Its just using the Ruby Etc library to do the lookup according to
puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a
feature request if you want this support.
You can work around this by using something like:
$username = "bob"
ssh_authorized_key { "keyfor-${username}":
key => "...",
target => "/user/home/dirs/${username}/.ssh/authorized_keys",
}
The issue being you need prior knowledge of path to the key. You can
glean this by producing a fact that uses something like 'getent'
instead of /etc/passwd - but this is less then optimal.
ken.
On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons <nat...@livemocha.com> wrote:
> I'm wondering if the User provider has the capability to look up accounts
> via NIS. It's been a long time since I've used NIS, however, so I don't know
> if this is the problem for sure.
> --
> Nathan Clemons
> http://www.livemocha.com
> The worlds largest online language learning community
>
>
> On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk
> <andreas.kuntz...@mdc-berlin.de> wrote:
>>
>> I'm wondering if my description was not clear enough or nobody knows an
>> answer to this. Did I stumble across a bug here and should open a ticket?
>>
>> regards, Andreas
>>
>> Andreas Kuntzagk wrote:
>>>
>>> Hi,
>>>
>>> I have this resource definition:
>>>
>>> ssh_authorized_key { "nagios@login2":
>>> key => [REDACTED]
>>> user => "nagios",
>>> type => "ssh-dss",
>>> require => Service['nis'],
>>> }
>>>
>>> This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by
>>> puppet and configured before the key. I still get an "User does not exist".
>>>
>>> daemon.log:
>>> ...
>>> Jun 17 14:00:57 node016 puppet-agent[1109]:
>>> (/Stage[main]/All/File[/localhome/nagios/]/ensure) created
>>> Jun 17 14:12:53 node016 puppet-agent[1109]:
>>> (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
>>> Jun 17 14:15:14 node016 puppet-agent[1109]:
>>> (/Stage[main]//File[/etc/idmapd.conf]/content) content changed
>>> '{md5}3e94f238294cc61b047e7ae50115dffc' to
>>> '{md5}6d9c69f38eca81ab0f879c2771d5d543'
>>> Jun 17 14:15:14 node016 puppet-agent[1109]:
>>> (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
>>> Jun 17 14:15:14 node016 puppet-agent[1109]:
>>> (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events
>>> Jun 17 14:15:41 node016 puppet-agent[1109]:
>>> (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
>>> '{md5}9c23d37f431c0788c212d3c0ab8a48af'
>>> Jun 17 14:15:58 node016 puppet-agent[1109]:
>>> (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
>>> 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' >> '/etc/sudoers']/returns)
>>> executed su
>>> ccessfully
>>> Jun 17 14:17:03 node016 puppet-agent[1109]:
>>> (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest'
>>> Jun 17 14:17:39 node016 puppet-agent[1109]:
>>> (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
>>> '{md5}295c15c4bdac80e50b37689ef08f359c' to
>>> '{md5}250a1851aec43bcc5f73e8a01b2141bd'
>>> Jun 17 14:17:43 node016 puppet-agent[1109]:
>>> (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events
>>> Jun 17 14:17:50 node016 puppet-agent[1109]:
>>> (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
>>> Jun 17 14:17:50 node016 puppet-agent[1109]:
>>> (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
>>> 'nagios' does not exist
>>> Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
>>> Ssh_authorized_key[nagios@login2] has failures: true
>>> ...
>>>
>>> This is Ubuntu 10.04 with puppet 2.6.8
>>>
>>> regards, Andreas
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
