[Puppet - Bug #16121] (In Topic Branch Pending Review) Cron user change results in duplicate entries on target user

[tickets]

Issue #16121 has been updated by Stefan Schulte.

Status changed from Needs More Information to In Topic Branch Pending Review
Assignee deleted (Stefan Schulte)

fix provided in #16809
----------------------------------------
Bug #16121: Cron user change results in duplicate entries on target user
https://projects.puppetlabs.com/issues/16121#change-74528

Author: Chris Henry
Status: In Topic Branch Pending Review
Priority: Normal
Assignee: 
Category: cron
Target version: 
Affected Puppet version: 
Keywords: 
Branch: 


Running puppetmaster 2.7.13 and puppetd 2.7.13 on Centos6

We have a puppet module that installs some scripts and creates a cronjob to 
pickup gzip'd logs and upload them to s3.  I mistakenly created the cron job as 
the user 'www-data' initially - but later found out that the supervisord daemon 
logs as 'root' - so I changed the user of a puppet cronjob from 'www-data' -> 
'root'.  

On a puppetd run the client successfully detects the change and returns a 
notice that it is changing users for the cron job - but the end result is that 
the cron job is not removed for the www-data user and a duplicate job is create 
on the root users crontab.

I didn't notice this for about a day but when I looked I saw that there were 
many duplicate entries in the root users crontab for this job - presumably one 
for each puppetd run.

The only crontab jobs on this server are managed by puppet - no manual edits or 
jobs have ever been created

As you can see in the output below every client run results in the cronjob 
still existing for the www-data user and another entry being generated in the 
root users crontab:
<pre>
client puppetd run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:52:20 UTC 2012
[user@HOSTNAME ~]$ sudo puppetd -t
info: Caching catalog for HOSTNAME
info: Applying configuration version '1345880642'
notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user 
changed 'www-data' to 'root'
notice: 
/Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target: 
target changed 'www-data' to 'root'
notice: Finished catalog run in 31.34 seconds
[user@HOSTNAME ~]$

---------------
'www-data' crontab after run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:53:36 UTC 2012
[user@HOSTNAME ~]$ sudo -u www-data crontab -l
# HEADER: This file was autogenerated at Fri Aug 24 20:09:06 +0000 2012 by 
puppet.
# HEADER: While it can still be managed manually, it is definitely not 
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: s3_logger_crond
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/crond -l /var/has/log/s3_logrotate/HOSTNAME_crond -s 
secret_key_here -k key_here
# Puppet Name: s3_logger_nginx
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/nginx -l /var/has/log/s3_logrotate/HOSTNAME_nginx -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_api
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/data/log/api -l /var/has/log/s3_logrotate/HOSTNAME_api -s 'secret_key_here' -k 
'key_here'
[user@HOSTNAME ~]$
------------------
'root' crontab after run:

[user@HOSTNAME ~]$ date
Sat Aug 25 07:54:15 UTC 2012
[user@HOSTNAME ~]$ sudo -u root crontab -l
# HEADER: This file was autogenerated at Sat Aug 25 07:53:08 +0000 2012 by 
puppet.
# HEADER: While it can still be managed manually, it is definitely not 
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: puppet_clientbucket_cleanup
15 1 * * * /usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -exec 
rm {} \;
# Puppet Name: s3_logger_php-fpm_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_php-fpm.*' 
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_nginx_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_nginx.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_crond_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_crond.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_supervisord_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_supervisord.*' 
-mtime +7 -exec rm {} \;
# Puppet Name: s3_logger_api_cleanup
35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_api.*' -mtime 
+7 -exec rm {} \;
# Puppet Name: s3_logger_php-fpm
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/php-fpm -l /var/has/log/s3_logrotate/HOSTNAME_php-fpm -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
# Puppet Name: s3_logger_supervisord
40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p 
/var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 
'secret_key_here' -k 'key_here'
[user@HOSTNAME ~]$

------------------
manifest:
class s3_logrotate::supervisord ($secret, $key, 
$bucket,$path='/var/has/log/supervisord') {
    include s3_logrotate

    Cron {
        require => Class["s3_logrotate"]
    }
    cron {
        "s3_logger_supervisord":
            command  => "/var/has/s3_logrotate/bin/s3_logrotate.py -b $bucket 
-p $path -l /var/has/log/s3_logrotate/${hostname}_supervisord -s '${secret}' -k 
'${key}'",
            user     => root, # this used to be www-data but supervisord logs 
as root
            minute   => 40,
            hour     => 23;

        "s3_logger_supervisord_cleanup":
            command  => "/bin/find /var/has/log/s3_logrotate -name 
'${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;",
            user     => root,
            minute   => 35,
            hour     => 23;
    }
}
</pre>


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.