Help,
I have a role that gets applied to a newly installed OS that sets up
basic OS configuration. This role sets up the ldap configuration and
all that works correctly. However, the role also sets the ownership for
some directories and files for a user in ldap. The first run through
fails with an error stating the user does not exist. If I rerun the
role, it will complete successfully.
I even added the resource ‘ohai’ with an action of ‘reload’ to the
recipe and it still doesn’t help. I do not know where to go from here.
Here is an example of the recipe and the error:
Here is the error…
[Wed, 21 Mar 2012 23:12:49 -0400] INFO: Processing
remote_directory[/usr/local/nagios/libexec] action create
(nagios::client line 33)
[Wed, 21 Mar 2012 23:12:49 -0400] INFO:
remote_directory[/usr/local/nagios/libexec] created directory
/usr/local/nagios/libexec
[Wed, 21 Mar 2012 23:12:49 -0400] ERROR:
remote_directory[/usr/local/nagios/libexec] (nagios::client line 33) has
had an error
[Wed, 21 Mar 2012 23:12:49 -0400] ERROR:
remote_directory[/usr/local/nagios/libexec]
(/var/chef/cache/cookbooks/nagios/recipes/client.rb:33:in `from_file’)
had an error:
remote_directory[/usr/local/nagios/libexec] (nagios::client line 33) had
an error: can’t find user for nagacct
Thanks
Randy
From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 7:53 PM
To: chef@lists.opscode.com
Subject: RE: (NOT Fixed!) ldap users (after ldap config) in chef run
Well, I spoke too soon. This is still not working…
From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 4:53 PM
To: chef@lists.opscode.com
Subject: RE: (FIXED!) ldap users (after ldap config) in chef run
I just needed to rerun ohai after configuring ldap…
http://lists.opscode.com/sympa/arc/chef/2010-07/msg00234.html
If you configure ldap for the first time, ohai will not know about
the accounts within that run.
ruby_block “reload_ohai” do
block do
ohai = Ohai::System.new
ohai.all_plugins
node.automatic_attrs = ohai.data
node.save
end
action :nothing
end
…
…
Install the template
template “/etc/ldap.conf” do
source “ldap.conf.erb”
owner “root”
group “root”
mode 0644
notifies :create, resources(:ruby_block => ‘reload_ohai’),
:immediately
end
…
…
(Below is what fails as the user is in ldap)
remote_directory node[‘nagios’][‘plugin_dir’] do
source “plugins”
owner “nagacct”
group “nagacct”
mode 0755
files_mode 0755
purge true
notifies :restart, “service[xinetd]”, :delayed
end
From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 3:22 PM
To: chef@lists.opscode.com
Subject: ldap users (after ldap config) in chef run
I have a base role that configures ldap on the client and cycles the
nscd daemon. Later in that role I try to create some directories
using “owner” and “group” from these ldap accounts. It always fails on
the first pass through. If I run it again, it will work fine.
I suspect that the chef run cannot yet see these accounts until after
the chef run is complete. If I run 'getent passwd | grep account’
right after the chef run, I can indeed see the account.
Anyone have any idea how to deal with ldap account changes within a chef
run? Does ohai need to be rerun in the middle of the run somehow?
Thanks
Randy