Consul user not found in /etc/passwd issue

[induja0107]

We have the consul config hash as shown below and we are using mod 'KyleAnderson/consul', '5.0.3'. Is there any settings that need to be passed to config_hash to fix this issue?

Any help in fixing this issue is greatly appreciated!

Error message:

err
Could not set shell on user[consul]: Execution of '/usr/sbin/usermod -s /sbin/nologin consul' returned 6: usermod: user 'consul' does not exist in /etc/passwd
err
/etc/puppetlabs/code/environments/dev/modules/consul/manifests/install.pp:80

      change from '/bin/ksh' to '/sbin/nologin' failed: Could not set shell on user[consul]: Execution of '/usr/sbin/usermod -s /sbin/nologin consul' returned 6: usermod: user 'consul' does not exist in /etc/passwd

Config:

user {'consul':
  ensure     => absent,
  forcelocal => true,
}
->group {'consul':
  ensure     => absent,
  forcelocal => true,
}
->exec { 'mkdir -p /opt/consul':
  path    => ['/bin','/sbin','/usr/bin','/usr/sbin'],
  creates => '/opt/consul',
}
->class { '::consul':
  require           => File['/root/.curlrc'],
  version           => '1.6.3',
  manage_group      => false,
  manage_user       => false,
  pretty_config     => true,
  restart_on_change => false,
  config_hash       => {
    'data_dir'                   => '/opt/consul',
    'datacenter'                 => 'dc1',
    'acl_datacenter'             => 'dc1',
    'acl_agent_token'            => $consul_agent_token_key,
    'acl_token'                  => 'anonymous',
    'log_level'                  => 'INFO',
    'enable_syslog'              => true,
    'encrypt'                    => $consul_encrypt_key,
    'client_addr'                => '127.0.0.1',
    'bind_addr'                  => $bind_addr_node,
    'retry_join'                 => $masters,
    'leave_on_terminate'         => true,
    'enable_local_script_checks' => true,
    'disable_update_check'       => true,
  }

[solarkennedy]

You need manage_user => true if you want the module to manage the user.

If you are going to manage the user, then you need to specify something other than "absent" if you want the user to exist.

[induja0107]

Thanks, When i set mange_user=> false and manage_group => false and try to add the following, the error related to /etc/passwd goes away but the config.json in /etc/consul has nothing but data_dir=/opt/consul even though i pass a whole lot of config in the config_hash as shown in the original post.

Any reason why it is setting config.json with only the defaults and not having the values for these in the config.json?

I should have the following content in /etc/consul/config.json:
{
"acl_agent_token": "redacted",
"acl_datacenter": "dc1",
"acl_token": "anonymous",
"bind_addr": "redacted",
"client_addr": "127.0.0.1",
"data_dir": "/opt/consul",
"datacenter": "dc1",
"disable_update_check": true,
"enable_local_script_checks": true,
"enable_syslog": true,
"encrypt": "redacted",
"leave_on_terminate": true,
"log_level": "INFO",
"retry_join": [redacted]
}

Whereas this is what i see in /etc/consul/config.json:
{data_dir : '/opt/consul'}

Code changed to the following as per your suggestion:

user {'consul':
  ensure => present,
  system => true,
  shell  => '/sbin/nologin',
}
->group {'consul':
  ensure => present,
  system => true,
}

[solarkennedy]

I can't think of any reason why adjusting the user would change (or not change) the config hash.

[induja0107]

Thanks again, I found out that the root cause of the issue was the ACLs not found. I restored consul snapshot to a previous working version and things got back to normal.