Well, I spoke too soon. This is still not working…
From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 4:53 PM
To: chef@lists.opscode.com
Subject: RE: (FIXED!) ldap users (after ldap config) in chef run
I just needed to rerun ohai after configuring ldap…
http://lists.opscode.com/sympa/arc/chef/2010-07/msg00234.html
If you configure ldap for the first time, ohai will not know about
the accounts within that run.
ruby_block “reload_ohai” do
block do
ohai = Ohai::System.new
ohai.all_plugins
node.automatic_attrs = ohai.data
node.save
end
action :nothing
end
…
…
Install the template
template “/etc/ldap.conf” do
source “ldap.conf.erb”
owner “root”
group “root”
mode 0644
notifies :create, resources(:ruby_block => ‘reload_ohai’),
:immediately
end
…
…
(Below is what fails as the user is in ldap)
remote_directory node[‘nagios’][‘plugin_dir’] do
source “plugins”
owner “nagacct”
group “nagacct”
mode 0755
files_mode 0755
purge true
notifies :restart, “service[xinetd]”, :delayed
end
From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 3:22 PM
To: chef@lists.opscode.com
Subject: ldap users (after ldap config) in chef run
I have a base role that configures ldap on the client and cycles the
nscd daemon. Later in that role I try to create some directories
using “owner” and “group” from these ldap accounts. It always fails on
the first pass through. If I run it again, it will work fine.
I suspect that the chef run cannot yet see these accounts until after
the chef run is complete. If I run 'getent passwd | grep account’
right after the chef run, I can indeed see the account.
Anyone have any idea how to deal with ldap account changes within a chef
run? Does ohai need to be rerun in the middle of the run somehow?
Thanks
Randy