Jira (PUP-10857) User resource with forcelocal uses getent for groups

23 views
Skip to first unread message

Jarret Lavallee (Jira)

unread,
Jan 19, 2021, 10:35:03 AM1/19/21
to puppe...@googlegroups.com
Jarret Lavallee created an issue
 
Puppet / Improvement PUP-10857
User resource with forcelocal uses getent for groups
Issue Type: Improvement Improvement
Affects Versions: PUP 6.19.1
Assignee: Unassigned
Components: Types and Providers
Created: 2021/01/19 7:34 AM
Priority: Normal Normal
Reporter: Jarret Lavallee

*Description*
When using the useradd provider with the user resource with forcelocal => true, the groups are still pulled from gentent. This causes LDAP/NIS groups to be detected instead of just the local groups.

*Desired Behavior*
The forcelocal => true parameter should force all options to be local. With the parameter set, the user is looked up from /etc/passwd. The groups should be looked up locally as well.

*Actual Behavior*
The forcelocal => true results in the user being looked up locally, but the groups are looked up through getgrent

*Additional Notes*
It falls back to using https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/posix.rb#L14-L33 from https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/nameservice.rb#L235-L237 as it is not implemented in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

zendesk.jira (Jira)

unread,
Jan 19, 2021, 10:36:03 AM1/19/21
to puppe...@googlegroups.com
zendesk.jira updated an issue
Change By: zendesk.jira
Zendesk Ticket Count: 1
Zendesk Ticket IDs: 42710

zendesk.jira (Jira)

unread,
Jan 19, 2021, 10:36:04 AM1/19/21
to puppe...@googlegroups.com
zendesk.jira updated an issue
Change By: zendesk.jira
Labels: jira_escalated

Mihai Buzgau (Jira)

unread,
Jan 19, 2021, 11:32:04 AM1/19/21
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: NW - 2021-02-03

Mihai Buzgau (Jira)

unread,
Jan 20, 2021, 4:58:02 AM1/20/21
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Story Points: 3

Mihai Buzgau (Jira)

unread,
Jan 28, 2021, 2:10:05 PM1/28/21
to puppe...@googlegroups.com
Mihai Buzgau assigned an issue to Luchian Nemes
Change By: Mihai Buzgau
Assignee: Luchian Nemes

Josh Cooper (Jira)

unread,
Jan 28, 2021, 5:49:03 PM1/28/21
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 7.4.0
Fix Version/s: PUP 6.21.0

Luchian Nemes (Jira)

unread,
Feb 2, 2021, 5:57:03 AM2/2/21
to puppe...@googlegroups.com
Luchian Nemes updated an issue
Change By: Luchian Nemes
Release Notes: Bug Fix
Release Notes Summary: The `useradd` provider now checks the `forcelocal` parameter and gets local information about groups (from `/etc/groups`) and gid (from `/etc/passwd`) of a user when requested.

Mihai Buzgau (Jira)

unread,
Feb 3, 2021, 4:43:03 AM2/3/21
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: NW - 2021-02-03 , NW - 2021-02-17

Josh Cooper (Jira)

unread,
Feb 3, 2021, 7:49:03 PM2/3/21
to puppe...@googlegroups.com

Claire Cadman (Jira)

unread,
Feb 5, 2021, 3:45:03 AM2/5/21
to puppe...@googlegroups.com
Claire Cadman updated an issue
 
Change By: Claire Cadman
Labels: doc_reviewed jira_escalated

fjc (Jira)

unread,
Feb 16, 2021, 11:54:03 AM2/16/21
to puppe...@googlegroups.com
fjc commented on Improvement PUP-10857
 
Re: User resource with forcelocal uses getent for groups

Since we deployed 6.21 that includes this change we're seeing two issues:

  • Agent runtime has significantly increased.
  • Every run "changes" the gid for every user:

Notice: Accounts::User[aaa]/User[aaa]/gid: gid changed '100' to 'users' (corrective)
{{Notice: Accounts::User[bbb]/User[bbb]/gid: gid changed '100' to 'users' (corrective) }}
Notice: Accounts::User[ccc]/User[ccc]/gid: gid changed '100' to 'users' (corrective)
{{Notice: Accounts::User[ddd]/User[ddd]/gid: gid changed '100' to 'users' (corrective) }}
Notice: Accounts::User[eee]/User[eee]/gid: gid changed '100' to 'users' (corrective)

 

fjc (Jira)

unread,
Feb 16, 2021, 1:08:03 PM2/16/21
to puppe...@googlegroups.com
fjc commented on Improvement PUP-10857

PUP-10896, excellent, thanks; just ignore the rest for now.

 

Minimal test case:

6.21:

$ puppet apply -e "user { 'aaa': gid => 100, forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.02 seconds
Notice: /Stage[main]/Main/User[aaa]/gid: gid changed '100' to 100
Notice: Applied catalog in 0.73 seconds

$ puppet apply -e "user { 'aaa': gid => '100', forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.02 seconds
Notice: /Stage[main]/Main/User[aaa]/gid: gid changed '100' to 100
Notice: Applied catalog in 0.73 seconds

$ puppet apply -e "user { 'aaa': gid => 'users', forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.02 seconds
Notice: /Stage[main]/Main/User[aaa]/gid: gid changed '100' to 'users'
Notice: Applied catalog in 0.73 seconds

6.20:

$ puppet apply -e "user { 'aaa': gid => 100, forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.01 seconds
Notice: Applied catalog in 0.33 seconds

$ puppet apply -e "user { 'aaa': gid => '100', forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.01 seconds
Notice: Applied catalog in 0.33 seconds

$ puppet apply -e "user { 'aaa': gid => 'users', forcelocal => true }"
Notice: Compiled catalog for [] in environment production in 0.01 seconds
Notice: Applied catalog in 0.33 seconds

Josh Cooper (Jira)

unread,
Feb 16, 2021, 1:49:25 PM2/16/21
to puppe...@googlegroups.com
Josh Cooper commented on Improvement PUP-10857

Agent runtime has significantly increased.

Can you run puppet agent -t --evaltrace --sumarize and see which resources are taking longer? If it's reproducible, please open a new ticket. The one issue I'm aware of in this area is PUP-10856, but that was fixed in 6.21.0.

Every run "changes" the gid for every user:

{quotes}

That's PUP-10896. We'll have new releases out this week to resolve that.
Reply all
Reply to author
Forward
0 new messages