puppet-accounts icon indicating copy to clipboard operation
puppet-accounts copied to clipboard

Published 20 hours ago verified publisher icon deric

Solaris support

Open deric opened this issue 8 years ago • 4 comments

Support group management on Solaris, which doesn't have gpasswd.

deric avatar Jan 12 '17 07:01 deric

Thanks to open enhancement! Just a question, why you don't use directly usermod instead of gpasswd? usermod is on whole Linux/Unix system, and you can manage group of users whit it. On Solaris I need to modify the gpasswd.rb (I'm not an Ruby expert...) to use like this:

  • Change primary group of user foo to group bob usermod -g bob foo
  • Add user foo to only group bob usermod -G bob foo
  • Remove all secondary group of user foo usermod -G '' foo
  • Setup all groups to user foo usermod -G bob,other,postgres,X foo

I'll change the ruby code, I need call whole groups for a specific user.

redno2 avatar Jan 18 '17 09:01 redno2

Good question. If I recall it correctly the original motivation was to replace group management functionality which isn't really working in Puppet. I found an alternative implementation of group management and from that I started verifying if something like that would actually work. I ended up using gpasswd and it seems to be working. There was no reason to replace it.

Anyway we have an API and the underlying implementation could be changed or there might use different commands for each platform. The puppet's implementation also doesn't support all features on Solaris. The hardest part is testing and making sure that a small change won't break existing installations.

Solaris uses different kernel than other Linux distributions, thus we can't use automated Docker tests. Probably using VirtualBox will be necessary.

deric avatar Jan 18 '17 10:01 deric

@redno2 I've refactored group provider to work with usermod. The effort is currently tracked in 1.6 branch.

The problematic part is ensuring explicit members of a given group. This is nice:

usermod -G bob,other,postgres,X foo

but the management currently works in an inverse way. For given group e.g. postgres set all members. Which I don't know how to do with usermod without generating too many unnecessary changes.

deric avatar Jun 02 '17 10:06 deric

Btw. according to Puppet docs on Solaris provider user_role_add is used. Best solution would be not to override provider and just use provider shipped with Puppet.

deric avatar Jun 04 '17 10:06 deric