On Friday, March 7, 2014 11:38:20 AM UTC-6, Christopher Wood wrote: > > (inline) > > On Fri, Mar 07, 2014 at 09:39:44AM -0600, Kenton Brede wrote: > > I've got a module that installs and configures LDAP for user > > authentication.� I've got another module that creates user > directories and > > another that assigns ssh keys. > > > > Using runstages I force the "ldap" module to run first and the "user" > and > > "ssh_keys" modules to run last. > > LDAP is installed but the exec that creates user directories and the > > ssh_authorized_key type fail since they can't see the LDAP users. > > > > The reason being, I'm assuming, is because when the manifest is > compiled, > > the LDAP users don't exist.� So ssh_authorized_key fails, even if the > LDAP > > user information can be retrieved, by the time the ssh_keys module > runs. > > > > Is there any way around this? > > Sounds like this somewhere top-scope: > > Class['ldap'] -> User <| |> > > So your ldap class would have to be successfully managed before puppet > tries to manage any users. >
That's what the OP attempts to do via run stages. Inasmuch as I don't care much for run stages, though, I do prefer the suggested chaining approach. Nevertheless, if run stages didn't work then chaining probably won't solve the problem either. I'm inclined to suspect a class containment failure; see http://docs.puppetlabs.com/puppet/latest/reference/lang_containment.htmlfor more information. Upon further consideration, though, if it's a containment failure then chaining directly to a User<| |> collector might solve it after all. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f8225371-7b34-492a-bab8-8395caaaecdf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
