Bug 733393 - sysconfig agent doesn't execute puppet script
Summary: sysconfig agent doesn't execute puppet script
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: matahari
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Adam Stokes
QA Contact: Dave Johnson
URL:
Whiteboard:
Depends On:
Blocks: 743047
TreeView+ depends on / blocked
 
Reported: 2011-08-25 15:48 UTC by Dave Johnson
Modified: 2011-12-06 11:40 UTC (History)
2 users (show)

Fixed In Version: matahari-0.4.4-1.el6
Doc Type: Bug Fix
Doc Text:
No description required.
Clone Of:
Environment:
Last Closed: 2011-12-06 11:40:24 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1569 normal SHIPPED_LIVE matahari bug fix and enhancement update 2011-12-06 00:39:06 UTC

Description Dave Johnson 2011-08-25 15:48:02 UTC
Description of problem:
=================================
If I run "puppet" against the following puppet script, it changes the file permissions as expected but when I reset those permissions to 777 and try to run it through sysconfig agent, I get a OK status but the permissions never change.

site.pp:
--------
file { "/etc/sudoers":
    owner => root, group => root, mode => 440
}
--------

Version-Release number of selected component (if applicable):
==================================================================
v0.4.2-7

How reproducible:
=================================
100%

Steps to Reproduce:
=================================
1.  create site.pp
2.  chmod 777 /etc/sudoers
3.  install/start matahari broker and sysconfig agent
4.  with qmf-tool, execute:
      call 1 run_uri file:///path/to/site.pp 0 puppet site_file
5.  ll /etc/sudoers, permissions still 777
6.  run 'puppet /path/to/site.pp' 
7.  ll /etc/sudoers, permissions changed to 440
 
Additional info:
=================================

# qmf-tool output
qmf: call 3 run_uri http://127.0.0.1/site.pp 0 puppet site_http
Output Parameters:
    Name    Value
    ===============
    status  OK

# Nothing interesting while running "/usr/sbin/matahari-qmf-sysconfigd -vvv":
    mainloop_qmf_dispatch: 0x942200
    mh_qpid_callback: Qpid message recieved
    mh_qpid_callback: Message is for Sysconfig (type:       
       matahariproject.org:Sysconfig:51948217-f1d7-4198-b826-aebde4fc7040)

Comment 2 Dave Johnson 2011-08-25 15:59:51 UTC
I should have also mentioned that using a http url does not work as well,

call 4 run_uri http://127.0.0.1/site.pp 0 puppet site_http

Comment 3 Dave Johnson 2011-08-25 18:02:15 UTC
Using run_string() seemed slightly better, running the agent with -vvv showed the following but the permissions were still at 777.


qmf: call 6 run_string 'file { "/etc/sudoers":\n    owner => root, group => root, mode => 440\n}' 0 puppet string
Output Parameters:
    Name    Value
    ===============
    status  OK


sysconfig_os_run_puppet: Running puppet apply
notice: Finished catalog run in 0.01 seconds

Comment 4 Adam Stokes 2011-08-26 15:49:14 UTC
I think with puppet we need to make sure that our puppet.conf is setup to override the modulepath so when running puppet scripts outside of the default they will actually work.

http://docs.puppetlabs.com/guides/configuring.html

Dave,

On the agent could you verify that puppet is using the correct modulepath when running your scripts?

Thanks,
Adam

Comment 5 Dave Johnson 2011-08-26 16:09:50 UTC
The default configuration of puppet, /etc/puppet/puppet.conf,  doesn't specify a modulepath and when running 'puppet site.pp' from the root's command line (who Zane said is the same userspace it runs under when ran through the sysconfig agent), it does work. 

I don't think it has anything to do with the modulepath.

Comment 6 Adam Stokes 2011-08-30 19:47:00 UTC
I would make sure you are passing the MH_SYSCONFIG_FLAG_FORCE to the qmf commands to make sure you aren't just returning due to the fact the key exists already.

Thanks
Adam

Comment 7 Adam Stokes 2011-08-31 00:54:23 UTC
During my re-attempts setting the flag to '1' enabled me to overwrite existing key and continue with puppet execution

Comment 8 Dave Johnson 2011-08-31 14:49:41 UTC
When this case is encountered, we need to communicate that to the user with at least a non-zero return code and preferably some helpful text.

Comment 12 Dave Johnson 2011-09-09 18:26:26 UTC
good 2 go in v0.4.4-2

Comment 13 Russell Bryant 2011-11-16 21:56:51 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No description required.

Comment 14 errata-xmlrpc 2011-12-06 11:40:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1569.html


Note You need to log in before you can comment on or make changes to this bug.