stackoom
  简体   繁体   中英

Missing resources when running “puppet agent --noop”

 原文  2014-06-19 17:48:13       puppet

Question

I may have misunderstood how " puppet agent --noop " works:

In the definition of a class I set the existence of a file and I set it's user&group ownership and this is what I have when I un " puppet agent --noop " :

  • If the file doesn't exist, " puppet agent --noop " works fine
  • If the file exists but user or group doesn't exist, then " puppet agent --noop " fails complaining about the missing user or group.
  • If I simply run " puppet agent " (without " --noop ") it works fine: Doesn't matter if the user, group or file exists or not previously: it creates the group, the user and/or the file.

1st question: I suppose that the " --noop " run doesn't verify if the catalog is asking the missing resources to be created. Isn't it?

2nd question: Is there any way to do any kind of mocking to avoid the problem of missing resources when launching " --noop "?

Let's paste some code to show it: 

   # yes, it should better be virtual resources
   group { $at_group:
     ensure => "present"
   } 
   user { $at_user:
     ensure     => present,
     gid        => "$at_group",
     require    => Group[$at_group],
   } 

  file { '/etc/afile':
    owner   => $at_user,
    group   => $at_group,
    mode    => '0440',
    content => template('......erb')
    require => User[$at_user]
  }

output: 

# puppet agent --test --noop
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Caching catalog for pagent02
Info: Applying configuration version '1403055383'
Notice: /Stage[main]/Agalindotest::Install/Group[my_group]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/User[my_user]/ensure: current_value absent, should be present (noop)
Error: Could not find user my_user
Error: /Stage[main]/Agalindotest::Install/File[/etc/afile]/owner: change from 1001 to my_user failed: Could not find user my_user
Error: Could not find group my_group
Error: /Stage[main]/Agalindotest::Install/File[/etc/afiles]/group: change from 1001 to my_group failed: Could not find group my_group

Let's show how it works if the file doesn't exist:
then " puppet agent --test --noop " works like a charm: 

Notice: /Stage[main]/Agalindotest::Install/Group[my_group]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/User[my_user]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Agalindotest::Install/File[/etc/afile]/ensure: current_value absent, should be file (noop)

Thanks a lot!!
/ Angel

1 answers

solution1
 1 ACCPTED  2014-06-19 22:09:53

Unfortunately, there is currently no way to overcome this limitation.

The ensure property doesn't fail just on account of a missing owner - I believe the file will just end up owned by root. That is why the output is more pleasant when the file doesn't exist.

As for the behavior with an existing file: Each resource is considered individually, and the file resource must admit failure if the group does not exist when the file is evaluated. The fact that the group would (likely) be created without noop cannot be easily accounted for.

As for you idea of ignoring the issue under noop conditions if there is a user resource - that has merit, I believe. Would you raise that as a feature request at Puppet's Jira ?

Update

As of Puppet 3.3 you can use rely on the $clientnoop value that is supplied by the agent along with Facter facts. Please note that tailoring your manifest to avoid failures in noop mode has two consequences.

  1. The manifest itself becomes much less maintainable and comprehendible.
  2. The reporting from noop runs becomes inaccurate, because the "unsafe" property values are not part of the noop catalog

You could build the manifest like this: 

# this scenario does not actually call for virtual resources at all :-)
group { $at_group:
  ensure => "present"
} 
user { $at_user:
  ensure     => present,
  gid        => "$at_group",
  require    => Group[$at_group],
} 

file { '/etc/afile':
  mode    => '0440',
  content => template('......erb')
  # require => User[$at_user]  # <- not needed at all, Puppet autorequires the user and group
}

if ! $::clientnoop {
  File['/etc/afile'] {
    owner   => $at_user,
    group   => $at_group,
  }
}

The owner and group properties are ignored in noop mode, with the pros and cons as discussed above.

All things considered, I feel that this is not worth the hassle at all.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Puppet - noop all resources in a scope Puppet noop When Executable does not exist yet Vagrant running a puppet master with a puppet agent Getting “Cannot allocate memory” when running Puppet agent Error in ruby code when running puppet agent run Unwanted error message when running puppet agent on Solaris puppet agent .conf file missing on ubuntu 14.04 Running ssh-agent through puppet Error when performing a puppet agent run Puppet 400 Error when starting remote agent
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM