On Tuesday, April 28, 2020 at 7:00:28 AM UTC-7, Miroslav Kalina wrote:
>
> Hello guys,
>
> I am trying to audit directory on server and automaticaly regenerate (with
> custom script run by *exec*) it's content whenever user touches it. With
> single files it's easy to do with
>
> file {'/etc/myconfig':
> audit => content,
> }
>
> -> exec {'/usr/local/bin/generate-myconfig.sh':
> refreshonly => true,
> }
>
> Unfortunately when I try to audit directory, content of it's file is not
> audited (which I kinda understand) and even list of files is not audited
> (which I can understand less). When I try to switch to `audit => mtime`, I
> am getting strange errors with `transaction.yaml` format and missing class
> Time.
>
> file {'/etc/mysoft/conf.d':
> ensure => directory,
> audit => mtime,
> }
>
> -> exec {'/usr/local/bin/generate-mysoft-conf.sh':
> refreshonly => true,
> }
>
> On first puppet agent run everything is completely fine, in verbose run I
> got notice
> Notice: /Stage[main]/MySoftModule::Config/File[/etc/mysoft/conf.d]/mtime:
> audit change: previously recorded value '2020-04-28 11:11:00 +0200' has
> been changed to '2020-04-28 11:27:16 +0200'
>
> but another runs gives me always an error
> Error: Transaction store file /opt/puppetlabs/puppet/cache/state/
> transactionstore.yaml is corrupt ((/opt/puppetlabs/puppet/cache/state/
> transactionstore.yaml): Tried to load unspecified class: Time); replacing
> Wrapped exception:
> Tried to load unspecified class: Time
>
> and when I searched `transactionstore.yaml` I can found this section,
> which I belive is related to this error
> File[/etc/mysoft/conf.d]:
> parameters:
> ensure:
> system_value:
> - :directory
> mtime:
> system_value:
> - 2020-04-28 11:27:16.291317766 +02:00
>
> Do you have any idea what am I doing wrong? I believe it's supposed to be
> used like that, but I cannot find much oficial reference and examples to
> audit metaparameter usage. I am using oficial puppetlabs packages,
> currently in version 6.14.0-buster1, but this behaves exactly same at in
> previous versions.
>
> Thank you for any advice.
>
Puppet safely loads YAML by restricting which classes can be loaded
<https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/yaml.rb#L8-L26>.
The Time class isn't in that list, and the code that loads the
transactionstore doesn't explicitly allow it
<https://github.com/puppetlabs/puppet/blob/9047506d745dc8bd4dc6cca9e67c2c56649f5447/lib/puppet/transaction/persistence.rb#L65>,
so the load fails. Puppet should probably allow the Time class, in addition
to Symbol. Could you file a PUP ticket? Also pull requests are welcome!
Josh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bacba452-b58a-41a2-9547-64cd9fe94409%40googlegroups.com.
