[Puppet Users] Issue copying files if package exists
Hi,
I want to copy files if a package is installed. What works fine with
the packages 'postfix', 'fail2ban' and 'apache2' does not with
'openssh-server.
class fail2ban {
$postfixPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'postfix',
default => 'undef',
}
$sshdPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
default => 'undef',
}
if ! defined (Package["$package"]) {
package { "$package":
ensure => installed,
}
}
if defined (Package["$postfixPackage"]) {
file { "/etc/fail2ban/filter.d/postfix-amavis.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
}
}
if defined (Package["$sshdPackage"]) {
file { "/etc/fail2ban/filter.d/sshd-dos.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
}
}
}
$ rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local^C
$ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local
$ sudo puppet agent -t -d | grep -Ei
'(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
[...]
Debug: /Package[postfix]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
Debug: /Package[openssh-server]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
[...]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
The container Class[Fail2ban] will propagate my refresh event
So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
file gets copied:
$ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
Autorequiring File[/etc/fail2ban/filter.d/]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
: defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
container Class[Fail2ban] will propagate my refresh event
Am I missing the obvious?
$ puppet -V
3.8.7
$ lsb_release -d
Description:Ubuntu 14.04.4 LTS
Thank you
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Issue copying files if package exists
Your code only shows one package, $package, being created, but it does not
show where the value for $package is set. Either that var has the value
'postfix', or the postfix package is managed in another file. Regardless,
there is nothing showing where a package called $sshdPackage is managed
here, which is why the if block is never hit.
On Sunday, June 12, 2016, Helmut Schneider wrote:
> Hi,
>
> I want to copy files if a package is installed. What works fine with
> the packages 'postfix', 'fail2ban' and 'apache2' does not with
> 'openssh-server.
>
> class fail2ban {
> $postfixPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'postfix',
> default => 'undef',
> }
> $sshdPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
> default => 'undef',
> }
>
> if ! defined (Package["$package"]) {
> package { "$package":
> ensure => installed,
> }
> }
>
> if defined (Package["$postfixPackage"]) {
> file { "/etc/fail2ban/filter.d/postfix-amavis.local":
> mode => "0644",
> owner => 'root',
> group => 'root',
> source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
> }
> }
> if defined (Package["$sshdPackage"]) {
> file { "/etc/fail2ban/filter.d/sshd-dos.local":
> mode => "0644",
> owner => 'root',
> group => 'root',
> source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
> }
> }
> }
>
> $ rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local^C
> $ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local
> $ sudo puppet agent -t -d | grep -Ei
> '(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
> [...]
> Debug: /Package[postfix]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> Debug: /Package[openssh-server]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> [...]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
> ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
> The container Class[Fail2ban] will propagate my refresh event
>
> So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
> uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
> file gets copied:
>
> $ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
> Autorequiring File[/etc/fail2ban/filter.d/]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
> : defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
> container Class[Fail2ban] will propagate my refresh event
>
> Am I missing the obvious?
>
> $ puppet -V
> 3.8.7
> $ lsb_release -d
> Description:Ubuntu 14.04.4 LTS
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Rob Nelson
rnels...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAC76iT_K38VC7NJA_%3D5znESXC1pM%2BsEWf4TeJ%2BZkWTOcyE1MfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Issue copying files if package exists
Rob Nelson wrote:
> Your code only shows one package, $package, being created, but it
> does not show where the value for $package is set. Either that var
The package block is missleading, it just installs fail2ban:
$package = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'fail2ban',
default => 'undef',
}
> has the value 'postfix', or the postfix package is managed in another
> file. Regardless, there is nothing showing where a package called
> $sshdPackage is managed here, which is why the if block is never hit.
Do I have to manage postfix or openssh-server in the same file? The
following log should prove that openssh-server is installed and managed
(somewhere).
> > Debug: /Package[openssh-server]: Provider apt does not support
> > features virtual_packages; not managing attribute allow_virtual
Nevertheless, if you check the log snippets again, why is the
'postfix'-block hit and 'openssh-server' isn't?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/xn0k761cd1fi74001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Issue copying files if package exists
>From reading your comments I think maybe you are misunderstanding what the
defined() function does. This function is run *server side* during the
compilation of the catalog and is saying "If this Puppet resource exists in
the catalog, yet". It is not saying "If this resource is configured on the
target system".
The "yet" above is also important, depending on the ordering of your
includes, if the parser is evaluating this block before it evaluates
wherever you declare the openssh-server package resource, then at this
point it is not defined. It may well be getting declared after this point.
Given the above, what are you trying to achieve? Are you trying to manage
the file resource after the package resource, or are you saying you only
want to manage the file if the package exists on the target system?
If the former, you should just *require* the Puppet resource in your
manifest;
file { "/etc/fail2ban/filter.d/sshd-dos.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',*
require => Package[$sshdPackage],
*}
If that's not what you are trying to do, please elaborate.
Regards
Craig
On Sun, Jun 12, 2016 at 3:23 PM, Helmut Schneider wrote:
> Hi,
>
> I want to copy files if a package is installed. What works fine with
> the packages 'postfix', 'fail2ban' and 'apache2' does not with
> 'openssh-server.
>
> class fail2ban {
> $postfixPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'postfix',
> default => 'undef',
> }
> $sshdPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
> default => 'undef',
> }
>
> if ! defined (Package["$package"]) {
> package { "$package":
> ensure => installed,
> }
> }
>
> if defined (Package["$postfixPackage"]) {
> file { "/etc/fail2ban/filter.d/postfix-amavis.local":
> mode => "0644",
> owner => 'root',
> group => 'root',
> source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
> }
> }
> if defined (Package["$sshdPackage"]) {
> file { "/etc/fail2ban/filter.d/sshd-dos.local":
> mode => "0644",
> owner => 'root',
> group => 'root',
> source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
> }
> }
> }
>
> $ rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local^C
> $ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local
> $ sudo puppet agent -t -d | grep -Ei
> '(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
> [...]
> Debug: /Package[postfix]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> Debug: /Package[openssh-server]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> [...]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
> ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
> The container Class[Fail2ban] will propagate my refresh event
>
> So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
> uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
> file gets copied:
>
> $ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
> Autorequiring File[/etc/fail2ban/filter.d/]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
> : defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
> container Class[Fail2ban] will propagate my refresh event
>
> Am I missing the obvious?
>
> $ puppet -V
> 3.8.7
> $ lsb_release -d
> Description:Ubuntu 14.04.4 LTS
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Enviatics | Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CACxdKhGF
Re: [Puppet Users] Issue copying files if package exists
Craig Dunn wrote: > Given the above, what are you trying to achieve? Are you trying to > manage the file resource after the package resource, or are you > saying you only want to manage the file if the package exists on the > target system? The latter. If openssh-server is installed, copy the file sshd-dos.local -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0k77es51fdoh1000%40news.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Issue copying files if package exists
I think it's important to note that CMs like Puppet only manage what you
tell it to manage via your state description. "If openssh-server is
installed" doesn't fit that model well because it has a conditional state
based on a potentially unmanaged component. "I want to manage the package
openssh-server and the file sshd-dos.local" fits the state model, as does
"I do not want to manage the package openssh-server or the file
sshd-dos.local," and you can use roles or ENCs to determine whether to
apply the fictional class 'profile::ssh' below to a given node.
class profile::ssh {
package {'openssh-server':
ensure => present,
}
file {'/path/to/sshd-dos.local':
ensure => file,
source => $somesource,
require => Package['openssh-server'],
}
}
Modeling state can be tricky. It's pretty easy for a human to understand
conditionals like "If a package is installed, install a file," but for
state modeling, resources are best defined as either managed or unmanaged,
not somewhere in between. It's important to keep this in mind when modeling
state. You can always, of course, "beat" the computer and figure out a
workaround, but you're losing out on the strengths of the CM tool you have
chosen.
Rob Nelson
rnels...@gmail.com
On Mon, Jun 13, 2016 at 9:44 AM, Helmut Schneider wrote:
> Craig Dunn wrote:
>
> > Given the above, what are you trying to achieve? Are you trying to
> > manage the file resource after the package resource, or are you
> > saying you only want to manage the file if the package exists on the
> > target system?
>
> The latter. If openssh-server is installed, copy the file sshd-dos.local
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/xn0k77es51fdoh1000%40news.gmane.org
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAC76iT8OjTGhwnWha6e0q1WiQay1XthKOKn%2BiVVHzDVE2FgdXg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Issue copying files if package exists
Rob Nelson wrote:
> Modeling state can be tricky. It's pretty easy for a human to
> understand conditionals like "If a package is installed, install a
> file," but for state modeling, resources are best defined as either
> managed or unmanaged, not somewhere in between. It's important to
> keep this in mind when modeling state. You can always, of course,
> "beat" the computer and figure out a workaround, but you're losing
> out on the strengths of the CM tool you have chosen.
I think I found a way around without losing the strengths:
if "$sshdPackage" in hiera_array ('packages', []) {
do_something
}
This at least fits for me. I also tried to tag packages:
define install_packages ($package = $title) {
[...]
tag "Hello"
if tagged("Hello") {
notify { "TAGGED 'Hello'": }
}
}
This works within the define but not outside
class fail2ban {
if tagged("Hello") {
notify { "TAGGED 'Hello'": }
}
}
does not output anything allthough install_packges is involved.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/xn0k7cvqc53aszx000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.
