Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Puppet Users
Home
+ new post
About this group
Join this group
problem with exec and environment variables
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   2 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Peter Meier  
View profile  
 More options Jun 9 2009, 10:42 am
From: Peter Meier <peter.me...@immerda.ch>
Date: Tue, 09 Jun 2009 16:42:23 +0200
Local: Tues, Jun 9 2009 10:42 am
Subject: problem with exec and environment variables
Print | Individual message | Show original | Report this message | Find messages by this author
Hi

the following exec fails with the trace added:

    exec{"create_gitosis_git":
        command => "gitosis-init < initial_admin_pubkey.puppet",
        cwd => "/home/git",
        unless => "test -d /home/git/repositories",
        user => git,
        path => "/bin:/sbin:/usr/sbin:/usr/bin",
    }

# puppet --debug --trace foo.pp
info: Loading fact interfaces
info: Loading fact xen
info: Loading fact acpi_available
info: Loading fact selinux
info: Loading fact urm
info: Loading fact edac_module
info: Loading fact virtual
info: Loading fact pbp
info: Loading fact sshkeys
info: Loading fact configured_ntp_servers
info: Loading fact ucm_remote_publickey
info: Loading fact mysql
info: Loading fact vserver
debug: Creating default schedules
debug: //Exec[create_gitosis_git]: Executing check 'test -d
/home/git/repositories'
debug: Executing 'test -d /home/git/repositories'
debug: //Exec[create_gitosis_git]: Changing returns
debug: //Exec[create_gitosis_git]: 1 change(s)
debug: //Exec[create_gitosis_git]: Executing 'gitosis-init <
initial_admin_pubkey.puppet'
debug: Executing 'gitosis-init < initial_admin_pubkey.puppet'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:602:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/execution.rb:14:in `withenv'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:594:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:568:in `chdir'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:568:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/type/exec.rb:111:in `sync'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:54:in `go'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:72:in `forward'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:118:in `apply_changes'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `apply_changes'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in `eval_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in `eval_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply'
/usr/bin/puppet:233
err: //Exec[create_gitosis_git]/returns: change from notrun to 0 failed:
debug: Finishing transaction 23489170055520 with 1 changes

The exitcode of the suidmanager.execution is 256.

However if I add the "env -i" exec, everything works fine:

    exec{"create_gitosis_git":
        command => "env -i gitosis-init < initial_admin_pubkey.puppet",
        cwd => "/home/git",
        unless => "test -d /home/git/repositories",
        user => git,
        path => "/bin:/sbin:/usr/sbin:/usr/bin",
    }

# puppet --debug --trace foo2.pp
info: Loading fact interfaces
info: Loading fact xen
info: Loading fact acpi_available
info: Loading fact selinux
info: Loading fact urm
info: Loading fact edac_module
info: Loading fact virtual
info: Loading fact pbp
info: Loading fact sshkeys
info: Loading fact configured_ntp_servers
info: Loading fact ucm_remote_publickey
info: Loading fact mysql
info: Loading fact vserver
debug: Creating default schedules
PATH:/bin:/sbin:/usr/sbin:/usr/bin
debug: //Exec[create_gitosis_git]: Executing check 'test -d
/home/git/repositories'
debug: Executing 'test -d /home/git/repositories'
debug: //Exec[create_gitosis_git]: Changing returns
debug: //Exec[create_gitosis_git]: 1 change(s)
debug: //Exec[create_gitosis_git]: Executing 'env -i gitosis-init <
initial_admin_pubkey.puppet'
PATH:/bin:/sbin:/usr/sbin:/usr/bin
debug: Executing 'env -i gitosis-init < initial_admin_pubkey.puppet'
notice: //Exec[create_gitosis_git]/returns: executed successfully
debug: Finishing transaction 23659412670000 with 1 changes

as I assume that gitosis-init is using environment variables (like HOME
etc.) this might explain the problem. However I'm not sure if this is
the expected behavior if we'd like to run an exec as a different user
with puppet. This can definitely lead to strange problems, like I
debugged now for a while.
On the other side we can say that the users should know which
environment variables the bins are depending on, which they like to
execute, so they can easily set them in puppet.

Somehow both options smell and I'm unsure which one might be the less
smelly one. Opinions?

cheers pete


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
David Schmitt  
View profile  
 More options Jun 10 2009, 3:31 am
From: David Schmitt <da...@dasz.at>
Date: Wed, 10 Jun 2009 09:31:39 +0200
Local: Wed, Jun 10 2009 3:31 am
Subject: Re: [Puppet Users] problem with exec and environment variables
Print | Individual message | Show original | Report this message | Find messages by this author
Peter Meier schrieb:

For the sake of debuggability, I would tend towards having no
environment at all (perhaps add a warning in that case if none is set at
all) or emulating "su -", creating a proper environment according to the
target user. The former requires more work by the user, but is
debuggable. The latter probably requires actually using su to avoid the
intricacies of implementing a user environment setup (pam, shell, etc)
by hand.

Regards, DavidS

--
dasz.at OG              Tel: +43 (0)664 2602670     Web: http://dasz.at
Klosterneuburg                                         UID: ATU64260999

        FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google