Bug 733393 - sysconfig agent doesn't execute puppet script
Summary: sysconfig agent doesn't execute puppet script
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: matahari
Version: 6.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Adam Stokes
QA Contact: Dave Johnson
Depends On:
Blocks: 743047
TreeView+ depends on / blocked
Reported: 2011-08-25 15:48 UTC by Dave Johnson
Modified: 2011-12-06 11:40 UTC (History)
2 users (show)

Fixed In Version: matahari-0.4.4-1.el6
Doc Type: Bug Fix
Doc Text:
No description required.
Clone Of:
Last Closed: 2011-12-06 11:40:24 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1569 normal SHIPPED_LIVE matahari bug fix and enhancement update 2011-12-06 00:39:06 UTC

Description Dave Johnson 2011-08-25 15:48:02 UTC
Description of problem:
If I run "puppet" against the following puppet script, it changes the file permissions as expected but when I reset those permissions to 777 and try to run it through sysconfig agent, I get a OK status but the permissions never change.

file { "/etc/sudoers":
    owner => root, group => root, mode => 440

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  create site.pp
2.  chmod 777 /etc/sudoers
3.  install/start matahari broker and sysconfig agent
4.  with qmf-tool, execute:
      call 1 run_uri file:///path/to/site.pp 0 puppet site_file
5.  ll /etc/sudoers, permissions still 777
6.  run 'puppet /path/to/site.pp' 
7.  ll /etc/sudoers, permissions changed to 440
Additional info:

# qmf-tool output
qmf: call 3 run_uri 0 puppet site_http
Output Parameters:
    Name    Value
    status  OK

# Nothing interesting while running "/usr/sbin/matahari-qmf-sysconfigd -vvv":
    mainloop_qmf_dispatch: 0x942200
    mh_qpid_callback: Qpid message recieved
    mh_qpid_callback: Message is for Sysconfig (type:       

Comment 2 Dave Johnson 2011-08-25 15:59:51 UTC
I should have also mentioned that using a http url does not work as well,

call 4 run_uri 0 puppet site_http

Comment 3 Dave Johnson 2011-08-25 18:02:15 UTC
Using run_string() seemed slightly better, running the agent with -vvv showed the following but the permissions were still at 777.

qmf: call 6 run_string 'file { "/etc/sudoers":\n    owner => root, group => root, mode => 440\n}' 0 puppet string
Output Parameters:
    Name    Value
    status  OK

sysconfig_os_run_puppet: Running puppet apply
notice: Finished catalog run in 0.01 seconds

Comment 4 Adam Stokes 2011-08-26 15:49:14 UTC
I think with puppet we need to make sure that our puppet.conf is setup to override the modulepath so when running puppet scripts outside of the default they will actually work.



On the agent could you verify that puppet is using the correct modulepath when running your scripts?


Comment 5 Dave Johnson 2011-08-26 16:09:50 UTC
The default configuration of puppet, /etc/puppet/puppet.conf,  doesn't specify a modulepath and when running 'puppet site.pp' from the root's command line (who Zane said is the same userspace it runs under when ran through the sysconfig agent), it does work. 

I don't think it has anything to do with the modulepath.

Comment 6 Adam Stokes 2011-08-30 19:47:00 UTC
I would make sure you are passing the MH_SYSCONFIG_FLAG_FORCE to the qmf commands to make sure you aren't just returning due to the fact the key exists already.


Comment 7 Adam Stokes 2011-08-31 00:54:23 UTC
During my re-attempts setting the flag to '1' enabled me to overwrite existing key and continue with puppet execution

Comment 8 Dave Johnson 2011-08-31 14:49:41 UTC
When this case is encountered, we need to communicate that to the user with at least a non-zero return code and preferably some helpful text.

Comment 12 Dave Johnson 2011-09-09 18:26:26 UTC
good 2 go in v0.4.4-2

Comment 13 Russell Bryant 2011-11-16 21:56:51 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
No description required.

Comment 14 errata-xmlrpc 2011-12-06 11:40:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.