Bug #1826
augeas type executes always
| Status: | Closed | Start date: | 12/19/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Bryan Kearney |
% Done: | 0% |
|
| Category: | Red Hat | |||
| Target version: | 0.24.8 | |||
| Affected Puppet version: | 0.24.6 | Branch: | ||
| Keywords: | 0.24.7 | |||
| Votes: | 0 |
Description
it should be as easy as:
augeas { "sshd_HostbasedAuthentication":
context => "/files/etc/ssh/sshd_config",
changes => [ "set HostbasedAuthentication yes",
"set IgnoreUserKnownHosts yes",
"set IgnoreRhosts yes"
],
require => Package["openssh-server"],
notify => Service["sshd"]
}
but it’s not. the augeas type executes always regardless if there is a change.
the above turns into:
augeas { "sshd_HostbasedAuthentication":
context => "/files/etc/ssh/sshd_config",
changes => "set HostbasedAuthentication yes",
onlyif => "get HostbasedAuthentication != yes",
require => Package["openssh-server"],
notify => Service["sshd"];
"sshd_IgnoreUserKnownHosts":
context => "/files/etc/ssh/sshd_config",
changes => "set IgnoreUserKnownHosts yes",
onlyif => "get IgnoreUserKnownHosts != yes",
require => Package["openssh-server"],
notify => Service["sshd"];
"sshd_IgnoreRhosts":
context => "/files/etc/ssh/sshd_config",
changes => "set IgnoreRhosts yes",
onlyif => "get IgnoreRhosts != yes",
require => Package["openssh-server"],
notify => Service["sshd"];
}
History
Updated by James Turnbull about 3 years ago
- Category set to Red Hat
- Status changed from Unreviewed to Accepted
- Assignee set to Bryan Kearney
Updated by Bryan Kearney about 3 years ago
I am speaking with David Lutterkort about this. The fix will require a new drop of Augeas to work. So.. in short..I am working on it.. but it may take a bit until the resolution is in.
Updated by Ben - about 3 years ago
Excellent.
Might i also suggest as part of this fix you include the puppet backup routines.
i.e. is the file going to change? if yes, call puppet backup on file to a defined or default bucket then save.
this may require a rethink on the syntax. the current syntax means that multiple file could be changed in one call. e.g.
augeas { "etc_stuff":
context => "/files/etc",
changes => [ "set ssh/sshd_config/HostbasedAuthentication yes",
"set ssh/sshd_config/IgnoreUserKnownHosts yes",
"set ssh/sshd_config/IgnoreRhosts yes",
"set sysconfig/readonly-root/READONLY no",
],
require => Package["openssh-server"],
notify => Service["sshd"]
}
Note: untested just assumed.
In this case the type would not know which file to back up.
So instead of ‘context’ maybe file would be more appropriate. the type will always know that the true context will the “/files/etc/….” and restrict the type to edit one file at a time.
e.g.
augeas { "sshd_HostbasedAuthentication":
file => "/etc/ssh/sshd_config",
changes => [ "set HostbasedAuthentication yes",
"set IgnoreUserKnownHosts yes",
"set IgnoreRhosts yes"
],
require => Package["openssh-server"],
notify => Service["sshd"]
}
unless augeas can be made to return which files are going to change, and backups could be called on multiple files.
Ben
Updated by Bryan Kearney almost 3 years ago
Can you please take a look at the latest here:
http://github.com/bkearney/puppet/tree/1826-0.24.x
This patch should cause the puppet type to not execute if
1) Augeas version 0.3.6 or greater is installed.
2) The filter did match
3) The commands which are executed do not cause any files to be changed.
It does this by making the file changes when parsing if the type needs to run. There is a bit of a hole in that if the underlieing file is changed by another type during the need_to_run phase and the execute phase that the augeas type will overwrite it. Hopefully, 2 types are not changing the same file.
In addition, if you have version .40 of augeas, I would love to see some testing on the new xPath structures which David just released.
Updated by Ben - almost 3 years ago
With the ‘augeas.rb’ provider from github the following manifest snippet executes correctly with augues 0.3.6 and 0.4.0 on CentOS 5.2 x86_64 with puppet and puppetd.
package { "openssh-server": ensure => installed }
service { "sshd": ensure => running, enable => true, require => Package["openssh-server"] }
augeas { "sshd_HostbasedAuthentication":
context => "/files/etc/ssh/sshd_config",
changes => [ "set HostbasedAuthentication yes",
"set IgnoreUserKnownHosts yes",
"set IgnoreRhosts yes"
],
require => Package["openssh-server"],
notify => Service["sshd"]
}
1st run
# puppet --debug test.pp
debug: Puppet::Type::Package::ProviderRpm: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderAptrpm: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderUrpmi: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Service::ProviderRunit: file /usr/bin/sv does not exist
debug: Puppet::Type::Service::ProviderDebian: file /usr/sbin/update-rc.d does not exist
debug: Puppet::Type::Service::ProviderDaemontools: file /usr/bin/svc does not exist
debug: Puppet::Type::Service::ProviderGentoo: file /sbin/rc-update does not exist
debug: Puppet::Type::Service::ProviderLaunchd: file /bin/launchctl does not exist
debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist
debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
debug: Puppet::Type::Package::ProviderAppdmg: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_add does not exist
debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/emerge does not exist
debug: Puppet::Type::Package::ProviderDarwinport: file /opt/local/bin/port does not exist
debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
debug: Puppet::Type::Package::ProviderUrpmi: file urpmi does not exist
debug: Puppet::Type::Package::ProviderPkgdmg: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist
debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_add does not exist
debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist
debug: Puppet::Type::Package::ProviderApple: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderSun: file /usr/sbin/pkgadd does not exist
debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist
debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist
debug: Puppet::Type::Package::ProviderGem: file gem does not exist
debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swinstall does not exist
debug: Creating default schedules
debug: Loaded state in 0.02 seconds
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}
''
debug: //Service[sshd]/require: requires Package[openssh-server]
debug: //Augeas[sshd_HostbasedAuthentication]/require: requires Package[openssh-server]
debug: //Augeas[sshd_HostbasedAuthentication]/notify: subscribes to Service[sshd]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Opening augeas with root /, lens path , flags 0
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Augeas version 0.3.6 is installed
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Will attempt to save and only run if files changed
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/HostbasedAuthentication", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/IgnoreUserKnownHosts", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/IgnoreRhosts", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Files changed, should execute
debug: //Augeas[sshd_HostbasedAuthentication]: Changing returns
debug: //Augeas[sshd_HostbasedAuthentication]: 1 change(s)
notice: //Augeas[sshd_HostbasedAuthentication]/returns: executed successfully
info: //Augeas[sshd_HostbasedAuthentication]: Scheduling refresh of Service[sshd]
debug: Service[sshd](provider=redhat): Executing 'ps -ef'
debug: Service[sshd](provider=redhat): PID is 3412
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig sshd'
notice: //Service[sshd]: Triggering 'refresh' from 1 dependencies
debug: Service[sshd](provider=redhat): Executing 'ps -ef'
debug: Service[sshd](provider=redhat): PID is 3412
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/service sshd stop'
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/service sshd start'
debug: Finishing transaction 23782439944480 with 1 changes
debug: Storing state
debug: Stored state in 0.19 seconds
debug: Calling puppetreports.report
info: Sent transaction report in 0.76 seconds
2nd run
# puppet --debug test.pp
debug: Puppet::Type::Package::ProviderRpm: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderAptrpm: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderUrpmi: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Service::ProviderRunit: file /usr/bin/sv does not exist
debug: Puppet::Type::Service::ProviderDebian: file /usr/sbin/update-rc.d does not exist
debug: Puppet::Type::Service::ProviderDaemontools: file /usr/bin/svc does not exist
debug: Puppet::Type::Service::ProviderGentoo: file /sbin/rc-update does not exist
debug: Puppet::Type::Service::ProviderLaunchd: file /bin/launchctl does not exist
debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist
debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
debug: Puppet::Type::Package::ProviderAppdmg: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_add does not exist
debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/emerge does not exist
debug: Puppet::Type::Package::ProviderDarwinport: file /opt/local/bin/port does not exist
debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
debug: Puppet::Type::Package::ProviderUrpmi: file urpmi does not exist
debug: Puppet::Type::Package::ProviderPkgdmg: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist
debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_add does not exist
debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist
debug: Puppet::Type::Package::ProviderApple: file /Library/Receipts does not exist
debug: Puppet::Type::Package::ProviderSun: file /usr/sbin/pkgadd does not exist
debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist
debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist
debug: Puppet::Type::Package::ProviderGem: file gem does not exist
debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swinstall does not exist
debug: Creating default schedules
debug: Loaded state in 0.02 seconds
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}
''
debug: //Augeas[sshd_HostbasedAuthentication]/require: requires Package[openssh-server]
debug: //Augeas[sshd_HostbasedAuthentication]/notify: subscribes to Service[sshd]
debug: //Service[sshd]/require: requires Package[openssh-server]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Opening augeas with root /, lens path , flags 0
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Augeas version 0.3.6 is installed
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Will attempt to save and only run if files changed
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/HostbasedAuthentication", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/IgnoreUserKnownHosts", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/IgnoreRhosts", "yes"]
debug: Augeas[sshd_HostbasedAuthentication](provider=augeas): Skipping becuase no files were changed
debug: Service[sshd](provider=redhat): Executing 'ps -ef'
debug: Service[sshd](provider=redhat): PID is 6450
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig sshd'
debug: Finishing transaction 23922800637380 with 0 changes
debug: Storing state
debug: Stored state in 0.19 seconds
debug: Calling puppetreports.report
info: Sent transaction report in 1.15 seconds
Updated by Bryan Kearney almost 3 years ago
Thank you for testing. Please take a look at this thread:
http://groups.google.com/group/puppet-users/browse_thread/thread/ca1d27d7dc59758a
and jump in on the benefits/drawbacks of this feature.
— bk
Updated by Bryan Kearney almost 3 years ago
- Status changed from Accepted to In Topic Branch Pending Review
I have sent pull requests to James for both the 0.24.x and master branches. You can see the code here:
http://github.com/bkearney/puppet/commits/1826-master http://github.com/bkearney/puppet/commits/1826-0.24.x
The code now uses the following logic to determine if it should execute:
If only_if is set needs_to_run = false if get or match not found end
if force is not set to true if Augeas version >= 0.3.6
needs_to_run = false if executing the commands
would not effect any files.
end end
return needs_to_run
Updated by Marc Fournier almost 3 years ago
I’ve spent a few minutes testing this new code. It works fine for me (augeas 0.4.1 on redhat 5.3/debian 5.0), exactly as expected. Thanks for the great work Bryan !
NB: I’ve only tested the code from the 0.24.x branch, on puppet 0.24.7.
Updated by James Turnbull almost 3 years ago
- Status changed from In Topic Branch Pending Review to Closed
- Target version set to 0.24.8
Pushed in 0.24.x