RE: (NOT Fixed!) ldap users (after ldap config) in chef run


#1

Well, I spoke too soon. This is still not working…

From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 4:53 PM
To: chef@lists.opscode.com
Subject: RE: (FIXED!) ldap users (after ldap config) in chef run

I just needed to rerun ohai after configuring ldap…

http://lists.opscode.com/sympa/arc/chef/2010-07/msg00234.html

If you configure ldap for the first time, ohai will not know about

the accounts within that run.

ruby_block “reload_ohai” do

block do

ohai = Ohai::System.new

ohai.all_plugins

node.automatic_attrs = ohai.data

node.save

end

action :nothing

end

Install the template

template “/etc/ldap.conf” do

source “ldap.conf.erb”

owner “root”

group “root”

mode 0644

notifies :create, resources(:ruby_block => ‘reload_ohai’),
:immediately

end

(Below is what fails as the user is in ldap)

remote_directory node[‘nagios’][‘plugin_dir’] do

source “plugins”

owner “nagacct”

group “nagacct”

mode 0755

files_mode 0755

purge true

notifies :restart, “service[xinetd]”, :delayed

end

From: Van Fossan,Randy
Sent: Wednesday, March 21, 2012 3:22 PM
To: chef@lists.opscode.com
Subject: ldap users (after ldap config) in chef run

I have a base role that configures ldap on the client and cycles the
nscd daemon. Later in that role I try to create some directories
using “owner” and “group” from these ldap accounts. It always fails on
the first pass through. If I run it again, it will work fine.

I suspect that the chef run cannot yet see these accounts until after
the chef run is complete. If I run 'getent passwd | grep account’
right after the chef run, I can indeed see the account.

Anyone have any idea how to deal with ldap account changes within a chef
run? Does ohai need to be rerun in the middle of the run somehow?

Thanks

Randy