Issue #11111 has been updated by Daniel Pittman.
Steve Shipway wrote: > The problem occurs with both a long-running daemon, and if I run from the > command line (puppet agent -t). I've tried restarting the daemon a few > times, too, though that doesn't fix it. Thanks. That helps confirm my expectation that... > The problem is not that the user exists and puppet is unable to delete it, > but more that the user DOESNT exist, and puppet THINKS it does, so tries to > delete it (and fails because it doesnt exist...) ...this is a problem with the NSS portion of your C library. Puppet delegates directly to the `get*nam` family of functions to determine if the named entity exists. In your case the system is convinced that it does - and by validating that this occurs even if you restart the Puppet agent, or run it on the command line, you confirmed that it isn't cached inside the Puppet process. (Technically, we delegate to `get*nam` in the Ruby `Etc` module, but that doesn't do much beyond delegate to NSS as far as I know.) > The 'steves' user doesn't exist anywhere that I can see, and all the OS > commands (adduser, deluser, usermod etc) all agree the file is fine and the > user doesnt exist. I would not count this as a corrupt file. However puppet > seems to think that it does, but only when there is no terminating newline > in the file. libc does; the external tools you reference presumably manipulate the databases directly (which is reasonable, because libc / POSIX have no standard *write* operations for these databases), and their implementation behaves differently. I wonder if `no-such-user` would also be considered valid by Puppet when this problem was in place. :) > Since the passwd file is only manipulated by OS tools this could well happen > other times. I believe that puppet should correctly handle this, and > certainly default to 'user does not exist' rather than 'user exists'. We trust the NSS portion of the OS, because we pretty much have to: anything else will miss users that exist out of, eg, LDAP or other data sources configured in the NSS. ---------------------------------------- Bug #11111: Puppet incorrectly thinks user exists when it does not https://projects.puppetlabs.com/issues/11111 Author: Steve Shipway Status: Unreviewed Priority: Normal Assignee: Category: agent Target version: Affected Puppet version: 2.7.6 Keywords: Branch: I have a normal resource definition to ensure the user 'steves' does not exist. On one puppet client, even though the user definitely does not exist, puppet still tries to remove it giving this error: change from present to absent failed: Could not delete user steves: Execution of '/usr/sbin/userdel steves' returned 6: userdel: user steves does not exist user { steves: ensure=>absent; } Why is the puppet agent still trying to delete the user when it definitely is not there? I have checked /etc/shadow, /etc/passwd and /etc/group and it is not mentioned in any of them. This also affects another user, but not every one! I have a list of about six that are deleted if found on all hosts, but on this host only two of them result in this error. Puppet agent is running on Linux RHEL5 32bit. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
