Hi sssd-users,

i'm using SSSD for the auth on our compute clusters - about 130 nodes in total. The installation is done by Foreman and Puppet. Most of our clusters are on CentOS 7.3 and we are planning to upgrade to 7.4 by reinstall all nodes.

Here is my question:

In my puppet scripts i'm not able to change the group of a specific folder from local group to a netgroup. Even if i successfully call "getent group g_netgroup" before - my puppet module is trowing an error.

Can i change this particular behavior?

Error message:

notice	/Stage[main]/Puppet_urzzfs/Exec[checkgroup]/returns	executed successfully
err	Puppet	Could not set 'directory' on ensure: Could not find group g_urz_bigdata at /etc/puppetlabs/code/environments/production/modules/puppet_urzzfs/manifests/init.pp:73

Puppet call:

exec {'checkgroup':
    command => 'getent group g_urz_bigdata',
    unless => 'getfacl /scratch_zfsvol | grep g_urz_bigdata',
    require => File['/etc/sysconfig/modules/zfs.modules'],
    notify => File[$mount_point],
}

file { $mount_point:
    ensure => 'directory',
    owner   => 'root',
    group   => 'g_urz_bigdata',
    mode    => '0775',
    require => Exec['checkgroup'],
    notify => Exec['LoadZFSmodule'],
}

sssd.conf:

[sssd]
config_file_version = 2
services = nss, pam
domains = mydomain
debug_level = 3
[domain/mydomain]
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_schema = ad
krb5_realm = MYDOMAIN
ignore_group_members = true
ad_server = mydomainadserver
cache_credentials = true
ad_domain = mydomain
default_shell = /bin/bash
use_fully_qualified_names = false
fallback_homedir = /home/%d/%u
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600
ad_gpo_cache_timeout = 5
debug_level = 3

Thanks in advance and Merry Christmas,

Vadim

-- 
Vadim Bulst

Universität Leipzig / URZ
04109  Leipzig, Augustusplatz 10

phone: +49-341-97-33380
mail:    vadim.bulst@uni-leipzig.de