Hi
the following exec fails with the trace added:
exec{"create_gitosis_git":
command => "gitosis-init < initial_admin_pubkey.puppet",
cwd => "/home/git",
unless => "test -d /home/git/repositories",
user => git,
path => "/bin:/sbin:/usr/sbin:/usr/bin",
}
# puppet --debug --trace foo.pp
info: Loading fact interfaces
info: Loading fact xen
info: Loading fact acpi_available
info: Loading fact selinux
info: Loading fact urm
info: Loading fact edac_module
info: Loading fact virtual
info: Loading fact pbp
info: Loading fact sshkeys
info: Loading fact configured_ntp_servers
info: Loading fact ucm_remote_publickey
info: Loading fact mysql
info: Loading fact vserver
debug: Creating default schedules
debug: //Exec[create_gitosis_git]: Executing check 'test -d
/home/git/repositories'
debug: Executing 'test -d /home/git/repositories'
debug: //Exec[create_gitosis_git]: Changing returns
debug: //Exec[create_gitosis_git]: 1 change(s)
debug: //Exec[create_gitosis_git]: Executing 'gitosis-init <
initial_admin_pubkey.puppet'
debug: Executing 'gitosis-init < initial_admin_pubkey.puppet'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:602:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/execution.rb:14:in `withenv'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:594:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:568:in `chdir'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:568:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:111:in `sync'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:54:in `go'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:72:in `forward'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:118:in `apply_changes'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `apply_changes'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in `eval_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in `eval_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply'
/usr/bin/puppet:233
err: //Exec[create_gitosis_git]/returns: change from notrun to 0 failed:
debug: Finishing transaction 23489170055520 with 1 changes
The exitcode of the suidmanager.execution is 256.
However if I add the "env -i" exec, everything works fine:
exec{"create_gitosis_git":
command => "env -i gitosis-init < initial_admin_pubkey.puppet",
cwd => "/home/git",
unless => "test -d /home/git/repositories",
user => git,
path => "/bin:/sbin:/usr/sbin:/usr/bin",
}
# puppet --debug --trace foo2.pp
info: Loading fact interfaces
info: Loading fact xen
info: Loading fact acpi_available
info: Loading fact selinux
info: Loading fact urm
info: Loading fact edac_module
info: Loading fact virtual
info: Loading fact pbp
info: Loading fact sshkeys
info: Loading fact configured_ntp_servers
info: Loading fact ucm_remote_publickey
info: Loading fact mysql
info: Loading fact vserver
debug: Creating default schedules
PATH:/bin:/sbin:/usr/sbin:/usr/bin
debug: //Exec[create_gitosis_git]: Executing check 'test -d
/home/git/repositories'
debug: Executing 'test -d /home/git/repositories'
debug: //Exec[create_gitosis_git]: Changing returns
debug: //Exec[create_gitosis_git]: 1 change(s)
debug: //Exec[create_gitosis_git]: Executing 'env -i gitosis-init <
initial_admin_pubkey.puppet'
PATH:/bin:/sbin:/usr/sbin:/usr/bin
debug: Executing 'env -i gitosis-init < initial_admin_pubkey.puppet'
notice: //Exec[create_gitosis_git]/returns: executed successfully
debug: Finishing transaction 23659412670000 with 1 changes
as I assume that gitosis-init is using environment variables (like HOME
etc.) this might explain the problem. However I'm not sure if this is
the expected behavior if we'd like to run an exec as a different user
with puppet. This can definitely lead to strange problems, like I
debugged now for a while.
On the other side we can say that the users should know which
environment variables the bins are depending on, which they like to
execute, so they can easily set them in puppet.
Somehow both options smell and I'm unsure which one might be the less
smelly one. Opinions?
cheers pete
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
