Hello, I was wondering if anyone can spot the mistake I am making in
the file-fragments pattern below. I am assembling the sudo file using
fragments, with a "validate check file" step that confirms if the
assembled file is valid. The '/etc/sudoers' file should only be
overwritten if the check file is valid.
I accidentally created an invalid sudoers file, which failed the
validation check. Puppet still copied this invalid file to /etc/
sudoers. The dependency Exec["Validate_Check_File"] ->
File["Make_Sudo_File_Live"] was not honored and I am trying to
understand the reason.
The class and puppet output are below. I am using puppet 2.6.9.
Thank you,
Jon
=========
class s_sudo (
$wheel_req_password = true
) inherits s_sudo::params {
### Assemble the sudo check file from fragments
file { "Sudo_Fragment_Directory":
path => "${s_sudo::params::sudo_fragment_directory}",
ensure => directory,
purge => true,
recurse => true,
}
file {"Sudo_Header":
path => "${s_sudo::params::sudo_header_file}",
content => template("s_sudo/00-sudobase.erb"),
notify => Exec["Assemble_Sudo_Fragments"];
}
exec { "Assemble_Sudo_Fragments":
command => "/bin/cat $
{s_sudo::params::sudo_fragment_directory}/* > $
{s_sudo::params::sudo_check_file}",
refreshonly => true,
subscribe => File["Sudo_Fragment_Directory"],
}
file { "Sudo_Check_File": # Secure the check file
path => "${s_sudo::params::sudo_check_file}",
mode => 644,
require => Exec["Assemble_Sudo_Fragments"];
}
### Validate sudo file before making live
Exec["Assemble_Sudo_Fragments"] ~> Exec["Validate_Check_File"] ->
File["Make_Sudo_File_Live"]
exec {"Validate_Check_File":
command => "visudo -cf $
{s_sudo::params::sudo_check_file}",
refreshonly => true,
}
file {"Make_Sudo_File_Live":
path => "/etc/sudoers",
source => "${s_sudo::params::sudo_check_file}",
mode => 440,
owner => root,
group => root,
}
}
======================
notice: /Stage[main]/S_sudo/File[Sudo_Fragment_Directory]/ensure:
created
info: /Stage[main]/S_sudo/File[Sudo_Fragment_Directory]: Scheduling
refresh of Exec[Assemble_Sudo_Fragments]
notice: /Stage[main]/S_sudo/File[Sudo_Header]/ensure: defined content
as '{md5}42b4c36c629f3a9c451d3dc783a851cb'
info: /Stage[main]/S_sudo/File[Sudo_Header]: Scheduling refresh of
Exec[Assemble_Sudo_Fragments]
notice: /Stage[main]/S_sudo/Exec[Assemble_Sudo_Fragments]: Triggered
'refresh' from 2 events
info: /Stage[main]/S_sudo/Exec[Assemble_Sudo_Fragments]: Scheduling
refresh of Exec[Validate_Check_File]
>>>>> ERROR >>>> err: /Stage[main]/S_sudo/Exec[Validate_Check_File]: Failed to
>>>>> call refresh: visudo -cf /tmp/sudo.check returned 1 instead of one of [0]
>>>>> at /etc/puppet/modules/environments/dev/s_sudo/manifests/init.pp:52
info: FileBucket adding {md5}f298d1064df9009a1603d76ed90ed90f
info: /Stage[main]/S_sudo/File[Make_Sudo_File_Live]: Filebucketed /etc/
sudoers to puppet with sum f298d1064df9009a1603d76ed90ed90f
notice: /Stage[main]/S_sudo/File[Make_Sudo_File_Live]/content: content
changed '{md5}f298d1064df9009a1603d76ed90ed90f' to '{md5}
42b4c36c629f3a9c451d3dc783a851cb'
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
