Jira (PUP-10422) CentOS 8: group resource not able to handle group members

9 views
Skip to first unread message

Mihai Buzgau (Jira)

unread,
Apr 15, 2020, 6:04:03 AM4/15/20
to puppe...@googlegroups.com
Mihai Buzgau moved an issue
 
Puppet / Bug PUP-10422
CentOS 8: group resource not able to handle group members
Change By: Mihai Buzgau
Key: PA PUP - 3180 10422
Affects Version/s: puppet-agent 6.14.0
Project: Puppet Agent
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Mihai Buzgau (Jira)

unread,
Apr 15, 2020, 6:06:02 AM4/15/20
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: PR NW - Triage 2020-04-29

Mihai Buzgau (Jira)

unread,
Apr 15, 2020, 6:06:03 AM4/15/20
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Story Points: 2

Gabriel Nagy (Jira)

unread,
Apr 21, 2020, 8:45:03 AM4/21/20
to puppe...@googlegroups.com
Gabriel Nagy assigned an issue to Gabriel Nagy
Change By: Gabriel Nagy
Assignee: Gabriel Nagy

Gabriel Nagy (Jira)

unread,
Apr 21, 2020, 8:57:03 AM4/21/20
to puppe...@googlegroups.com
Gabriel Nagy commented on Bug PUP-10422
 
Re: CentOS 8: group resource not able to handle group members

Hi,

Can you paste the output of getent group puppetcerts? This is what Puppet uses internally to get group information.

If the group members aren't present in the output, it's possible that something takes precedence over files in /etc/nsswitch.conf. The implementation for this functionality is the same regardless of CentOS version.

Attempting to reproduce on a CentOS 8 machine:

[root@payable-avocado puppet]# getent group wheel
 
wheel:x:10:root
 
 
 
[root@payable-avocado puppet]# bundle exec puppet resource group wheel
 
group { 'wheel':
 
  ensure   => 'present',
 
  gid      => 10,
 
  members  => ['root'],
 
  provider => 'groupadd',
 
}
 
 
 
[root@payable-avocado puppet]# cat /etc/centos-release
 
CentOS Linux release 8.0.1905 (Core)

Thanks,
Gabriel

Stephan Schultchen (Jira)

unread,
Apr 21, 2020, 9:15:03 AM4/21/20
to puppe...@googlegroups.com

sure:

getent group puppetcerts
puppetcerts:x:10053:

 

 

but your question pointed me to another direction. our systems are enrolled to RedHat IdM/FreeIPA.

so "sssd" is configured, and our /etc/nsswitch.conf is modifed.

for some reason, CentOS 8 uses a different backend order, compared to CentOS7, in this file.

CentOS 8 preferes sssd, not the local files.

 

i will investigate, if something is wrong there.

Stephan Schultchen (Jira)

unread,
Apr 21, 2020, 9:59:09 AM4/21/20
to puppe...@googlegroups.com

this bug can be closes. it is an issue in "sssd":

 

https://bugzilla.redhat.com/show_bug.cgi?id=1794607
Reply all
Reply to author
Forward
0 new messages