3

I have a chef recipe to create a deploy user. The user is being created when running kitchen converge. When trying to create the .ssh folder for the user it fails with because the home directory for the user does not exists. Parent directory /home/deploy does not exist, cannot create /home/deploy/.ssh.

cookbooks/main/recipes/user.rb

user deploy do
  action :create
  comment 'Application deploy user'
  home "/home/#{node['deploy_user']}"
  shell '/bin/bash'
  system true
  supports manage_home: true
end

directory "/home/#{node['deploy_user']}/.ssh" do
  mode 0700
  owner node['deploy_user']
  group node['deploy_user']
end

template "/home/#{node['deploy_user']}/.ssh/authorized_keys" do
  mode 0600
  owner node['deploy_user']
  source 'authorized_keys.erb'
end

.kitchen.yml

---
driver:
  name: vagrant

provisioner:
  name: chef_solo

platforms:
  - name: ubuntu-14.04
  - name: centos-7.1

suites:
  - name: default
    run_list:
      - recipe[main::default]
    attributes:
Antarr Byrd
  • 24,863
  • 33
  • 100
  • 188

4 Answers4

3

This infuriated me to no end as well. No excuse for Chef not to make such a simple routine action easy to perform.

As this is a top google search and I'm not clear the other answers are proper, here is exactly what I needed to run to get this to work. I'm using chef server 12.4 and client 12.10.24. All on Ubuntu 14.04.

user '<USERNAME>' do
  gid '<MY_GROUP_NAME>'
  shell '/bin/bash'
  comment 'some stuff i want to say'
  home "/home/<USERNAME>"
  supports manage_home: true
  action :create
end

My /etc/login.defs file is unmodified default.

user1883857
  • 41
  • 2
  • 8
1

You passed deploy to the user resource name instead of node['deploy_user']:

user node['deploy_user'] do
  action :create
  comment 'Application deploy user'
  home "/home/#{node['deploy_user']}"
  shell '/bin/bash'
  system true
  supports manage_home: true
end
zuazo
  • 5,398
  • 2
  • 23
  • 22
0

From man useradd:

-r, --system
    Create a system account.

    System users will be created with no aging information in /etc/shadow, and their numeric identifiers are choosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the creation of groups).

    Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.

Or in short, add manage_home true to your resource.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • I've tried with `manage_home true` and `supports manage_home: true` neither works. – Antarr Byrd Jan 05 '16 at 21:57
  • Run with `-l debug` and check what command ends up getting run. Generally speaking if you want a home dir and other user-like behavior, you shouldn't use `system true`. – coderanger Jan 05 '16 at 22:00
  • debug is pretty long. I'm not sure what to look for. – Antarr Byrd Jan 05 '16 at 22:02
  • You are looking for the command being run to create the user. – coderanger Jan 05 '16 at 22:09
  • All I see is `Recipe: main::user * user[deploy] action create[2016-01-05T22:10:52+00:00] INFO: Processing user[deploy] action create (main::user line 1) [2016-01-05T22:10:52+00:00] DEBUG: Providers for generic user resource enabled on node include: [Chef::Provider::User::Useradd] [2016-01-05T22:10:52+00:00] DEBUG: Provider for action create on resource user[deploy] is Chef::Provider::User::Useradd` – Antarr Byrd Jan 05 '16 at 22:13
  • What is after the "Provider for action..." line? Maybe add it to the question where it will be nicer formatted – matt freake Jan 07 '16 at 12:06
0

Perhaps it's the run sequence problem. Try

user node['deploy_user'] do
  comment 'Application deploy user'
  home "/home/#{node['deploy_user']}"
  shell '/bin/bash'
  system true
  manage_home true
end.run_action(:create)
display name
  • 4,165
  • 2
  • 27
  • 52