运行“人偶代理--noop”时资源丢失
[英]Missing resources when running “puppet agent --noop”
问题描述
I may have misunderstood how " puppet agent --noop " works: 
我可能误解了“ puppet agent --noop ”的工作原理:
In the definition of a class I set the existence of a file and I set it's user&group ownership and this is what I have when I un " puppet agent --noop " : 在类的定义中,我设置了一个文件的存在,并设置了它的用户和组所有权,这就是我取消“ puppet agent --noop ”时的状态:
- If the file doesn't exist, "
puppet agent --noop" works fine如果该文件不存在,则“ puppet agent --noop”可以正常工作 - If the file exists but user or group doesn't exist, then "
puppet agent --noop" fails complaining about the missing user or group.如果文件存在,但用户或组不存在,则“ puppet agent --noop”无法抱怨缺少的用户或组。 - If I simply run "
puppet agent" (without "--noop") it works fine: Doesn't matter if the user, group or file exists or not previously: it creates the group, the user and/or the file.如果我只运行“ puppet agent”(不带“--noop”),它就可以正常工作:用户,组或文件先前是否存在无关紧要:它将创建组,用户和/或文件。
1st question: I suppose that the " --noop " run doesn't verify if the catalog is asking the missing resources to be created. 第一个问题:我想“ --noop ”运行不会验证目录是否要求创建丢失的资源。 Isn't it? 是不是
2nd question: Is there any way to do any kind of mocking to avoid the problem of missing resources when launching " --noop "? 第二个问题:启动“时,有没有办法做任何一种嘲讽 ,以避免丢失资源的问题--noop ”?
Let's paste some code to show it: 让我们粘贴一些代码来显示它:
# yes, it should better be virtual resources
group { $at_group:
ensure => "present"
}
user { $at_user:
ensure => present,
gid => "$at_group",
require => Group[$at_group],
}
file { '/etc/afile':
owner => $at_user,
group => $at_group,
mode => '0440',
content => template('......erb')
require => User[$at_user]
}
output: 输出:
# puppet agent --test --noop
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Caching catalog for pagent02
Info: Applying configuration version '1403055383'
Notice: /Stage[main]/Agalindotest::Install/Group[my_group]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/User[my_user]/ensure: current_value absent, should be present (noop)
Error: Could not find user my_user
Error: /Stage[main]/Agalindotest::Install/File[/etc/afile]/owner: change from 1001 to my_user failed: Could not find user my_user
Error: Could not find group my_group
Error: /Stage[main]/Agalindotest::Install/File[/etc/afiles]/group: change from 1001 to my_group failed: Could not find group my_group
Let's show how it works if the file doesn't exist: 让我们展示一下文件不存在时的工作方式:
then " puppet agent --test --noop " works like a charm: 然后“ puppet agent --test --noop ”就像一个puppet agent --test --noop :
Notice: /Stage[main]/Agalindotest::Install/Group[my_group]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/User[my_user]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/File[/etc/afile]/ensure: current_value absent, should be file (noop)
Thanks a lot!! 非常感谢!!
/ Angel /天使
1 个解决方案
解决方案1
1 已采纳 2014-06-19 22:09:53
Unfortunately, there is currently no way to overcome this limitation. 不幸的是,目前没有办法克服这一限制。
The ensure property doesn't fail just on account of a missing owner - I believe the file will just end up owned by root. ensure属性不会仅由于缺少所有者而失败-我相信文件最终将最终归root拥有。 That is why the output is more pleasant when the file doesn't exist. 这就是为什么文件不存在时输出更令人愉悦的原因。
As for the behavior with an existing file: Each resource is considered individually, and the file resource must admit failure if the group does not exist when the file is evaluated. 关于现有文件的行为:单独考虑每个资源,并且在评估文件时如果该组不存在,则文件资源必须承认失败。 The fact that the group would (likely) be created without noop cannot be easily accounted for. 创建该组(可能)不使用noop的事实不容易解释。
As for you idea of ignoring the issue under noop conditions if there is a user resource - that has merit, I believe. 至于您的想法,我认为如果有用户资源,那就在无条件的情况下忽略该问题。 Would you raise that as a feature request at Puppet's Jira ? 您是否会在Puppet的Jira中提出这一功能请求?
Update 更新
As of Puppet 3.3 you can use rely on the $clientnoop value that is supplied by the agent along with Facter facts. 从Puppet 3.3您可以依赖于由代理提供的$clientnoop值以及Facter事实。 Please note that tailoring your manifest to avoid failures in noop mode has two consequences. 请注意,调整清单以避免在noop模式下失败有两个后果。
- The manifest itself becomes much less maintainable and comprehendible. 清单本身变得难以维护和理解。
- The reporting from
noopruns becomes inaccurate, because the "unsafe" property values are not part of thenoopcatalog由于“不安全”属性值不是noop目录的一部分,因此noop运行的报告变得不准确。
You could build the manifest like this: 您可以这样构建清单:
# this scenario does not actually call for virtual resources at all :-)
group { $at_group:
ensure => "present"
}
user { $at_user:
ensure => present,
gid => "$at_group",
require => Group[$at_group],
}
file { '/etc/afile':
mode => '0440',
content => template('......erb')
# require => User[$at_user] # <- not needed at all, Puppet autorequires the user and group
}
if ! $::clientnoop {
File['/etc/afile'] {
owner => $at_user,
group => $at_group,
}
}
The owner and group properties are ignored in noop mode, with the pros and cons as discussed above. 在noop模式下, owner和group属性将被忽略,具有上述优点和缺点。
All things considered, I feel that this is not worth the hassle at all. 考虑到所有事情,我觉得这根本不值得麻烦。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.