On Tuesday, May 27, 2014 3:04:50 PM UTC-5, nix wrote:
>
> I would like puppet be able to set the immutable attribute on selected
> directory mount points before mounting on CentOS.
>
>
That's not gonna happen unless you can be certain that Puppet will run only
when there isn't yet anything mounted on the mount points in question, or
unless you're willing for Puppet to force the relevant file system
unmounted in order to check and possibly change the attributes of the mount
point directory.
If you're going to rely on Puppet to create the mountpoint directory,
however, then you can approximate that by setting the desired attributes
when Puppet does so, and otherwise not managing them.
> I already have the mountpoints managed by puppet, so their existence is
> ensured prior to the mount, but how do I add the immutable flag?
>
>
The issue here is that the OS actively obscures the distinction between the
mount point directory and the root of the file system mounted on it. When
anything is mounted on the mount point, you cannot touch the mount point
itself -- its path refers instead to the mounted filesystem root. That's
outside Puppet's control.
> I know puppet does not natively support extended attributes, what is a
> decent work-around?
>
Generally speaking, you can use an Exec to run chattr. That Exec's
'unless' parameter can and should be used to run lsattr to check whether
any attribute change is needed.
For example:
file { '/mnt/foo':
ensure => 'directory'
}
exec { 'immutable /mnt/foo':
command => 'chattr +i /mnt/foo',
unless => 'lsattr -d /mnt/foo | grep -q "^[A-Za-z-]i"',
path => '/usr/sbin:/sbin:/usr/bin:/bin',
refreshonly => true,
subscribe => File['/mnt/foo']
}
That Exec's command will run (ensuring that 'i' is among the directory's
attributes) only if Puppet creates /mnt/foo or replaces a file of that name
with a directory, and in that case, only if the directory's attributes do
not already include 'i'.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/569dd747-cd72-4454-9f95-68eaefeb6922%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
