1

I know how to create a user resource:

user "random" do
  supports :manage_home => true
  comment "Random User"
  uid 1234
  gid "users"
  home "/home/random"
  shell "/bin/bash"
  password "$1$JJsvHslV$szsCjVEroftprNn4JHtDi."
end

But I'm unsure how to use Chef to find a list of all users on a current node. I looked at inspecting node[:users] during a chef-client run, but only node[:current_user] is available to me. Is there a way, in a Chef recipe, to ask if a regular user exists?

I'm in a situation where I shouldn't/can't create users (due to company regulations, but I definitely shouldn't proceed with the installation of other things defined in my cookbook unless xyz users already exist.)

Jacques Betancourt
  • 2,652
  • 3
  • 18
  • 19

4 Answers4

10

Ohai queries the users on the system for you:

if node['etc']['passwd']['random']
  # Do deploy
end
coderanger
  • 52,400
  • 4
  • 52
  • 75
  • 1
    That works only for local accounts, but if the accounts are managed by LDAP or AD the above does not hold. I would recommend using: – SorinS Sep 02 '15 at 09:50
  • 1
    If your `nsswitch.conf` is aimed at LDAP this will work modulo the usual problem that a running process can't see changes to that file because it is cached deep in libc. If you force the Chef process to restart after making nsswitch changes, ohai will work as expected. – coderanger Sep 06 '15 at 07:47
  • It does not work on my machines using vas to authenticate against AD. – SorinS Dec 09 '15 at 17:16
  • I have no idea what vas is, but if it uses an nsswitch module then this will work. – coderanger Dec 09 '15 at 19:03
  • This works in kitchen, but for some servers in prod this fails with `undefined method '[]' for nil:NilClass`. Any idea why? – Tom Klino Mar 06 '17 at 17:21
2

That works only for local accounts, but if the accounts are managed by LDAP or AD the above does not hold. I would recommend using:

"getent group #{mygroup}" 
"getent passwd #{myuser}"

in a ruby block.

SorinS
  • 180
  • 1
  • 12
  • This is the same thing as Ohai does internally (except it uses the APIs directly). – coderanger Dec 09 '15 at 19:03
  • ^ With the major caveat that Ohai won't see any change after nsswitch modifications until the next Chef run (even if the recipe issues a reload to an ohai resource). So if you need to be able to retrieve user/group info for users that may have become visible after nsswitch changes that occurred in the current run without waiting for or invoking a second run, then shelling out to getent (at converge time, not compile time) may be the only viable option. – Brian Cline Dec 21 '21 at 16:57
0

I was getting the same undefined method '[]' for nil:NilClass error message as Tom Klino. I suspect that those having trouble with coderanger's solution have disabled the passwd Ohai plugin.

It is very common for those of us with large directory environments to disable the passwd plugin in client.rb to avoid the 413 error ("Request Entity Too Large") when the client report runs. Check /etc/chef/client.rb for:

ohai.disabled_plugins [:Passwd]

With this plugin disabled, node['etc']['passwd'] is unavailable to your recipes, hence the error. In my environment, re-enabling the plugin fixes this error.

user1653263
  • 1
  • 1
-1

This does not work, if accounts are not local:

if node['etc']['passwd']['random']
  # Do deploy
end

I've got "passwd: files sss" in my nsswitch.conf, as the accounts are in IPA. I guess only the solution from SorinS works.

cs95
  • 379,657
  • 97
  • 704
  • 746
alexs77
  • 1
  • 1