Issue #8372 has been updated by James Turnbull. Status changed from Unreviewed to Duplicate
This is a duplicate of #5876. ---------------------------------------- Bug #8372: files that require execs land changes even when the exec exits non-zero https://projects.puppetlabs.com/issues/8372 Author: Nick Moffitt Status: Duplicate Priority: Normal Assignee: Category: exec Target version: Affected Puppet version: 2.6.4 Keywords: require exec Branch: In order to ensure that broken sudoers stanzas do not land on production machines, I have a define something like the following: define sudoers_file($source) { $tmpfile = "/etc/sudoers.d/${name}.test" $dstfile = "/etc/sudoers.d/${name}" file { $tmpfile: mode => 0440, source => $source, notify => Exec["sudocheck_${name}"], require => Class["sudo"]; $dstfile: mode => 0440, # sudo is very particular about perms source => $source, require => Exec["sudocheck_${name}"]; } exec { "/usr/sbin/visudo -c -f ${tmpfile}": refreshonly => true, alias => "sudocheck_${name}", } } When the source file has bogus sudoers configuration in it, the resources proceed as follows: 1. the .test file lands 2. the exec runs `visudo -c -f` on the test file, and throws an error as it exits with a status of 1 3. the `$dstfile` lands! This is rather disturbing, as I was counting on the failure of the exec to bring puppet to a grinding halt. Broken sudoers files are the kind of thing that can really throw a spanner into repair efforts, and the situation needs to go back to a human reviewer. The exec would not have run if it required a file that did not successfully land. So why does the reverse happen? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
