On 09/07/2014 04:12 AM, Matthew Monaco wrote:
> Hello,
>
> Puppet-3.6 here, although I think this has been bothering me since 3.4 or 3.5.
> (Waiting on PUP-3190 for 3.7). I have this seemingly innocuous class:
>
> -------------8<------------------------------------------
> class ldap::slapd::nssov {
>
> include ldap::slapd::rfc2307bis
>
> # FIXME
> file_line {"/etc/default/slapd::eww":
> path => "/etc/default/slapd",
> line => "mkdir -p /var/run/nslcd ;
> chown openldap:openldap /var/run/nslcd",
> require => Package["slapd"],
> notify => Service["slapd"],
> }
>
> package {["libnss-ldapd", "libpam-ldapd", "ldap-auth-config"]:
> ensure => installed,
> }
> package {["nscd", "libnss-ldap", "libpam-ldap"]:
> ensure => purged,
> }
>
> service {"nslcd":
> ensure => stopped,
> enable => false,
> require => Package["libnss-ldapd"],
> }
>
> if !($ldap_nss_passwd and $ldap_nss_shadow and $ldap_nss_group) {
> exec {"auth-client-config -t nss -p lac_ldap":
> require => Package["ldap-auth-config"],
> }
> }
> }
> -------------8<------------------------------------------
>
> Without fail, Exec["auth-client-config -t nss -p lac_ldap"] is executing
> before
> Package["ldap-auth-config"]. I don't have issues like this anywhere else, so
> what am I missing?
>
> It shouldn't matter because the Exec is indeed part of the catalog, but
> $ldap_nss_{passwd,shadow,group} are boolean facts, I have stringify turned
> off.
>
> Thanks!
> I figure it out. Purging libnss-ldap was removing ldap-auth-config after puppet had already determined the latter was installed. I just added some ordering dependencies and it works properly now.
signature.asc
Description: OpenPGP digital signature
