Re: [Puppet Users] Active Directory join, stages, and AD accounts issues
On Fri, Feb 11, 2011 at 12:01, Nigel Kersten wrote: > On Fri, Feb 11, 2011 at 11:52 AM, Monkeys Typing > wrote: […] >> I have an exec in my samba module to join the new servers to the >> domain, a simple "net ads join -U adminaccount". >> >> I see during --test runs, that the joindomain exec is scheduled to run >> after the smb and krb5 files are puppettized. Then way at the end of >> my run I see puppet attempting to create my user folders, but it is >> giving errors stating that the users do not exist. However, as soon >> as the catalog run finishes, the AD users are indeed recognized by id >> . >> >> A second run of puppet completes with no issues. >> >> What am I missing to make sure that the AD user folders class is not >> attempted before the join has happened? > > One thing that wasn't quite clear was whether in the logs you've > verified that the exec is actually run after the user folders class. > ie whether this is a puppet ordering problem, or a lag on the node > between joining and the users being accessible. ...or the puppet agent failing because it cached the user list, and didn't recheck, which bit me years back but may still be lurking. Can we see the error messages from puppet and, ideally, the bits of the manifest in question? Regards, daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Active Directory join, stages, and AD accounts issues
On Fri, Feb 11, 2011 at 11:52 AM, Monkeys Typing wrote: > I have a mostly working set of modules to replace our kickstart and > about a dozen scripts. > > I am having issues with attempting to populate my AD account-owned > user folders in the initial puppet run. The machines i am testing > with are all CentOS 5.5 so far. > > I have defined 3 additional stages, > Stage [init] -> Stage [pre] -> Stage [main] -> Stage [post] > to attempt to fix this to no avail. I have my Samba class defined in > pre, with my "make ad prod user folders" class defined in post. I am > also managing my ldap.conf, system-auth-ac, nsswitch.conf all in the > initial stages. > > I have an exec in my samba module to join the new servers to the > domain, a simple "net ads join -U adminaccount". > > I see during --test runs, that the joindomain exec is scheduled to run > after the smb and krb5 files are puppettized. Then way at the end of > my run I see puppet attempting to create my user folders, but it is > giving errors stating that the users do not exist. However, as soon > as the catalog run finishes, the AD users are indeed recognized by id > . > > A second run of puppet completes with no issues. > > What am I missing to make sure that the AD user folders class is not > attempted before the join has happened? One thing that wasn't quite clear was whether in the logs you've verified that the exec is actually run after the user folders class. ie whether this is a puppet ordering problem, or a lag on the node between joining and the users being accessible. > > Thanks, > > Jim Goddard > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Active Directory join, stages, and AD accounts issues
I have a mostly working set of modules to replace our kickstart and about a dozen scripts. I am having issues with attempting to populate my AD account-owned user folders in the initial puppet run. The machines i am testing with are all CentOS 5.5 so far. I have defined 3 additional stages, Stage [init] -> Stage [pre] -> Stage [main] -> Stage [post] to attempt to fix this to no avail. I have my Samba class defined in pre, with my "make ad prod user folders" class defined in post. I am also managing my ldap.conf, system-auth-ac, nsswitch.conf all in the initial stages. I have an exec in my samba module to join the new servers to the domain, a simple "net ads join -U adminaccount". I see during --test runs, that the joindomain exec is scheduled to run after the smb and krb5 files are puppettized. Then way at the end of my run I see puppet attempting to create my user folders, but it is giving errors stating that the users do not exist. However, as soon as the catalog run finishes, the AD users are indeed recognized by id . A second run of puppet completes with no issues. What am I missing to make sure that the AD user folders class is not attempted before the join has happened? Thanks, Jim Goddard -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
