Issue #16121 has been updated by Stefan Schulte.
Try adding the following to your file
<pre>
cron { 'no_such_cron':
ensure => absent,
user => 'www-data',
}
</pre>
The problem you are hitting now is of another kind: As I said puppet will parse
all targets (crontabs) and stores every record in memory. But puppet will not
actively search for all possible crontabs that may be out there (while this
might be possible by parsing `/var/spool/cron` or executing crontab -l for
every user on the system). As a result if you only have cron resources for user
`www-data` puppet does not care if the same entry is present in `root`'s
crontab. However if you start to manage **any** crontab for `root`, puppet
becomes aware of `root`'s crontab. That is why I specified a resource above
that is always in sync. Just to force puppet to parse the crontab of `www-data`.
----------------------------------------
Bug #16121: Cron user change results in duplicate entries on target user
https://projects.puppetlabs.com/issues/16121#change-69931
Author: Chris Henry
Status: Needs More Information
Priority: Normal
Assignee: Chris Henry
Category: cron
Target version:
Affected Puppet version:
Keywords:
Branch:
Running puppetmaster 2.7.13 and puppetd 2.7.13 on Centos6
We have a puppet module that installs some scripts and creates a cronjob to
pickup gzip'd logs and upload them to s3. I mistakenly created the cron job as
the user 'www-data' initially - but later found out that the supervisord daemon
logs as 'root' - so I changed the user of a puppet cronjob from 'www-data' ->
'root'.
On a puppetd run the client successfully detects the change and returns a
notice that it is changing users for the cron job - but the end result is that
the cron job is not removed for the www-data user and a duplicate job is create
on the root users crontab.
I didn't notice this for about a day but when I looked I saw that there were
many duplicate entries in the root users crontab for this job - presumably one
for each puppetd run.
The only crontab jobs on this server are managed by puppet - no manual edits or
jobs have ever been created
As you can see in the output below every client run results in the cronjob
still existing for the www-data user and another entry being generated in the
root users crontab:
<pre>
client puppetd run:
[user@HOSTNAME ~]$ date
Sat Aug 25 07:52:20 UTC 2012
[user@HOSTNAME ~]$ sudo puppetd -t
info: Caching catalog for HOSTNAME
info: Applying configuration version '1345880642'
notice:
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user
changed 'www-data' to 'root'
notice:
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target:
target changed 'www-data' to 'root'
notice: Finished catalog run in 31.34 seconds
[user@HOSTNAME ~]$
---------------
'www-data' crontab after run:
[user@HOSTNAME ~]$ date
Sat Aug 25 07:53:36 UTC 2012
[user@HOSTNAME ~]$ sudo -u www-data crontab -l
# HEADER: This file was autogenerated at Fri Aug 24 20:09:06 +0000 2012 by
puppet.
# HEADER: While it can still be managed manually, it is definitely not
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: s3_logger_crond
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/crond -l /var/has/log/s3_logrotate/HOSTNAME_crond -s
secret_key_here -k key_here
# Puppet Name: s3_logger_nginx
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/nginx -l /var/has/log/s3_logrotate/HOSTNAME_nginx -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_api
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/data/log/api -l /var/has/log/s3_logrotate/HOSTNAME_api -s 'secret_key_here' -k
'key_here'
[user@HOSTNAME ~]$
------------------
'root' crontab after run:
[user@HOSTNAME ~]$ date
Sat Aug 25 07:54:15 UTC 2012
[user@HOSTNAME ~]$ sudo -u root crontab -l
# HEADER: This file was autogenerated at Sat Aug 25 07:53:08 +0000 2012 by
puppet.
# HEADER: While it can still be managed manually, it is definitely not
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: puppet_clientbucket_cleanup
15 1 * * * /usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -exec
rm {} \;
# Puppet Name: s3_logger_php-fpm_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_php-fpm.*'
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_nginx_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_nginx.*' -mtime
+7 -exec rm {} \;
# Puppet Name: s3_logger_crond_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_crond.*' -mtime
+7 -exec rm {} \;
# Puppet Name: s3_logger_supervisord_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_supervisord.*'
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_api_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_api.*' -mtime
+7 -exec rm {} \;
# Puppet Name: s3_logger_php-fpm
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/php-fpm -l /var/has/log/s3_logrotate/HOSTNAME_php-fpm -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s
'secret_key_here' -k 'key_here'
[user@HOSTNAME ~]$
------------------
manifest:
class s3_logrotate::supervisord ($secret, $key,
$bucket,$path='/var/has/log/supervisord') {
include s3_logrotate
Cron {
require => Class["s3_logrotate"]
}
cron {
"s3_logger_supervisord":
command => "/var/has/s3_logrotate/bin/s3_logrotate.py -b $bucket
-p $path -l /var/has/log/s3_logrotate/${hostname}_supervisord -s '${secret}' -k
'${key}'",
user => root, # this used to be www-data but supervisord logs
as root
minute => 40,
hour => 23;
"s3_logger_supervisord_cleanup":
command => "/bin/find /var/has/log/s3_logrotate -name
'${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;",
user => root,
minute => 35,
hour => 23;
}
}
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
