I have an EXEC command that has an onlyif condition. When I have my puppet
service running as the correct user account, all goes well.
When the puppet agent is running under an inadequately privileged account,
some operations fail silently.
During a maintenance action, another staff member tried to upgrade the
puppet agent.
When that didn't work with our version of enterprise, he reinstalled
puppet, but forgot to change the service accounts to be our special puppet
user.
That puppet user has access to Team Foundation Server while the default
account (NT System) does not.
I expected that puppet enterprise would show error messages in the log and
show agent runs as failing.
IT DID NOT.
To diagnose the problem, I started a special shell using "Psexec.exe -i -s
cmd.exe". This sysinternals tool allows me to impersonate "nt
authority\system".
While running under that account, I verified that my EXEC command and the
accompanying "onlyif" command each fail with error code 1.
The EXEC command being run is "TF.EXE" with the "VIEW" option, the Team
Foundation Server command line executable.
The onlyif command is a shell call to "ruby.exe" which executes a rub
script that also calls TF.EXE, this time with the "HISTORY" option.
The basic idea is that I call TF HISTORY to see if there is a newer file
than the one I have extracted. If there is, then I return one value to
indicate that EXEC should do its job.
If there is no newer file then I return a code that indicates no changes
occurred and EXEC should not perform its action.
If TF.EXE returns an error code in the onlyif command, I decided to tell
EXEC that it shoudl try to get the file whether it needs to or not.
Running both TF VIEW and RUBY (which calls TF HISTORY) in the special shell
with the wrong user yields return codes of "1".
This should mean the the EXEC failed, but it does not log failure.
What should I do?
Here is a fragment of my puppet code:
exec { "tf view ${filename} /version:${versionspec}":
command => $tfview_cmd,
path => $exec_path,
cwd => $tf_dir_unix,
onlyif => $tfhistory_cmd,
returns => ["0"],
logoutput => true,
require => Class['tfview::tfcomponents']
}
I am running agents on Windows 2008R2.
Paul
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/982853f4-45dd-4e80-a339-fcc85ed59318%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
