certname
info: Loading facts in corp_in_searchpath
info: Loading facts in debconf
info: Loading facts in en0_macaddress
info: Loading facts in encryption
info: Loading facts in environment
info: Loading facts in fstab_uuid
info: Loading facts in goobuntu_sshconfig_version
info: Loading facts in google_distro
info: Loading facts in hardware
info: Loading facts in in_china
info: Loading facts in installing
info: Loading facts in lobby
info: Loading facts in locale
info: Loading facts in macadmin_hash_path
info: Loading facts in machine_customizations
info: Loading facts in machine_in_ldap
info: Loading facts in machine_type
info: Loading facts in macos_info
info: Loading facts in oel_info
info: Loading facts in ops_owner
info: Loading facts in primary_user
info: Loading facts in region
info: Loading facts in remote_access
info: Loading facts in servicedb
info: Loading facts in sh_node
info: Loading facts in solaris_info
info: Loading facts in ssh_disabled
info: Loading facts in zone
debug: Puppet::Type::Group::ProviderPw: file /usr/sbin/pw does not exist
debug: Puppet::Type::Group::ProviderGroupadd: file groupdel does not exist
debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
debug: Creating default schedules
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Puppet::Type::User::ProviderUseradd: file userdel does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderDirectoryservice: Executing '/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing '/usr/bin/dscl -plist . -read /Users/root'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/puppet/state]
debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/public_keys/c37b1476-214e-4897-824e-2dcd24c60543.pem]: Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/puppet/client_data]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/puppet/state]
debug: /File[/etc/puppet/ssl/private_keys/c37b1476-214e-4897-824e-2dcd24c60543.pem]: Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/state]
debug: /File[/etc/puppet/ssl/certs/c37b1476-214e-4897-824e-2dcd24c60543.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: Finishing transaction 2164043380
debug: Loaded state in 1.40 seconds
info: Applying configuration version '1285271264'
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl -plist . -list /Groups'
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl -plist . -read /Groups/admin'
notice: /Stage[main]//Group[admin]/members: members changed 'clay,root,localadmin' to 'root,clay,localadmin'
debug: Finishing transaction 2189862280
debug: Storing state
debug: Stored state in 6.98 seconds

I'm running puppet 2.6.1 on OS X 10.6.4 with the stock ruby (1.8.7) installed.



 Comments   
Comment by Clay Fox [ 2014/05/14 ]

This still happens on OS X 10.9.2, puppet 3.2.3, and facter 1.7.2

Comment by Clay Fox [ 2014/05/20 ]

And just to be certain, still happens with 10.9.3, puppet 3.5.1, facter 1.7.5.

$ echo 'group { "somegroup": members => ["root", "clay"] }' | sudo puppet apply
Notice: Compiled catalog for 379b828f-0a82-4649-8c1f-03007668ca38 in environment gmac_unstable in 0.13 seconds
Notice: /Stage[main]/Main/Group[somegroup]/ensure: created
Notice: Finished catalog run in 0.46 seconds
$ echo 'group { "somegroup": members => ["clay", "root"] }' | sudo puppet apply
Notice: Compiled catalog for 379b828f-0a82-4649-8c1f-03007668ca38 in environment gmac_unstable in 0.13 seconds
Notice: /Stage[main]/Main/Group[somegroup]/members: members changed 'root,clay' to 'clay,root'
Notice: Finished catalog run in 0.30 seconds
$ echo 'group { "somegroup": members => ["clay", "root"] }' | sudo puppet apply
Notice: Compiled catalog for 379b828f-0a82-4649-8c1f-03007668ca38 in environment gmac_unstable in 0.13 seconds
Notice: /Stage[main]/Main/Group[somegroup]/members: members changed 'root,clay' to 'clay,root'
Notice: Finished catalog run in 0.30 seconds

Probably useful to someone who understands the puppet codebase:

[...] requires a larger refactor of the directoryservices nameservice provider so that the members property can be migrated to Property::OrderedList

Comment by Sean Griffin [ 2015/11/02 ]

Can't reproduce in old sha 196f6caf6f28cbf9b2738ed87e5a00e9ce8a5987 (10/6/15). Symptoms not present in sha c82a813640b7535e6fa6d477a0d7023925cc0561 (10/31/15).
QA risk is low.

Generated at Wed Apr 01 14:19:52 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.