On Monday, March 10, 2014 4:59:38 PM UTC-5, Christopher Wood wrote: > > [...] > > I think you've found something interesting, namely that puppet/ruby itself > appears to be not using your new ldap configuration inside of a single > agent run process. It does work to break out ldap configuration and > everything else into two agent runs. This implies that something about name > lookups is being read when puppet starts, and then sticks around until the > end of the child process. (I could just be rhubarbing on.) > >
Indeed, this feels like a libc issue. I would have no problem whatsoever believing that the name service switch configuration is read just once, when the program loads, that modules not then available are not used, and that changes to the config made after program startup are not seen by that instance of the program. In fact, although I can't find docs at the moment, my comments are partially informed by a vague (possibly erroneous) recollection that NSS works exactly that way. That might produce particularly confusing results with Puppet, because Puppet performs such a mix of forking external programs for some tasks and using in-process Ruby for other tasks -- the former type of tasks would likely see the NSS changes, but the latter wouldn't. > If you recreationally wanted to see what gives and maybe file a bug > report, you could compare two sets of puppet/nslcd strace/ltrace: > > a) agent run in the original form, ldap+users in the same run > b) agent run in the second form as below > > Also, if nscd is running, uninstalling it will provide more clarity in > troubleshooting. > > Yes, nscd can muddle the waters, but you should be able to get away with just turning it off. It's especially pesky, though, so whether you turn it off or remove it altogether you may need to reboot to completely clear it out. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/67e5099c-b4b3-40ad-91fe-10b1e106faa9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
