problem changing group membership for linux users
54 views
Skip to first unread message
Sebastian Krueger
Mar 2, 2009, 3:46:55 AM3/2/09
to puppet...@googlegroups.com
Hi list,
I want the ensure that the eaiadmin user is always a member of the users group. I use the following configuration:
class baseusers {
include virt_groups, virt_users
realize(
Group["eaiadmin"],
Group["users"]
)
realize(
User["eaiadmin"]
)
}
class virt_users {
@user { "eaiadmin":
gid => "30",
ensure => present,
groups => [ "users" ]
}
}
class virt_groups {
@group { "eaiadmin":
gid => "30",
ensure => present
}
@group { "users":
gid => "100",
ensure => present
}
}
This works well, however it looks like the setting is applied everytime, regardless if the eaiadmin user is already in the users group.
Here a snippet from the log:
Mar 2 16:36:42 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]) Changing groups
Mar 2 16:36:42 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]) 1 change(s)
Mar 2 16:36:43 eaisoa-kbp-a4dk puppetd[3327]: (User[eaiadmin](provider=useradd)) Executing '/usr/sbin/usermod -G users eaiadmin'
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account removed from group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account removed from group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account added to group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]/groups) groups changed 'users,users' to 'users'
Why does it show 'users,users' to 'users'? Is this a bug with the groupadd provider? For some reason puppet thinks that eaiadmin is not a member of the users group, even though it is.
Regards, Sebastian.
I want the ensure that the eaiadmin user is always a member of the users group. I use the following configuration:
class baseusers {
include virt_groups, virt_users
realize(
Group["eaiadmin"],
Group["users"]
)
realize(
User["eaiadmin"]
)
}
class virt_users {
@user { "eaiadmin":
gid => "30",
ensure => present,
groups => [ "users" ]
}
}
class virt_groups {
@group { "eaiadmin":
gid => "30",
ensure => present
}
@group { "users":
gid => "100",
ensure => present
}
}
This works well, however it looks like the setting is applied everytime, regardless if the eaiadmin user is already in the users group.
Here a snippet from the log:
Mar 2 16:36:42 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]) Changing groups
Mar 2 16:36:42 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]) 1 change(s)
Mar 2 16:36:43 eaisoa-kbp-a4dk puppetd[3327]: (User[eaiadmin](provider=useradd)) Executing '/usr/sbin/usermod -G users eaiadmin'
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account removed from group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account removed from group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk shadow[28443]: account added to group - account=eaiadmin, group=users, gid=100, by=0
Mar 2 16:36:44 eaisoa-kbp-a4dk puppetd[3327]: (//Node[basenode]/baseusers/virt_users/User[eaiadmin]/groups) groups changed 'users,users' to 'users'
Why does it show 'users,users' to 'users'? Is this a bug with the groupadd provider? For some reason puppet thinks that eaiadmin is not a member of the users group, even though it is.
Regards, Sebastian.
James Turnbull
Mar 2, 2009, 4:34:39 AM3/2/09
to puppet...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA1
Sebastian Krueger wrote:
>
> Why does it show 'users,users' to 'users'? Is this a bug with the groupadd
> provider? For some reason puppet thinks that eaiadmin is not a member of the
> users group, even though it is.
Sebastian - what Puppet version and platform? I am pretty sure that's a
bug now fixed.
Regards
James Turnbull
- --
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmrYd8ACgkQ9hTGvAxC30CutACgrZhgGLri4LtQpA5scHTPn9F2
o3sAoL0L5+IL6G7DHDM0xgVTSkVljsyt
=sRom
-----END PGP SIGNATURE-----
Sebastian Krueger
Mar 2, 2009, 4:37:56 AM3/2/09
to puppet...@googlegroups.com
H James,
I'm using
eaisoa-puppet:/export/puppet/manifests/definitions # rpm -qa|grep puppet
puppet-0.24.7-5
puppet-server-0.24.7-5
eaisoa-puppet:/export/puppet/manifests/definitions #
If you that is a bug that is already fixed, then do you think I should grab the latest version from code repository?
Thanks, Sebastian.
I'm using
eaisoa-puppet:/export/puppet/manifests/definitions # rpm -qa|grep puppet
puppet-0.24.7-5
puppet-server-0.24.7-5
eaisoa-puppet:/export/puppet/manifests/definitions #
If you that is a bug that is already fixed, then do you think I should grab the latest version from code repository?
Thanks, Sebastian.
nick.ma...@gmail.com
Mar 2, 2009, 9:39:32 AM3/2/09
to puppet...@googlegroups.com
Hi Sebastian,
I think u must try to add "membership => inclusive" in @user for more
"stability". Btw what is u puppet version, cuz as i see "groups" are
version sensitive.
And look here http://reductivelabs.com/trac/puppet/wiki/TypeReference#id312
Sebastian Krueger
Mar 2, 2009, 5:50:42 AM3/2/09
to puppet...@googlegroups.com
Hi Nick,
I've added in the membership => inclusive part but it's still trying to reassign the groupmembership all the time.
Regards, Sebastian.
I've added in the membership => inclusive part but it's still trying to reassign the groupmembership all the time.
Regards, Sebastian.
Sebastian Krueger
Mar 2, 2009, 6:10:31 AM3/2/09
to puppet...@googlegroups.com
Hi everyone,
so I'm trying to do a checkout from the git repository as James said
that the problem may already be resolved in a later version.
However, I can't seem to get git to go through the corporate http proxy server.
I do the following:
http_proxy=http://foo:1234 git clone git://reductivelabs.com/puppet
And then it just sits there and times out eventually.
Do any of you guys use git through a proxy and could share their configuration?
Regards, Sebastian.
so I'm trying to do a checkout from the git repository as James said
that the problem may already be resolved in a later version.
However, I can't seem to get git to go through the corporate http proxy server.
I do the following:
http_proxy=http://foo:1234 git clone git://reductivelabs.com/puppet
And then it just sits there and times out eventually.
Do any of you guys use git through a proxy and could share their configuration?
Regards, Sebastian.
AJ Christensen
Mar 2, 2009, 6:17:06 AM3/2/09
to puppet...@googlegroups.com
I believe you can only use git:// through an HTTP proxy when it
supports the CONNECT method.
It may be possible to clone via HTTP, but push operations are only
possible over HTTP to DAV.
Regards,
AJ
supports the CONNECT method.
It may be possible to clone via HTTP, but push operations are only
possible over HTTP to DAV.
Regards,
AJ
nick.ma...@gmail.com
Mar 2, 2009, 11:30:48 AM3/2/09
to puppet...@googlegroups.com
On Mon, 02 Mar 2009 05:50:42 -0000, Sebastian Krueger
If puppetd doin groups reassign all time, so it is not 0.24.7 version. I
have same issue in 0.24.4 on gentoo. In 0.24.7 with membership I don have
any problems with "groups".
have same issue in 0.24.4 on gentoo. In 0.24.7 with membership I don have
any problems with "groups".
Sebastian Krueger
Mar 2, 2009, 7:37:08 AM3/2/09
to puppet...@googlegroups.com
it's definitely version 0.24.7.
At least that's the only version I've ever downloaded. I'm running
SLES 10.2. Not sure if that makes any difference compared to Gentoo?
I can't seem to work out how to download the source from git through
our proxy. Looks like our proxy doesn't support "CONNECT" requests. As
I'm still relatively new to Ruby, can someone point me to the source
file and I'll compare the code manually?
Cheers, Sebastian.
At least that's the only version I've ever downloaded. I'm running
SLES 10.2. Not sure if that makes any difference compared to Gentoo?
I can't seem to work out how to download the source from git through
our proxy. Looks like our proxy doesn't support "CONNECT" requests. As
I'm still relatively new to Ruby, can someone point me to the source
file and I'll compare the code manually?
Cheers, Sebastian.
Sebastian Krueger
Mar 2, 2009, 7:41:18 AM3/2/09
to puppet...@googlegroups.com
How hard would it be to add a flag / option to reductivelabs projects
that use git, to tell git to use the http
method?
So it would tell git to use http:// instead of git://
example:
git clone http://reductivelabs.com/puppet
maybe something like this http://reductivelabs.com/repos/git/puppet
Would that be possible?
Regards, Sebastian.
that use git, to tell git to use the http
method?
So it would tell git to use http:// instead of git://
example:
git clone http://reductivelabs.com/puppet
maybe something like this http://reductivelabs.com/repos/git/puppet
Would that be possible?
Regards, Sebastian.
Sebastian Krueger
Mar 3, 2009, 10:41:05 PM3/3/09
to puppet...@googlegroups.com
bump
Reply all
Reply to author
Forward
0 new messages