5

I've just started learning puppet and have came across a problem I was wondering if anyone knew how to fix.I m trying to remove a user I get an error message stating that they are logged in so can't be removed.

Now in this case I know what server they're logged into so I could simply just log the user out and proceed from there.My question is however what do you do when you don't know what servers they're logged into? Keeping in mind it could be many servers.

Is there a force remove option or a way to log users out in puppet?

Code below:

user {'art':

ensure => absent,

}

Errors:

Error: Could not delete user art: Execution of '/usr/sbin/userdel art' returned 8: userdel: user art is currently logged in

Error: /Stage[main]/Main/Node[demo]/User[art]/ensure: change from present to absent failed: Could not delete user art: Execution of '/usr/sbin/userdel art' returned 8: userdel: user art is currently logged in

TBI Infotech
  • 1,536
  • 9
  • 15
user3329963
  • 163
  • 1
  • 3
  • 9

3 Answers3

2

According to this post, you can disconnect users using pkill -STOP -u USERNAME.
You can create a resource definition something this in puppet: 

define kill_and_delete {
    exec { "killing $title":
        command => "pkill -STOP -u $title",
        onlyif  => "grep '^$title' /etc/passwd",
        before => User[$title],
    }
    user { $title: ensure => absent}
}

Afterwards, you use it like this:
kill_and_delete {'art': }
Note: I didn't test this.
see resource ordering - before and require and type reference - exec.

pk.
  • 6,413
  • 1
  • 41
  • 63
Nitz
  • 1,018
  • 1
  • 8
  • 18
1

You terminate a session by killing its parent process, called the session leader. Find out which process it is with:

ps -dN|grep pts/3

or

As mentioned by @Nitz

pkill -9 -u username

And for reference check this link:

How can I force other users to log out?

Community
  • 1
TBI Infotech
  • 1,536
  • 9
  • 15
1

I stumbled upon the same issue when deleting a user where processes were running. I have tested my solution on our production server and therefore I can provide a valid solution where I create users in a separate class using "ensure" variables. And based upon the variable I decide whether to call the process stop sequence or not as follows:

define your_class::user (
  $user   = $name,
  $ensure = 'present',
){

  # only call when user gets removed
  if $ensure == 'absent' {
    exec {
      "killing ${user}":
        command => "pkill -9 -u ${user}",
        # need to check if user exists and processes are running
        # otherwise command would fail with no processes
        onlyif  => "grep '^${user}' /etc/passwd && ps -u ${user}",
        # run before user gets removed
        before  => User[$user];
    }
  }

  # create/remove user with managed home
  user {
    $user:
      ensure     => $ensure,
      home       => "/home/${user}",
      managehome => true,
      shell      => '/bin/bash',
  }
}
thonixx
  • 201
  • 3
  • 11