Hide Forgot
Description of problem: ================================= If I run "puppet" against the following puppet script, it changes the file permissions as expected but when I reset those permissions to 777 and try to run it through sysconfig agent, I get a OK status but the permissions never change. site.pp: -------- file { "/etc/sudoers": owner => root, group => root, mode => 440 } -------- Version-Release number of selected component (if applicable): ================================================================== v0.4.2-7 How reproducible: ================================= 100% Steps to Reproduce: ================================= 1. create site.pp 2. chmod 777 /etc/sudoers 3. install/start matahari broker and sysconfig agent 4. with qmf-tool, execute: call 1 run_uri file:///path/to/site.pp 0 puppet site_file 5. ll /etc/sudoers, permissions still 777 6. run 'puppet /path/to/site.pp' 7. ll /etc/sudoers, permissions changed to 440 Additional info: ================================= # qmf-tool output qmf: call 3 run_uri http://127.0.0.1/site.pp 0 puppet site_http Output Parameters: Name Value =============== status OK # Nothing interesting while running "/usr/sbin/matahari-qmf-sysconfigd -vvv": mainloop_qmf_dispatch: 0x942200 mh_qpid_callback: Qpid message recieved mh_qpid_callback: Message is for Sysconfig (type: matahariproject.org:Sysconfig:51948217-f1d7-4198-b826-aebde4fc7040)
I should have also mentioned that using a http url does not work as well, call 4 run_uri http://127.0.0.1/site.pp 0 puppet site_http
Using run_string() seemed slightly better, running the agent with -vvv showed the following but the permissions were still at 777. qmf: call 6 run_string 'file { "/etc/sudoers":\n owner => root, group => root, mode => 440\n}' 0 puppet string Output Parameters: Name Value =============== status OK sysconfig_os_run_puppet: Running puppet apply notice: Finished catalog run in 0.01 seconds
I think with puppet we need to make sure that our puppet.conf is setup to override the modulepath so when running puppet scripts outside of the default they will actually work. http://docs.puppetlabs.com/guides/configuring.html Dave, On the agent could you verify that puppet is using the correct modulepath when running your scripts? Thanks, Adam
The default configuration of puppet, /etc/puppet/puppet.conf, doesn't specify a modulepath and when running 'puppet site.pp' from the root's command line (who Zane said is the same userspace it runs under when ran through the sysconfig agent), it does work. I don't think it has anything to do with the modulepath.
I would make sure you are passing the MH_SYSCONFIG_FLAG_FORCE to the qmf commands to make sure you aren't just returning due to the fact the key exists already. Thanks Adam
During my re-attempts setting the flag to '1' enabled me to overwrite existing key and continue with puppet execution
When this case is encountered, we need to communicate that to the user with at least a non-zero return code and preferably some helpful text.
https://github.com/matahari/matahari/commit/d6a4df7bd698d65c78a76e5ed7cb1e120dddebaf
v0.4 branch: https://github.com/matahari/matahari/commit/89387d01a347023ac07e673d9f0151cc392d9f6e
good 2 go in v0.4.4-2
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No description required.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1569.html