Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Josh Cooper updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Josh Cooper Fix Version/s: PUP 5.y Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.28357.1394483936000.62184.1589419320255%40Atlassian.JIRA.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Josh Cooper commented on PUP-1913 Re: Puppet user resource should respect the forcelocal option The functionality described in this ticket was implemented (see PUP-8470, PUP-9195, PUP-10169), so I'm closing this ticket. Please reopen if something is missing. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.28357.1394483936000.48848.1588090500060%40Atlassian.JIRA.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Josh Cooper commented on PUP-1913 Re: Puppet user resource should respect the forcelocal option Can this be closed now that PUP-8470, PUP-9195, PUP-10169 have been implemented? Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.28357.1394483936000.14388.1584463500062%40Atlassian.JIRA.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Branan Riley updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Branan Riley Labels: customer ldap manage-user-group redmine triaged type_and_provider user Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title
Stefan Förster commented on PUP-1913
Re: Puppet user resource should respect the forcelocal option
With forcelocal => true adding a user with expiry => absent will not only trigger usage of the "wrong" commands, but also a usage error on CentOS 6:
Notice: /Stage[main]/Access/Access::Account[testuser]/File[/etc/ssh/authorized_keys.sftp.d/testuser]/ensure: defined content as '{md5}f67ab78e2b49dfcd6a5d4cc9b69749e8'
Debug: /Stage[main]/Access/Access::Account[testuser]/File[/etc/ssh/authorized_keys.sftp.d/testuser]: The container Access::Account[testuser] will propagate my refresh event
Debug: Executing: '/usr/sbin/luseradd -c F-I Fonddurchschau (bayn, production) -g sftp -d /home/testuser -p !! -s /sbin/nologin -u 18048 testuser'
Debug: Executing: '/usr/sbin/usermod -G testuser'
Debug: Executing: '/usr/sbin/lusermod -e testuser'
Error: Could not set expiry on user[testuser]: Execution of '/usr/sbin/lusermod -e testuser' returned 1: Error parsing arguments: unknown option.
Usage: lusermod [-imLU?] [-i|--interactive] [-c|--gecos STRING]
[-d|--directory STRING] [-m|--movedirectory] [-s|--shell STRING]
[-u|--uid NUM] [-g|--gid NUM] [-l|--login STRING]
[-P|--plainpassword STRING] [-p|--password STRING] [-L|--lock]
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Geoff Nichols Labels: customer ldap manage-user-group redmine type_and_provider Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title
Adam Bottchen commented on PUP-1913
Re: Puppet user resource should respect the forcelocal option
Karthikeyan Kanagaraj The resource you outlined:
user { 'oracle': ensure => present, uid => '10', gid => '1002', groups => 'dba', expiry => absent, allowdupe => true, home => '/app/oracle', forcelocal => true, shell => '/usr/bin/ksh', }
is instructing Puppet to add the oracle user to the supplementary group "dba" and to set an infinite expiration. Unfortunately the lusermod command does not support adding users to supplementary groups or setting account expiry dates, only useradd supports those commands. In order to update the user provider to handle those cases, we would need the OS supplied tools to support them.
Add Comment
This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at https://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Owen Rodabaugh updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Owen Rodabaugh CS Priority: Needs Priority Reviewed Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Owen Rodabaugh commented on PUP-1913 Re: Puppet user resource should respect the forcelocal option We reviewed this in CS Triage and have concerns on expanding the provider to handle forcelocal on OSs which do not offer the luseradd commands which forcelocal relies on. This would require the provider to manipulate the etc/shadow, etc/passwd, etc/user, etc/group which is very risky. Forcelocal does work on distributions with the luser* commands. We've seen other cases(SLES pulling in an OpenSUSE package) where users were able to add the libuser package to get this to work. Instead we would recommend updating the documentation to more clearly spell this out and also maybe elevating the debug message about forcelocal to warning level so that the reasons behind this not working are more clear. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Halim Wijaya updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Halim Wijaya CS Priority: Needs Priority Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Moses Mendoza Labels: customer manage-user-group redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title John Duarte updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: John Duarte Labels: customer manage-user-group redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Geoff Nichols Sprint: Agent Grooming On-Deck Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Geoff Nichols Sprint: Agent Grooming On-Deck Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Geoff Nichols Sprint: Agent Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Geoff Nichols Fix Version/s: PUP 5.y Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Moses Mendoza Labels: customer manage-user-group redmine Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title
Agustin commented on PUP-1913
Re: Puppet user resource should respect the forcelocal option
I am seeing some strange behavior when using forge module kyleanderson/consul for instance.
I have authenticaion via pam with ldap. The module creates ok the local user, but when it runs again and all subsequent runs, take 60 more seconds than before. It used to take 4 secs the whole run, but as the consul module tries to eval the User consul, it seems it searches in my entire ldap and takes 60 seconds more. I put on my site.pp to default to User { forcelocal => true }
but no luck. It still wastes 60 seconds on User.
Package: 1.75 Last run: 1467731830 User: 51.14 Config retrieval: 6.60 Total: 61.44 Version: Config: 1467731750 Puppet: 4.5.2
How can i help? Cheers!
Add Comment
This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at https://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Josh Cooper updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Josh Cooper Sprint: Client 2016-04-20 (Bigga Bugs) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Kylo Ginsberg updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Kylo Ginsberg Sprint: Client 2016-04-20 (Bigga Bugs) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Kylo Ginsberg updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Kylo Ginsberg Scrum Team: Client Platform Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Bob Vincent updated an issue Puppet / PUP-1913 Puppet user resource should respect the forcelocal option Change By: Bob Vincent Summary: Puppet user resource should read only from local databases respect the forcelocal option Currently, the puppet user type uses `getent` to get information about user resources.The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, which are not actually managed by Puppet.This can cause Puppet to think and will report that a user is in a local group, or exists even when it does not exist *locally* (as an entry in /etc/passwd and/or a local group, when the opposite is true. directory in /home/$username) - This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only. - Puppet uses luseradd/etc in an LDAP environment, but should switch to useradd/etc when "forcelocal" is true.Puppet 's user type should have some way of examining /modifying only local users and groups , to check if something when the forcelocal option is currently true /present/etc . Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)
Jira (PUP-1913) Puppet user resource should respect the forcelocal option
Title: Message Title Sean Millichamp commented on PUP-1913 Re: Puppet user resource should respect the forcelocal option Unless I am misunderstanding something, user enumeration via the provider instances method (used by the resource type for purging, for example) is invoked at a point where the forcelocal option won't be seen/honored, even if set as a global resource default. So, focusing on forcelocal really misses a large part of this. The real fix needs to be in instances and how the users are enumerated. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
