Issue #16121 has been updated by Chris Henry.
creating a simple manifest with the 2 cron jobs to mimic my manifest has a little different behavior. Specifically it does not re-add the root cron job over and over and over - but it still does not delete the www-data user's entry before creating the root user entry on the first run after flipping the 'user' parameter on the cron: <pre> verify no cron jobs: [user@p-HOSTNAME tmp]$ sudo -u www-data crontab -l |grep -A 2 "s3_logger_supervisord$" [user@p-HOSTNAME tmp]$ sudo -u root crontab -l |grep -A 2 "s3_logger_supervisord$" -- test manifest adds www-data user cron job: [user@p-HOSTNAME tmp]$ cat test.pp cron { "s3_logger_supervisord": command => "/var/has/s3_logrotate/bin/s3_logrotate.py -b bucket -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key' -k 'key'", user => www-data, minute => 40, hour => 23; "s3_logger_supervisord_cleanup": command => "/bin/find /var/has/log/s3_logrotate -name '${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;", user => root, minute => 35, hour => 23; } -- apply test manifest (creates www-data user cron job) [user@p-HOSTNAME tmp]$ sudo puppet apply -v -d ./test.pp debug: Creating default schedules debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/public_keys/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: Finishing transaction 69953800229580 debug: Loaded state in 0.02 seconds debug: Loaded state in 0.02 seconds info: Applying configuration version '1346099302' debug: /Schedule[daily]: Skipping device resources because running on a host debug: /Schedule[monthly]: Skipping device resources because running on a host debug: /Schedule[hourly]: Skipping device resources because running on a host debug: /Schedule[never]: Skipping device resources because running on a host debug: /Schedule[weekly]: Skipping device resources because running on a host debug: Prefetching crontab resources for cron notice: /Stage[main]//Cron[s3_logger_supervisord]/ensure: created debug: Flushing cron provider target www-data debug: /Stage[main]//Cron[s3_logger_supervisord]: The container Class[Main] will propagate my refresh event debug: /Schedule[puppet]: Skipping device resources because running on a host debug: Class[Main]: The container Stage[main] will propagate my refresh event debug: Finishing transaction 69953799442880 debug: Storing state debug: Stored state in 0.31 seconds notice: Finished catalog run in 0.48 seconds debug: Finishing transaction 69953800562740 debug: Received report to process from p-HOSTNAME.use01.plat.priv debug: Processing report from p-HOSTNAME.use01.plat.priv with processor Puppet::Reports::Store -- replace www-data user with root in test manifest [user@p-HOSTNAME tmp]$ sed -i 's/www-data/root/g' test.pp -- test manifest now adds root user cron job: [user@p-HOSTNAME tmp]$ cat test.pp cron { "s3_logger_supervisord": command => "/var/has/s3_logrotate/bin/s3_logrotate.py -b bucket -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key' -k 'key'", user => root, minute => 40, hour => 23; "s3_logger_supervisord_cleanup": command => "/bin/find /var/has/log/s3_logrotate -name '${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;", user => root, minute => 35, hour => 23; } -- apply test manifest (should delete www-data user cron job and create root user cron job - but doesn't) [user@p-HOSTNAME tmp]$ sudo puppet apply -v -d ./test.pp debug: Creating default schedules debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/public_keys/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys/p-HOSTNAME.use01.plat.priv.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: Finishing transaction 69884944804720 debug: Loaded state in 0.02 seconds debug: Loaded state in 0.02 seconds info: Applying configuration version '1346099316' debug: /Schedule[daily]: Skipping device resources because running on a host debug: /Schedule[monthly]: Skipping device resources because running on a host debug: /Schedule[hourly]: Skipping device resources because running on a host debug: /Schedule[never]: Skipping device resources because running on a host debug: /Schedule[weekly]: Skipping device resources because running on a host debug: Prefetching crontab resources for cron notice: /Stage[main]//Cron[s3_logger_supervisord]/ensure: created debug: Flushing cron provider target root debug: /Stage[main]//Cron[s3_logger_supervisord]: The container Class[Main] will propagate my refresh event debug: /Schedule[puppet]: Skipping device resources because running on a host debug: Class[Main]: The container Stage[main] will propagate my refresh event debug: Finishing transaction 69884944021460 debug: Storing state debug: Stored state in 0.29 seconds notice: Finished catalog run in 0.42 seconds debug: Finishing transaction 69884945144080 debug: Received report to process from p-HOSTNAME.use01.plat.priv debug: Processing report from p-HOSTNAME.use01.plat.priv with processor Puppet::Reports::Store -- verify www-data user crontab after [user@p-HOSTNAME tmp]$ sudo -u www-data crontab -l |grep -A 2 "s3_logger_supervisord$" # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key' -k 'key' -- verify root user crontab after [user@p-HOSTNAME tmp]$ sudo -u root crontab -l |grep -A 2 "s3_logger_supervisord$" # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key' -k 'key' [user@p-HOSTNAME tmp]$ </pre> ---------------------------------------- Bug #16121: Cron user change results in duplicate entries on target user https://projects.puppetlabs.com/issues/16121#change-69919 Author: Chris Henry Status: Needs More Information Priority: Normal Assignee: Chris Henry Category: cron Target version: Affected Puppet version: Keywords: Branch: Running puppetmaster 2.7.13 and puppetd 2.7.13 on Centos6 We have a puppet module that installs some scripts and creates a cronjob to pickup gzip'd logs and upload them to s3. I mistakenly created the cron job as the user 'www-data' initially - but later found out that the supervisord daemon logs as 'root' - so I changed the user of a puppet cronjob from 'www-data' -> 'root'. On a puppetd run the client successfully detects the change and returns a notice that it is changing users for the cron job - but the end result is that the cron job is not removed for the www-data user and a duplicate job is create on the root users crontab. I didn't notice this for about a day but when I looked I saw that there were many duplicate entries in the root users crontab for this job - presumably one for each puppetd run. The only crontab jobs on this server are managed by puppet - no manual edits or jobs have ever been created As you can see in the output below every client run results in the cronjob still existing for the www-data user and another entry being generated in the root users crontab: <pre> client puppetd run: [user@HOSTNAME ~]$ date Sat Aug 25 07:52:20 UTC 2012 [user@HOSTNAME ~]$ sudo puppetd -t info: Caching catalog for HOSTNAME info: Applying configuration version '1345880642' notice: /Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/user: user changed 'www-data' to 'root' notice: /Stage[main]/S3_logrotate::Supervisord/Cron[s3_logger_supervisord]/target: target changed 'www-data' to 'root' notice: Finished catalog run in 31.34 seconds [user@HOSTNAME ~]$ --------------- 'www-data' crontab after run: [user@HOSTNAME ~]$ date Sat Aug 25 07:53:36 UTC 2012 [user@HOSTNAME ~]$ sudo -u www-data crontab -l # HEADER: This file was autogenerated at Fri Aug 24 20:09:06 +0000 2012 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: s3_logger_crond 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/crond -l /var/has/log/s3_logrotate/HOSTNAME_crond -s secret_key_here -k key_here # Puppet Name: s3_logger_nginx 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/nginx -l /var/has/log/s3_logrotate/HOSTNAME_nginx -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_api 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /data/log/api -l /var/has/log/s3_logrotate/HOSTNAME_api -s 'secret_key_here' -k 'key_here' [user@HOSTNAME ~]$ ------------------ 'root' crontab after run: [user@HOSTNAME ~]$ date Sat Aug 25 07:54:15 UTC 2012 [user@HOSTNAME ~]$ sudo -u root crontab -l # HEADER: This file was autogenerated at Sat Aug 25 07:53:08 +0000 2012 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: puppet_clientbucket_cleanup 15 1 * * * /usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -exec rm {} \; # Puppet Name: s3_logger_php-fpm_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_php-fpm.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_nginx_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_nginx.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_crond_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_crond.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_supervisord_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_supervisord.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_api_cleanup 35 23 * * * /bin/find /var/has/log/s3_logrotate -name 'HOSTNAME_api.*' -mtime +7 -exec rm {} \; # Puppet Name: s3_logger_php-fpm 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/php-fpm -l /var/has/log/s3_logrotate/HOSTNAME_php-fpm -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' # Puppet Name: s3_logger_supervisord 40 23 * * * /var/has/s3_logrotate/bin/s3_logrotate.py -b bucket_name -p /var/has/log/supervisord -l /var/has/log/s3_logrotate/HOSTNAME_supervisord -s 'secret_key_here' -k 'key_here' [user@HOSTNAME ~]$ ------------------ manifest: class s3_logrotate::supervisord ($secret, $key, $bucket,$path='/var/has/log/supervisord') { include s3_logrotate Cron { require => Class["s3_logrotate"] } cron { "s3_logger_supervisord": command => "/var/has/s3_logrotate/bin/s3_logrotate.py -b $bucket -p $path -l /var/has/log/s3_logrotate/${hostname}_supervisord -s '${secret}' -k '${key}'", user => root, # this used to be www-data but supervisord logs as root minute => 40, hour => 23; "s3_logger_supervisord_cleanup": command => "/bin/find /var/has/log/s3_logrotate -name '${hostname}_supervisord.*' -mtime +7 -exec rm {} \\;", user => root, minute => 35, hour => 23; } } </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to puppet-bugs@googlegroups.com. To unsubscribe from this group, send email to puppet-bugs+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.