puppet newbie

[Marshie8]

Hi,

 

I am new to Puppet.

 

I need to monitor a file for changes on a server and if it does, copy it immediately to the clients. But it has permissions 640, and must retain these.

 

Can anyone suggest a manifest for this?

 

Thanks a lot.

 

M

[Matthew Burgess]

Hi,

The idea behind puppet is that it centrally manages/controls your
node's configuration. Given that as a premise, allowing your source
file to be changed on the server is going to quickly get things out of
control again, as puppet, as far as I know, can't monitor remote
server's files for changes to push out to other clients.

My suggestion would be to take a copy of the file as it is on your
server now, and place it under the control of puppet. The following
simple manifest should do what you're after:

class server_file {

file { "/destination/path/to/your/file":
owner => owner,
group => group,
mode => 0640,
source => "puppet:///files/server_file",
}
}

In a default configuration of puppet on a UNIX-like OS, server_file
would be placed at /etc/puppet/files/server_file.

From now on though, your admins/users are going to have to understand
that any changes to that file need to be made on the puppetmaster.

The above manifest also assumes that server_file is placed in the same
location on both clients and the server.

Hope this helps,

Matt.

[Ganesh Kumar]

Hi Marshie8

can you tied filebucket

#Filebucket config
filebucket { main:
server => "puppet"
}

-Ganesh.

Did I learn something today? If not, I wasted it.

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/aJMGyjp1PAYJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

[Marshie8]

On Tuesday, July 10, 2012 11:33:38 AM UTC+1, Matthew Burgess wrote:

My suggestion would be to take a copy of the file as it is on your
server now, and place it under the control of puppet.  The following
simple manifest should do what you're after:

class server_file {

    file { "/destination/path/to/your/file":
        owner => owner,
        group => group,
        mode => 0640,
        source => "puppet:///files/server_file",
    }
}

Hi Matt,

Thanks for your response.

I tried your example but the client is complaining of a permissions error:

Jul 10 15:00:24 system1 puppet-agent[16595]: (/Stage[main]/Server_file/File[/etc/server_file]) Could not evaluate: Error 400 on SERVER: Permission denied - /etc/puppet/files/server_file Could not retrieve file metadata for puppet://server-1.company.com/etc/puppet/files/server_file: Error 400 on SERVER: Permission denied - /etc/puppet/files/server_file at /etc/puppet/manifests/classes/server_file.pp:11

Is there a way I can overcome this, perhaps by changing the ownership temporarily?

The original file will be changed semi-regularly by users on the server - they have no problem with that - so I put in a cron job to copy it into the puppet directory every 10 minutes.

I know it's messy but I don't care if it works - each client system needs to take a copy of that file and apply the same permissions to it.

Cheers,

M

[Andreas Paul]

Of course the file you want to deploy with puppet must be readable by the puppetmaster.
Do you use Apache Passenger, Nginx or webbrick?

If you use Apache Passenger:

The file /etc/puppet/files/server_file must be readable by the user, who owns the /etc/puppet/rack/config.ru file.

[Marshie8]

On Tuesday, July 10, 2012 3:26:47 PM UTC+1, Andreas Paul wrote:

Of course the file you want to deploy with puppet must be readable by the puppetmaster.
Do you use Apache Passenger, Nginx or webbrick?

If you use Apache Passenger:

The file /etc/puppet/files/server_file must be readable by the user, who owns the /etc/puppet/rack/config.ru file.

I don't have any of those :(

M

[Matthew Burgess]

Then it looks like you're running puppet under its default webrick
configuration. How do you start your puppetmaster? Via the init
script? When you do a 'ps -ef' what user is the puppetmaster process
running as? What does 'ls -l /etc/puppet/files/server_file' show?

Thanks,

Matt.

[Marshie8]

On Tuesday, July 10, 2012 4:12:42 PM UTC+1, Matthew Burgess wrote:

Then it looks like you're running puppet under its default webrick
configuration.  How do you start your puppetmaster?  Via the init
script?  

Yes, it's running as the puppet user:

server-1:~ # ps -ef |grep 'puppetmaster'
puppet    5256     1  0 Jun13 ?        03:20:41 /usr/bin/ruby /usr/sbin/puppetmasterd

 
>What does 'ls -l /etc/puppet/files/server_file' show?

server-1:~ # ls -la /etc/puppet/files/server_file
-rw-r----- 1 root work 1694 2012-07-10 10:59 /etc/puppet/files/server_file


Thanks,

M

[Matthew Burgess]

So, presumably then 'groups puppet' shows that it isn't in the 'work'
group, at which point it won't be able to read that file. 'chmod
0644' should sort this for you. Note that those permissions won't be
affected by your manifest as this is the 'source' file, not the target
destination.

Regards,

Matt.

[Marshie8]

Thanks guys for all your help, that all now works perfectly.

Best wishes,

M