RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 733393 - sysconfig agent doesn't execute puppet script
Summary: sysconfig agent doesn't execute puppet script
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: matahari
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Adam Stokes
QA Contact: Dave Johnson
URL:
Whiteboard:
Depends On:
Blocks: 743047
TreeView+ depends on / blocked
 
Reported: 2011-08-25 15:48 UTC by Dave Johnson
Modified: 2011-12-06 11:40 UTC (History)
2 users (show)

Fixed In Version: matahari-0.4.4-1.el6
Doc Type: Bug Fix
Doc Text:
No description required.
Clone Of:
Environment:
Last Closed: 2011-12-06 11:40:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1569 0 normal SHIPPED_LIVE matahari bug fix and enhancement update 2011-12-06 00:39:06 UTC

Description Dave Johnson 2011-08-25 15:48:02 UTC 
Description of problem:
=================================
If I run "puppet" against the following puppet script, it changes the file permissions as expected but when I reset those permissions to 777 and try to run it through sysconfig agent, I get a OK status but the permissions never change.

site.pp:
--------
file { "/etc/sudoers":
    owner => root, group => root, mode => 440
}
--------

Version-Release number of selected component (if applicable):
==================================================================
v0.4.2-7

How reproducible:
=================================
100%

Steps to Reproduce:
=================================
1.  create site.pp
2.  chmod 777 /etc/sudoers
3.  install/start matahari broker and sysconfig agent
4.  with qmf-tool, execute:
      call 1 run_uri file:///path/to/site.pp 0 puppet site_file
5.  ll /etc/sudoers, permissions still 777
6.  run 'puppet /path/to/site.pp' 
7.  ll /etc/sudoers, permissions changed to 440
 
Additional info:
=================================

# qmf-tool output
qmf: call 3 run_uri http://127.0.0.1/site.pp 0 puppet site_http
Output Parameters:
    Name    Value
    ===============
    status  OK

# Nothing interesting while running "/usr/sbin/matahari-qmf-sysconfigd -vvv":
    mainloop_qmf_dispatch: 0x942200
    mh_qpid_callback: Qpid message recieved
    mh_qpid_callback: Message is for Sysconfig (type:       
       matahariproject.org:Sysconfig:51948217-f1d7-4198-b826-aebde4fc7040)
Comment 2 Dave Johnson 2011-08-25 15:59:51 UTC 
I should have also mentioned that using a http url does not work as well,

call 4 run_uri http://127.0.0.1/site.pp 0 puppet site_http
Comment 3 Dave Johnson 2011-08-25 18:02:15 UTC 
Using run_string() seemed slightly better, running the agent with -vvv showed the following but the permissions were still at 777.


qmf: call 6 run_string 'file { "/etc/sudoers":\n    owner => root, group => root, mode => 440\n}' 0 puppet string
Output Parameters:
    Name    Value
    ===============
    status  OK


sysconfig_os_run_puppet: Running puppet apply
notice: Finished catalog run in 0.01 seconds
Comment 4 Adam Stokes 2011-08-26 15:49:14 UTC 
I think with puppet we need to make sure that our puppet.conf is setup to override the modulepath so when running puppet scripts outside of the default they will actually work.

http://docs.puppetlabs.com/guides/configuring.html

Dave,

On the agent could you verify that puppet is using the correct modulepath when running your scripts?

Thanks,
Adam
Comment 5 Dave Johnson 2011-08-26 16:09:50 UTC 
The default configuration of puppet, /etc/puppet/puppet.conf,  doesn't specify a modulepath and when running 'puppet site.pp' from the root's command line (who Zane said is the same userspace it runs under when ran through the sysconfig agent), it does work. 

I don't think it has anything to do with the modulepath.
Comment 6 Adam Stokes 2011-08-30 19:47:00 UTC 
I would make sure you are passing the MH_SYSCONFIG_FLAG_FORCE to the qmf commands to make sure you aren't just returning due to the fact the key exists already.

Thanks
Adam
Comment 7 Adam Stokes 2011-08-31 00:54:23 UTC 
During my re-attempts setting the flag to '1' enabled me to overwrite existing key and continue with puppet execution
Comment 8 Dave Johnson 2011-08-31 14:49:41 UTC 
When this case is encountered, we need to communicate that to the user with at least a non-zero return code and preferably some helpful text.
Comment 10 Adam Stokes 2011-09-01 16:14:31 UTC 
https://github.com/matahari/matahari/commit/d6a4df7bd698d65c78a76e5ed7cb1e120dddebaf
Comment 11 Adam Stokes 2011-09-01 16:18:15 UTC 
v0.4 branch:

https://github.com/matahari/matahari/commit/89387d01a347023ac07e673d9f0151cc392d9f6e
Comment 12 Dave Johnson 2011-09-09 18:26:26 UTC 
good 2 go in v0.4.4-2
Comment 13 Russell Bryant 2011-11-16 21:56:51 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No description required.
Comment 14 errata-xmlrpc 2011-12-06 11:40:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1569.html
Note You need to log in before you can comment on or make changes to this bug.