Issue #16121 has been updated by Peter Meier.
I think you should be able to reproduce that issue with a minimal manifest and `puppet apply`, which should be sufficient to debug things. However, I think the issue is way more down in the core architecture of puppet, as each catalog has no idea about the state of the previous catalog. So puppet does not see `change user from www-data to root` it more sees `ensure that user root has this cron entry present`, but within the new catalog there is no information about the previous www-data cron entry. So in my opinion this is something that can't be fixed (easily) as it works that way by design. To workaround that issue, you can use puppet to remove the previous log entry. Which will certainly fail because of a duplicate resource entry as both have the same title. Hence as a resulting ticket the cron provider should include the user as a part of the resource title. ---------------------------------------- Bug #16121: Cron user change results in duplicate entries on target user https://projects.puppetlabs.com/issues/16121#change-69859 Author: Chris Henry Status: Needs More Information Priority: Normal Assignee: Chris Henry Category: cron Target version: Affected Puppet version: Keywords: Branch: Running puppetmaster 2.7.13 and puppetd 2.7.13 on Centos6 We have a puppet module that installs some scripts and creates a cronjob to pickup gzip'd logs and upload them to s3. I mistakenly created the cron job as the user 'www-data' initially - but later found out that the supervisord daemon logs as 'root' - so I changed the user of a puppet cronjob from 'www-data' -> 'root'. On a puppetd run the client successfully detects the change and returns a notice that it is changing users for the cron job - but the end result is that the cron job is not removed for the www-data user and a duplicate job is create on the root users crontab. I didn't notice this for about a day but when I looked I saw that there were many duplicate entries in the root users crontab for this job - presumably one for each puppetd run. The only crontab jobs on this server are managed by puppet - no manual edits or jobs have ever been created As you can see in the output below every client run results in the cronjob still existing for the www-data user and another entry being generated in the root users crontab: <pre> client puppetd run: [user@HOSTNAME ~]$ date Sat Aug 25 07:52:20 UTC 2012 [user@HOSTNAME ~]$ sudo puppetd -t info: Caching catalog for HOSTNAME info: Applying configuration version '1345880642' notice: /Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user changed 'www-data' to 'root' notice: /Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target: target changed 'www-data' to 'root' notice: Finished catalog run in 31.34 seconds [user@HOSTNAME ~]$ --------------- 'www-data' crontab after run: [user@HOSTNAME ~]$ date Sat Aug 25 07:53:36 UTC 2012 [user@HOSTNAME ~]$ sudo -u www-data crontab -l # HEADER: This file was autogenerated at Fri Aug 24 20:09:06 +0000 2012 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: s3_logger_crond 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/crond -l /var/has/log/s3_logrotate/HOSTNAME_crond -s secret_key_here -k key_here # Puppet Name: s3_logger_nginx 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/nginx -l /var/has/log/s3_logrotate/HOSTNAME_nginx -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_api 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /data/log/api -l /var/has/log/s3_logrotate/HOSTNAME_api -s 'secret_key_here' -k 'key_here' [user@HOSTNAME ~]$ ------------------ 'root' crontab after run: [user@HOSTNAME ~]$ date Sat Aug 25 07:54:15 UTC 2012 [user@HOSTNAME ~]$ sudo -u root crontab -l # HEADER: This file was autogenerated at Sat Aug 25 07:53:08 +0000 2012 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: puppet_clientbucket_cleanup 15 1 * * * /usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -exec rm {} \; # Puppet Name: s3_logger_php-fpm_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_php-fpm.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_nginx_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_nginx.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_crond_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_crond.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_supervisord_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_supervisord.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_api_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_api.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_php-fpm 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/php-fpm -l /var/has/log/s3_logrotate/HOSTNAME_php-fpm -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' [user@HOSTNAME ~]$ ------------------ manifest: class s3_logrotate::supervisord ($secret, $key, $bucket,$path='/var/has/log/supervisord') { include s3_logrotate Cron { require => Class["s3_logrotate"] } cron { "s3_logger_supervisord": command => "/var/has/s3_logrotate/bin/s3_logrotate.py -b $bucket -p $path -l /var/has/log/s3_logrotate/${hostname}_supervisord -s '${secret}' -k '${key}'", user => root, # this used to be www-data but supervisord logs as root minute => 40, hour => 23; "s3_logger_supervisord_cleanup": command => "/bin/find /var/has/log/s3_logrotate -name '${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;", user => root, minute => 35, hour => 23; } } </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
