Hi,
I'm using puppet 2.7.3 on RHEL/CentOS and I have an issue which is now
a big blocking issue within my environment. What I'm trying to
accomplish wit puppet is a create a mountpoint, mount a filesystem on
it and install an application on that filesystems are set proper user/
group and permissions on it, but it fails big time.
The issues I currently run into are about 3 things
1. The file type does not allow multiple directories to be created at
once ('mkdir -p')
2. exec & file type create autorequire dependensies which creates
dependency cycles
3. Puppet does not allow duplicate resouces
I have a define named "lvm::createfs" and what it does is three things
1. Create the mountpoint with an exec {} which used an mkdir -p to
create multiple directories deep at once
2. Create the logical volume with an exec {}
3. Mount the logical volume from step 2 onto the directory from step 1
via Mount {}
Before the filesystem is mounted, the underlaying directory MUST be
owned by root:root with permissions 755. If this is incorrect, some
linux command which do strange things (like the 'rm -R' command)
Once the filesystem is created and mounted, I use puppet to install
applications
After the applications are installed I need to set the application
files in the filesystem to it's proper owner:group and permissions.
To do this I have another define named "sysconfig::permissions". All
this define does is use file {} to set owner, group, mode and recurse.
Before I moved to puppet 2.7.3, puppet allowed me to do this without
problems, but since 2.7.3 puppet is more strict and now 60% of al my
modules fail as I use filesystems, apps and permissions everywhere.
Based on the documentation I read about exec {}, I can now explain why
I get dep.cycles, but I'mout of options and have no ideas anymore how
to get this 'simple normal unix task' to work in puppet.
These are the relations I created myself within puppet
1. exec mkdir /a/b/c => mount /a/b/c => file /a/b/c
2. exec logical volume => mount /a/b/c
This setup does not result in a cycle, but when puppet adds an
autorequire between exec mkdir /a/b/c and file a/b/c, it causes the
whole thing to cycle.
Quote from the manual
Autorequires: If Puppet is managing an exec’s cwd or the executable
file used in an exec’s command, the exec resource will autorequire
those files. If Puppet is managing the user that an exec should run
as, the exec resource will autorequire that user.
I don't mind if I have to rewrite my code or start from scratch, but I
need help to create my mountpoint location with root:root/755 and
after mounting allow the same location to have a different owner:group/
permissions.
These are the defines I use at this moment
define lvm::createfs (
$mountpath = undef,
$mountpoint = undef,
$lvsize = undef,
$fstype = undef,
$vgname = undef,
$lvname = "${name}",
$requisite = '' ) {
# Load defaults
require lvm::params
# Check mountpath equals root
$rootpath = $mountpath ? {
'/' => undef,
default => $mountpath,
}
# Create directory tree including subdirectories
exec { "${lvm::params::module_label}_mkdir_${mountpath}/$
{mountpoint}":
command => "mkdir -p ${mountpath}/${mountpoint}",
onlyif => "test ! -d ${mountpath}/${mountpoint}",
before => Mount["${rootpath}/${mountpoint}"],
}
if $requisite != '' {
Exec["${lvm::params::module_label}_mkdir_${mountpath}/$
{mountpoint}"] {
require => Mount["${requisite}"],
}
}
# Create logical volume and format filesystem
exec { "${lvm::params::module_label}-${vgname}-${lvname}":
logoutput => false,
command => "lvcreate -n ${lvname} -L ${lvsize} /dev/${vgname} &&
mkfs -t ${fstype} /dev/${vgname}/${lvname}",
unless => "lvs | grep -q '${lvname} .*${vgname}'",
before => Mount["${rootpath}/${mountpoint}"],
}
# Mount filesystem
mount { "${rootpath}/${mountpoint}":
atboot => true,
device => "/dev/${vgname}/${lvname}",
ensure => mounted,
fstype => "${fstype}",
options => 'defaults',
dump => '1',
pass => '2',
}
if $requisite != '' {
Mount["${rootpath}/${mountpoint}"] {
require => Mount["${requisite}"],
}
}
} # End define
define sysconfig::permissions (
$sysconfig_module,
$sysconfig_name,
$sysconfig_recurse = 'false',
$sysconfig_owner,
$sysconfig_group,
$sysconfig_mode = undef ) {
# Load defaults
require sysconfig::params
# Set permissions
file { "${sysconfig_module}_${sysconfig_name}":
name => "${sysconfig_name}",
recurse => "${sysconfig_recurse}",
owner => "${sysconfig_owner}",
group => "${sysconfig_group}",
}
if $sysconfig_mode != undef {
File["${sysconfig_module}_${sysconfig_name}"] {
mode => "${sysconfig_mode}",
}
}
} # End define
I call these define from a application class. In the example below a
piece of the MQ class.
class mq {
# Create filesystems
lvm::createfs {
"${mq::params::module_label}_opt_mqm":
mountpath => '/opt',
mountpoint => 'mqm',
lvname => 'opt_mqm',
lvsize => '1G',
fstype => 'ext3',
vgname => "${mq::params::vgname_opt}";
"${mq::params::module_label}_var_mqm":
mountpath => '/var',
mountpoint => 'mqm',
lvname => 'var_mqm',
lvsize => '2G',
fstype => 'ext3',
vgname => "${mq::params::vgname_var}";
"${mq::params::module_label}_var_mqm_log":
mountpath => '/var/mqm',
mountpoint => 'log',
lvname => 'var_mqm_log',
lvsize => '4G',
fstype => 'ext3',
vgname => "${mq::params::vgname_var}",
require => [
Lvm::Createfs["${mq::params::module_label}_var_mqm"],
];
}
# Overrule ownership and permissions
sysconfig::permissions {
"${mq::params::module_label}_permissions_$
{mq::params::base_directory}":
sysconfig_module => "${mq::params::module_label}",
sysconfig_name => "${mq::params::base_directory}",
sysconfig_owner => "${mq::params::user_name}",
sysconfig_group => "${mq::params::group_name}",
sysconfig_mode => "${mq::params::base_permissions}",
require => [
# Mount["${mq::params::base_directory}"], # creates dep.cycle
User["${mq::params::user_name}"],
];
"${mq::params::module_label}_permissions_$
{mq::params::var_directory}":
sysconfig_module => "${mq::params::module_label}",
sysconfig_name => "${mq::params::var_directory}",
sysconfig_owner => "${mq::params::user_name}",
sysconfig_group => "${mq::params::group_name}",
sysconfig_mode => "${mq::params::var_permissions}",
require => [
# Mount["${mq::params::var_directory}"], # creates dep.cycle
# Mount["${mq::params::log_directory}"], # creates dep.cycle
User["${mq::params::user_name}"],
];
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
