Bug #3151
Puppet (or ruby-ldap) caches (atleast) ldap group data
| Status: | Needs More Information | Start date: | 02/04/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | LDAP | |||
| Target version: | - | |||
| Affected Puppet version: | 0.24.8 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
If the LDAP server is changed out during puppet runs (or if the underlying LDAP host modifies group data) puppet seems confused by this and reports errors. Restarting puppet corrects the issue but since the LDAP changes can affect dozens of puppet clients simultaneously, restarting each of the puppet clients is tedious.
Errors are similar to “could not change group id from 1000 to 1000” are often seen in the logs when this situation arises.
History
Updated by James Turnbull over 2 years ago
- Category set to LDAP
- Status changed from Unreviewed to Needs More Information
Can you provide a bit more information and logs on your configuration and the resulting errors?
Updated by Phil Schwartz over 2 years ago
In the puppetmaster.log:
Fri Feb 19 01:51:24 -0800 2010 //base/virt_users/User[broker]/gid (err): change from 2020 to 2020 failed: Could not find group(s) 2020 at /etc/puppet/modules/base/manifests/virt_users.pp:12
From virt_users.pp:
@user { "foo":
uid => 2020,
gid => 2020,
comment => "foo",
home => "/home/foo",
shell => "/bin/bash",
password => "foo_password_hash",
ensure => present,
allowdupe => false,
}
Our nodes are imported via an external script. This scenario is currently occurring but our puppet clients are set to restart tonight (via logrotate) so if you require additional information can you request it ASAP since the puppet restart will fix the error state.