I have my sudoers setup as per the puppet training class recommendation:
file { "/etc/sudoers.check":
content => template("etc/sudoers.erb"),
mode => 440,
notify => Exec['sudo-check'],
}
exec { 'sudo-check':
path => '/usr/sbin:/usr/bin',
command => 'visudo -c -f /etc/sudoers.check',
unless => "diff /etc/sudoers.check /etc/sudoers",
require => File['/etc/sudoers.check'],
}
file { "/etc/sudoers":
ensure => present,
mode => 440,
require => [Exec['sudo-check'],Package["sudo"]],
source => '/etc/sudoers.check',
}
That works wonderfully on three out of four of our OS/arch combinations
(Centos4/32-bit, Centos5/32-bit, Centos5/64-bit). However, on all of
our Centos4/64-bit machines, we have inconsistent hangs, with the
following error:
err: //etc/Exec[sudo-check]/unless: Check "diff /etc/sudoers.check
/etc/sudoers" exceeded timeout
Running the diff by hand returns instantaneously, and it does not seem
to matter (for the purposes of the hanging) if there is an actual change
between sudoers.check and sudoers. I've run puppet using --debug, with
nothing more helpful showing up. I've also run it under strace, and
after pruning out all of the useless garbage, I'm left with not much. I
put it up at http://www.nwind.net/puppet.strace if you want to look.
The versions of ruby and puppet all match across all 4 platforms. Any
idea where I should look next?
David
signature.asc
Description: Digital signature
