Issue #5154 has been reported by Joe McDonagh.
----------------------------------------
Bug #5154: Resources contained inside virtual definitions cause resource
conflicts when they shouldn't
https://projects.puppetlabs.com/issues/5154
Author: Joe McDonagh
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
Consider the following class with a couple defines:
<pre>
import '*'
class accounts {
include users, groups
define admin (
$cell_number,
$cell_provider,
$comment = "User",
$ensure_d = "present",
$gid,
$sshpubkey,
$sshpubkey_comment,
$uid
) {
$ensure = extlookup("user_${name}", "$ensure_d")
$username = $name
file {
"/home/$username/.bashrc":
group => "$username",
mode => "640",
owner => "$username",
path => $kernel ? {
Linux => "/home/$username/.bashrc",
OpenBSD => "/home/$username/.profile"
},
require => User["$username"],
source => "puppet://$server/modules/accounts/$username.bashrc";
[ "/home/$username/working", "/home/$username/scratch",
"/home/$username/img", "/home/$username/rrd" ]:
ensure => "directory",
group => "$username",
mode => "640",
owner => "$username",
require => User["$username"];
"/home/${username}/.forward":
content => "${sshpubkey_comment}",
group => "$username",
owner => "$username",
require => User["$username"];
}
group {
"$username":
ensure => "$ensure",
gid => "$gid",
}
@nagios_contact {
"$sshpubkey_comment":
alias => "$comment",
contact_name => "$username",
email => "${cell_numb...@${cell_provider}",
host_notification_commands => "notify-host-by-email",
host_notification_options => "a,d,r",
host_notification_period => "24x7",
notify => Exec["fix_nagios_perms"],
require => File["${nagios_cfg_dir}/contacts"],
service_notification_commands => "notify-service-by-email",
service_notification_options => "a,c,r",
service_notification_period => "24x7",
tag => "nagios",
target =>
"${nagios_cfg_dir}/contacts/${username}.cfg",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username";
}
if ($hostname == "builder") or ($hostname == "rackam") or ($hostname ==
"thordur") {
ssh_authorized_key {
"${sshpubkey_comment}_bootstrap":
ensure => "$ensure",
key => "$sshpubkey",
target => $kernel ? {
Linux => "/var/www/authorized_keys",
OpenBSD => "/home/ftp/authorized_keys"
},
type => "rsa",
}
}
user {
"$username":
comment => "$comment",
ensure => "$ensure",
gid => "$gid",
groups => "$admin_group",
home => "/home/$username",
managehome => "true",
password => "*",
require => [ Group["$username"], Group["$admin_group"] ],
shell => $kernel ? {
Linux => "/bin/bash",
OpenBSD => "/usr/local/bin/bash"
},
uid => "$uid",
}
}
define ssh_user (
$comment = "User",
$ensure_d = "present",
$gid,
$groups = "ssh_users",
$shell = "T_DEFAULT",
$sshpubkey,
$sshpubkey_comment,
$sshpubkey_options = "T_DEFAULT",
$uid
) {
$ensure = extlookup("user_${name}", "$ensure_d")
$real_shell = $shell ? {
T_DEFAULT => $kernel ? {
Linux => "/bin/bash",
OpenBSD => "/usr/local/bin/bash"
},
default => $shell
}
$username = $name
group {
"$username":
ensure => "$ensure",
gid => "$gid",
}
ssh_authorized_key {
"${sshpubkey_comment}":
ensure => "$ensure",
key => "$sshpubkey",
options => $sshpubkey_options ? { T_DEFAULT => undef, default => [
$sshpubkey_options ] },
require => User["$username"],
target => "/home/${username}/.ssh/authorized_keys2",
type => "rsa",
user => "$username",
}
user {
"$username":
ensure => "$ensure",
uid => "$uid",
gid => "$gid",
comment => "$comment",
home => "/home/$username",
shell => "$real_shell",
groups => [ $groups ],
password => "*",
managehome => "true",
require => [ Group["$username"], Group["ssh_users"] ]
}
}
}
</pre>
Now consider the following code that uses these definitions:
<pre>
class accounts::users {
Accounts::Admin { require => Package["bash"] }
Accounts::Ssh_user { require => Package["bash"] }
@admin {
"jmcdonagh":
cell_number => "6175555555",
cell_provider => "vtext.com",
comment => "Joe McDonagh",
gid => "1342",
sshpubkey => 'AAAA...',
sshpubkey_comment => '[email protected]',
uid => "10000";
}
@ssh_user {
"jmcdonagh":
yaddayadda
}
</pre>
I think you get the picture. Now if I realize only one of these resources, I
still get resource conflicts for things like Group["jmcdonagh"], etc. IMO this
is wrong; the 'virtual' property of the definition should propagate to all
contained resources. Right now I am going to have to add a bunch of silly
workarounds. Is there a good technical reason why this is happening?
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
