I don't have knife, I'm using chef-solo. Should've mentioned this, sorry
Well, but, no. For local users, ohai seems usable (→ "And "
node['etc']['passwd']['local']" is not nil.").
node['etc']['passwd']['root'] returns "something".
But for not local users (which are in sssd), ohai doesn't seem to work. As
I said, for users stored in IPA, I get "nil" (→ "But "
node['etc']['passwd']['ask']" is "nil""), when I check
node['etc']['passwd']['ipa-username'].
What's the correct way to check if a user exists, if the user isn't local?
I know that Ohai includes external sources because it’s a very common for
people with LDAP enabled to disable that particular Ohai plugin (since by
default it’ll load your whole directory and store it in the node data).
There is, however, an issue when nsswitch changes after the Chef run has
started. Because of a limitation in the underlying C library, those changes
don’t get picked up by already running processes. ( https://tickets.opscode.com/browse/CHEF-3780) Perhaps that’s your issue
here?
I don't have knife, I'm using chef-solo. Should've mentioned this, sorry
Well, but, no. For local users, ohai seems usable (→ "And "
node['etc']['passwd']['local']" is not nil.").
node['etc']['passwd']['root'] returns "something".
But for not local users (which are in sssd), ohai doesn't seem to work. As
I said, for users stored in IPA, I get "nil" (→ "But "
node['etc']['passwd']['ask']" is "nil""), when I check
node['etc']['passwd']['ipa-username'].
What's the correct way to check if a user exists, if the user isn't local?
I know that Ohai includes external sources because it’s a very common for
people with LDAP enabled to disable that particular Ohai plugin (since by
default it’ll load your whole directory and store it in the node data).
There is, however, an issue when nsswitch changes after the Chef run
has started. Because of a limitation in the underlying C library, those
changes don’t get picked up by already running processes. ( https://tickets.opscode.com/browse/CHEF-3780) Perhaps that’s your issue
here?
I don't have knife, I'm using chef-solo. Should've mentioned this, sorry
Well, but, no. For local users, ohai seems usable (→ "And "
node['etc']['passwd']['local']" is not nil.").
node['etc']['passwd']['root'] returns "something".
But for not local users (which are in sssd), ohai doesn't seem to work.
As I said, for users stored in IPA, I get "nil" (→ "But "
node['etc']['passwd']['ask']" is "nil""), when I check
node['etc']['passwd']['ipa-username'].
What's the correct way to check if a user exists, if the user isn't local?
That is from IPA. But Ohai doesn't. I suppose it is because eg. "getent
passwd" (no further arguments) also doesn't list ALL accounts. "getent
passwd foo" returns the data for the user "foo", even if it is in IPA (or
sss, for that matter).
I'm not changing nsswitch after the chef run has started.
I know that Ohai includes external sources because it’s a very common for
people with LDAP enabled to disable that particular Ohai plugin (since by
default it’ll load your whole directory and store it in the node data).
There is, however, an issue when nsswitch changes after the Chef run
has started. Because of a limitation in the underlying C library, those
changes don’t get picked up by already running processes. ( https://tickets.opscode.com/browse/CHEF-3780) Perhaps that’s your issue
here?
I don't have knife, I'm using chef-solo. Should've mentioned this, sorry
Well, but, no. For local users, ohai seems usable (→ "And "
node['etc']['passwd']['local']" is not nil.").
node['etc']['passwd']['root'] returns "something".
But for not local users (which are in sssd), ohai doesn't seem to work.
As I said, for users stored in IPA, I get "nil" (→ "But "
node['etc']['passwd']['ask']" is "nil""), when I check
node['etc']['passwd']['ipa-username'].
What's the correct way to check if a user exists, if the user isn't local?
Ohai does not list every SSS user/group in the ['etc']['passwd'] or
['group'] section. That's why I'm asking I tried this:
"ask" is stored in IPA; "example-does-not-exist" is a non-existant account;
"local" is a user from /etc/passwd.
But "node['etc']['passwd']['ask']" is "nil". And "
node['etc']['passwd']['local']" is not nil.
I now have it so, that I put all the things which require IPA in "abc-ipa"
recipes. And if IPA isn't available, I'm removing those recipes from the
run list:
ruby_block 'Entferne -ipa recipes von der run list, falls IPA noch NICHT
initialisiert wurde' do
block do
node.run_list.each do |run_list_item|
node.run_list.remove(run_list_item) if run_list_item.end_with?
"-ipa"
end # of node.run_list.each do |run_list_item|
end
# check if a user can be found, which only exists in IPA
not_if "getent passwd _ipa-check"
end # of ruby_block 'Entferne -ipa recipes von der run list, falls IPA noch
NICHT initialisiert wurde' do
I know that Ohai includes external sources because it’s a very common for
people with LDAP enabled to disable that particular Ohai plugin (since by
default it’ll load your whole directory and store it in the node data).
There is, however, an issue when nsswitch changes after the Chef run
has started. Because of a limitation in the underlying C library, those
changes don’t get picked up by already running processes. ( https://tickets.opscode.com/browse/CHEF-3780) Perhaps that’s your issue
here?
I don't have knife, I'm using chef-solo. Should've mentioned this, sorry
Well, but, no. For local users, ohai seems usable (→ "And "
node['etc']['passwd']['local']" is not nil.").
node['etc']['passwd']['root'] returns "something".
But for not local users (which are in sssd), ohai doesn't seem to work.
As I said, for users stored in IPA, I get "nil" (→ "But "
node['etc']['passwd']['ask']" is "nil""), when I check
node['etc']['passwd']['ipa-username'].
What's the correct way to check if a user exists, if the user isn't
local?
I tried this: