[Puppet - Bug #16121] Cron user change results in duplicate entries on target user

Mon, 27 Aug 2012 09:06:42 -0700 

Issue #16121 has been updated by Stefan Schulte.


Peter -

the parsedfile provider parses a list of records from all known files during 
prefetch (this means a record has to be unique across all files). If puppet 
detects that the target property is incorrect, the target property is changed 
and both files (old target and new target) are marked as dirty so flush should 
rewrite both files.

Since crontab makes use of the parsedfile provider I would have expected two 
writes here:
<pre>
1282:debug: Prefetching crontab resources for cron
1323:notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user 
changed 'www-data' to 'root'
1324:notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target: 
target changed 'www-data' to 'root'
1325:debug: Flushing cron provider target root
</pre>
I would have expected another `Flushing cron provider target www-data` here.

@Chris:

Can you please take Peter's advice and build a simple manifest of just your 
cron resource and put it in one file e.g.
<pre>
# /tmp/test.pp
cron {
...
}
cron {
...
}
</pre>
you can then run `puppet apply -v -d /tmp/test.pp` and see what happens.
----------------------------------------
Bug #16121: Cron user change results in duplicate entries on target user
https://projects.puppetlabs.com/issues/16121#change-69869

Author: Chris Henry
Status: Needs More Information
Priority: Normal
Assignee: Chris Henry
Category: cron
Target version: 
Affected Puppet version: 
Keywords: 
Branch: 


Running puppetmaster 2.7.13 and puppetd 2.7.13 on Centos6

We have a puppet module that installs some scripts and creates a cronjob to 
pickup gzip'd logs and upload them to s3.  I mistakenly created the cron job as 
the user 'www-data' initially - but later found out that the supervisord daemon 
logs as 'root' - so I changed the user of a puppet cronjob from 'www-data' -> 
'root'.  

On a puppetd run the client successfully detects the change and returns a 
notice that it is changing users for the cron job - but the end result is that 
the cron job is not removed for the www-data user and a duplicate job is create 
on the root users crontab.

I didn't notice this for about a day but when I looked I saw that there were 
many duplicate entries in the root users crontab for this job - presumably one 
for each puppetd run.

The only crontab jobs on this server are managed by puppet - no manual edits or 
jobs have ever been created

As you can see in the output below every client run results in the cronjob 
still existing for the www-data user and another entry being generated in the 
root users crontab:
<pre>
client puppetd run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:52:20 UTC 2012
[user@HOSTNAME ~]$ sudo puppetd -t
info: Caching catalog for HOSTNAME
info: Applying configuration version '1345880642'
notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user 
changed 'www-data' to 'root'
notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target: 
target changed 'www-data' to 'root'
notice: Finished catalog run in 31.34 seconds
[user@HOSTNAME ~]$

---------------
'www-data' crontab after run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:53:36 UTC 2012
[user@HOSTNAME ~]$ sudo -u www-data crontab -l
# HEADER: This file was autogenerated at Fri Aug 24 20:09:06 +0000 2012 by 
puppet.
# HEADER: While it can still be managed manually, it is definitely not 
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: s3_logger_crond
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/crond -l /var/has/log/s3_logrotate/HOSTNAME_crond -s 
secret_key_here -k key_here
# Puppet Name: s3_logger_nginx
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/nginx -l /var/has/log/s3_logrotate/HOSTNAME_nginx -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_api
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/data/log/api -l /var/has/log/s3_logrotate/HOSTNAME_api -s 'secret_key_here' -k 
'key_here'
[user@HOSTNAME ~]$
------------------
'root' crontab after run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:54:15 UTC 2012
[user@HOSTNAME ~]$ sudo -u root crontab -l
# HEADER: This file was autogenerated at Sat Aug 25 07:53:08 +0000 2012 by 
puppet.
# HEADER: While it can still be managed manually, it is definitely not 
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: puppet_clientbucket_cleanup
15 1 * * * /usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -exec 
rm {} \;
# Puppet Name: s3_logger_php-fpm_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_php-fpm.*' 
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_nginx_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_nginx.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_crond_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_crond.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_supervisord_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_supervisord.*' 
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_api_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_api.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_php-fpm
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/php-fpm -l /var/has/log/s3_logrotate/HOSTNAME_php-fpm -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
[user@HOSTNAME ~]$

------------------
manifest:
class s3_logrotate::supervisord ($secret, $key, 
$bucket,$path='/var/has/log/supervisord') {
    include s3_logrotate

    Cron {
        require => Class["s3_logrotate"]
    }
    cron {
        "s3_logger_supervisord":
            command  => "/var/has/s3_logrotate/bin/s3_logrotate.py -b $bucket 
-p $path -l /var/has/log/s3_logrotate/${hostname}_supervisord -s '${secret}' -k 
'${key}'",
            user     => root, # this used to be www-data but supervisord logs 
as root
            minute   => 40,
            hour     => 23;

        "s3_logger_supervisord_cleanup":
            command  => "/bin/find /var/has/log/s3_logrotate -name 
'${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;",
            user     => root,
            minute   => 35,
            hour     => 23;
    }
}
</pre>


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to