On Wed, Jul 18, 2012 at 3:08 PM, Adam <[email protected]> wrote:
> Hello fellow puppet masters,
>
> We currently use winbind to allow our admins to log onto our Linux servers
> with their Windows AD accounts. Every now and then, a comms issue will drop
> AD out from under the server, which causes winbind to stop checking AD. The
> service is still technically running though, so puppet thinks everything is
> fine. I can run a "getent passwd <username>" to verify that winbind is or
> isn't working.
>
> So I wanted to utilize that check and have my winbind service entry to
> subscribe to this exec:
>
> service{ 'winbind':
> enable => true,
> ensure => running,
> subcribe => Exec['check-winbind'];
> }
>
> exec{ 'check-winbind':
> path => ['/usr/bin','/sbin','/bin'],
> command => ['getent passwd user | grep -c user'],
> }
>
> So when the command failed, that would trigger puppet to restart the
> service. But when the check would return 0 (because it couldn't find user
> in AD), puppet gives me the following:
>
> Service[winbind]: Dependency Exec[check-winbind] has failures: true
> Service[winbind]: Skipping because of failed dependencies
>
> Not what I wanted to see... though I do understand why it is saying it (just
> not how to change it). So what I ended up doing was turning the command
> into an "unless" statement, and set the "command" to be "service winbind
> restart", and remove the subscribe statement form my winbind service entry.
> Now, this works... but it just seems silly to me to have to restart the
> service via an exec statement when I am already monitoring the winbind
> service.
>
> Any ideas on how to simplify this and get it back to my original goal of
> subscribing the service to this check? Thanks!
You could make use of the service type's 'status' parameter. Your
example would then read:
service{ 'winbind':
enable => true,
ensure => running,
status => '/usr/bin/getent passwd user | /bin/grep -c user'
}
I suspect this overrides the usual puppet behaviour of using 'service
winbind status' to perform the status check, but that may not be an
issue in your case.
Regards,
Matt.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
