Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Ohai resource: reloading a specific plugin which is marked as "optional" is ignored #8838
Running the example from https://docs.chef.io/resource_ohai.html fails with chef-client >= 14.
Tested with 15.2.20 and 14.13.11
Create a cookbook with a recipe containing the example code from the ohai resource. On the first run, when the new user is actually created, the ruby code block fails. With 13.12.14 the code runs without error.
That looks like a glibc caching issue, this is probably not fixable without reimplementing Etc.getpwnam to bypass glibc (and thereby NSS, NIS, LDAP, etc). You can look at your NSS settings and if you're using nscd or not and try to tweak things to remove the caching, but this is probably a dup of #3552 or #3100 or related issues like #2894 or #4829.
@lamont-granquist all those other issues are pretty old and don't look related to me. Note that the code works fine with chef-client < 14, simply by downgrading the chef pkg on the same machine, so it certainly looks to be fixable within chef-client code. FWIW
Finally, even if this turned out to be an unavoidable issue in what I think is a pretty common environment, IMO that should be noted in the corresponding documentation.
More debugging shows that the reload does work when I remove the
After reading the code, it seems that this is caused by this patch chef/ohai@48c29a3 , which marks the passwd plugin as optional and thus not triggered by the reload action, which according to the debug output is executed with
The passwd plugin is optional for good reasons, it walks LDAP/AD on systems that have that setup and causes horrible performance issues.
It sounds like the bug here is just that when you pass an optional plugin as the plugin to run in the ohai resource that it doesn't run that plugin, even though you've specified it.
And we wouldn't want to set run_all_plugins to true because if someone does not have the passwd plugin enabled because of AD/LDAP then a simple reload to the ohai resource should never load those plugins which are optional/disabled. That would blow up all kinds of systems to just always force that to true in the resource.
I suppose we could also raise if the plugin is currently disabled - the theory being that if someone has that disabled then you don't want to enable that plugin without some kind of positive action on the part of the user.