4

I have been using this LDAP module for a long time in my Puppet environment. The module uploads these files to the RHEL-servers:

/etc/openldap/openldap.conf
/etc/pam_ldap.conf
/etc/nsswitch.conf
/etc/sssd/sssd.conf
/etc/sysconfig/authconfig
/etc/sudo-ldap.conf
/etc/openldap/cacerts/cacert.pem

After running this, it will run authconfig --updateall and the LDAP will start working. This worked perfectly fine on the RH6.2-servers we have, but RH6.4 gives an issue, while the only difference is an additional FORCELEGACY=YES line.

What can I do about this behaviour? The logical thing seemed to upload the /etc/sysconfig/authconfig file generated by /sbin/authconfig to the Puppetmaster, but it keeps rewriting the /etc/sysconfig/authconfig and all it does it change the order:

[root@rhel-server ~]# puppet agent --test
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/extra_info.rb
Info: Caching catalog for rhel-server.domain.local
Info: Applying configuration version '1379669638'
Notice: /File[/etc/sysconfig/authconfig]/content: 
--- /etc/sysconfig/authconfig   2013-09-20 13:18:24.165303819 +0200
+++ /tmp/puppet-file20130920-17419-lgtzfu-0 2013-09-20 13:44:05.388741384 +0200
@@ -5,22 +5,22 @@
 USESSSDAUTH=no
 USESHADOW=yes
 USEWINBIND=no
+USESSSD=no
 USEDB=no
 FORCELEGACY=yes
 USEFPRINTD=yes
-USEHESIOD=no
 FORCESMARTCARD=no
-PASSWDALGORITHM=md5
 USELDAPAUTH=yes
+USEPASSWDQC=no
 IPAV2NONTP=no
-USELDAP=yes
+USELOCAUTHORIZE=yes
 USECRACKLIB=yes
 USEIPAV2=no
 USEWINBINDAUTH=no
 USESMARTCARD=no
-USELOCAUTHORIZE=yes
+USELDAP=yes
 USENIS=no
 USEKERBEROS=no
 USESYSNETAUTH=no
-USESSSD=no
-USEPASSWDQC=no
+PASSWDALGORITHM=md5
+USEHESIOD=no

Info: FileBucket got a duplicate file {md5}b8bd9dc8120ab4be6b41ac5bb57e1192
Info: /File[/etc/sysconfig/authconfig]: Filebucketed /etc/sysconfig/authconfig to puppet with sum b8bd9dc8120ab4be6b41ac5bb57e1192
Notice: /File[/etc/sysconfig/authconfig]/content: content changed '{md5}b8bd9dc8120ab4be6b41ac5bb57e1192' to '{md5}f1cf038ce9c007f9eefe3b83fb674584'
Info: /File[/etc/sysconfig/authconfig]: Scheduling refresh of Exec[/usr/sbin/authconfig --updateall]
Notice: /Stage[main]/Ldap/Exec[/usr/sbin/authconfig --updateall]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 6.17 seconds
[root@rhel-server ~]#

So it seems no matter the order I have on the Puppetmaster for the authconfig-file, authconfig keeps rewriting it. This has in effect that every Puppet run (30 minutes) Puppet replaces the file and then authconfig changes the order in that file.

How can I solve this issue?

Joseph R.
  • 38,849
  • 7
  • 107
  • 143
ujjain
  • 348
  • 1
  • 6
  • 14

2 Answers2

1

Puppet by nature does not guarantee execution order. If you need to change this, use a before or require statement. 

file {'foo':
  ensure => present,
}

file {'bar':
  ensure => present, 
  require => File['foo'],
}

http://docs.puppetlabs.com/learning/ordering.html

spuder
  • 17,643
  • 36
  • 91
  • 119
0

Request your puppet invocation generate that file with an authconfig, and THEN sort that file to a chk file which puppet THEN checks the sum on. If the order is the only different, the sorted generated file will not change in sum.

user2066657
  • 605
  • 4
  • 20