The `user` resource on AIX returns back non-working Puppet code for the 'attributes' key.
Example:
{code:title=puppet resource user root|borderStyle=solid}
# puppet resource user root | tee /tmp/root.pp
user { 'root':
ensure => 'present',
attributes => {'account_locked' => 'false', 'admin' => 'true', 'auditclasses' => 'general', 'auth1' => 'SYSTEM', 'auth2' => 'NONE', 'core' => '-1', 'cpu' => '-1', 'daemon' => 'true', 'data' => '-1', 'fsize' => '-1', 'histexpire' => '0', 'histsize' => '0', 'host_last_login' => ' njros1ud710 removed . prudential example .com', 'host_last_unsuccessful_login' => ' njros1ud710 removed . prudential example .com', 'login' => 'true', 'loginretries' => '0', 'maxexpired' => '-1', 'maxrepeats' => '8', 'minalpha' => '0', 'mindiff' => '0', 'mindigit' => '0', 'minlen' => '0', 'minloweralpha' => '0', 'minother' => '0', 'minspecialchar' => '0', 'minupperalpha' => '0', 'name' => 'root', 'nofiles' => '2000', 'pwdwarntime' => '0', 'registry' => 'files', 'rlogin' => 'true', 'rss' => '-1', 'stack' => '-1', 'su' => 'true', 'sugroups' => 'ALL', 'system' => 'compat', 'time_last_login' => '1407248916', 'time_last_unsuccessful_login' => '1407184651', 'tpath' => 'nosak', 'tty_last_login' => '/dev/pts/1', 'tty_last_unsuccessful_login' => 'ssh', 'ttys' => 'ALL', 'umask' => '22', 'unsuccessful_login_count' => '0'},
comment => 'root',
expiry => '2032-12-31',
gid => '0',
groups => ['system', 'bin', 'sys', 'security', 'cron', 'audit', 'lp'],
home => '/',
password => 'WuthH/s1ny/5s',
password_max_age => '0',
password_min_age => '0',
shell => '/bin/ksh',
uid => '0',
}
{code}
And then running the same code through puppet apply:
{code:title=puppet apply root.pp|borderStyle=solid}
# puppet apply /tmp/root.pp
Notice: Compiled catalog for myhost.example.com in environment production in 0.28 seconds
Error: Parameter attributes failed on User[root]: Attributes value pairs must be separated by an = at /tmp/root.pp:14
Wrapped exception:
Attributes value pairs must be separated by an =
{code}
The issue seems to stem from the attributes field. `puppet resource` outputs a key/value object for attributes, while puppet apply seems to expect an array with key=value parts in it as a string.
Changing it to an array of key=value pairs results in a still broken setup. Puppet resource outputs several key/value pairs that are NOT items that can be changed via the chuser command it runs under the covers. It should not return the 'name' or the 'system' keys.
This was my working root.pp file:
{code:title=root.pp}
user { 'root':
ensure => 'present',
attributes => ['account_locked=false', 'admin=true', 'auditclasses=general', 'auth1=SYSTEM', 'auth2=NONE', 'core=-1', 'cpu=-1', 'daemon=true', 'data=-1', 'fsize=-1', 'histexpire=0', 'histsize=0', 'host_last_login=njros1ud710.prudential.com', 'host_last_unsuccessful_login=njros1ud710.prudential.com', 'login=true', 'loginretries=0', 'maxexpired=-1', 'maxrepeats=8', 'minalpha=0', 'mindiff=0', 'mindigit=0', 'minlen=0', 'minloweralpha=0', 'minother=0', 'minspecialchar=0', 'minupperalpha=0', 'nofiles=2000', 'pwdwarntime=0', 'registry=files', 'rlogin=true', 'rss=-1', 'stack=-1', 'su=true', 'sugroups=adm', 'time_last_login=1407248916', 'time_last_unsuccessful_login=1407184651', 'tpath=nosak', 'tty_last_login=/dev/pts/1', 'tty_last_unsuccessful_login=ssh', 'ttys=ALL', 'umask=22', 'unsuccessful_login_count=0'],
comment => 'root',
expiry => '2032-12-31',
gid => '0',
groups => ['system', 'bin', 'sys', 'security', 'cron', 'audit', 'lp'],
home => '/',
password => 'fakepass',
password_max_age => '0',
password_min_age => '0',
shell => '/bin/ksh',
uid => '0',
}
{code}
PS: |
|
