fstab dilemma - pounding on file_line and augeas

[Dan White]

RHEL 6.5
Puppet 3.7.1
puppetlabs-stdlib-4.3.2

Local hardening guidelines say that /usr/local and /var/log/audit have to be separate partitions.
OK, so I make "mount" resources.

Now the problem:  The order of the mount points in /etc/fstab makes a difference.
I had /usr/local before /usr, and at boot, the mount of /usr/local failed because the mount point did not (yet) exist.

So I need to ensure the line for /usr/local comes AFTER the line for /usr.

HOW TO DO IT ?

I tried stdlib / file_line with the "after" parameter, bit it does not work ! (I thought I opened an Issue, but I cannot find it)
My next thought was "augeas mv <PATH> <OTHER PATH>" but I cannot get it to work (yet).

Looking for clues / suggestions about how to order the mount points in /etc/fstab



“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & Hobbes)

[Felix Frank]

On 10/07/2014 09:55 PM, Dan White wrote:

Local hardening guidelines say that /usr/local and /var/log/audit have to be separate partitions.
OK, so I make "mount" resources.

Now the problem:  The order of the mount points in /etc/fstab makes a difference.
I had /usr/local before /usr, and at boot, the mount of /usr/local failed because the mount point did not (yet) exist.

So I need to ensure the line for /usr/local comes AFTER the line for /usr.

HOW TO DO IT ?

We've been pondering this very problem quite some times here - because it really is a fundamental issue.

I've been thinking of patching the very mount provider to make sure of this, but I haven't yet got around to it.

Currently, your easiest way out will likely be to make the mount resources notify the exec of a perl/shell/ruby/some-snake-that-everyone-likes-for-some-reason script to repair fstab if need be.

Cheers,
Felix

[Ramin K]

If you're taking feature requests while, it would be awesome if the
mount resource would allow you to mount without adding a line to fstab
at all.

Willing to alpha/beta test. :-)

Ramin

[Dan White]

If I figure out how to get augeas to do it, I will, of course, share on the list. 

If you want any help tinkering with the mount type, I am willing to assist. 

[Felix Frank]

On 10/07/2014 10:21 PM, Ramin K wrote:
>
> If you're taking feature requests while, it would be awesome if the
> mount resource would allow you to mount without adding a line to fstab
> at all.

Have you tried "ensure => ghost"?

This is off the top of my head, this state may be called something else.

Cheers,
Felix

[Ramin K]

Looking through the code it appears that ghost is an internal state, but
not something that is exposed in the DSL.


Error: Failed to apply catalog: Parameter ensure failed on Mount[/mnt]:
Invalid value "ghost". Valid values are defined, unmounted, absent,
mounted. at environments/stage/modules/profile/manifests/disk/single.pp:10
Wrapped exception:
Invalid value "ghost". Valid values are defined, unmounted, absent,
mounted.

Ramin

[Felix Frank]

Hey y'all,

old thread. Oooold. However: https://github.com/ffrank/puppet/tree/ticket/master/PUP-4619-sort-fstab-mounts

This branch has a fix. Not quite ready for merging, because some proper tests are still missing, but any feedback is welcome.

Cheers,
Felix

[Dan White]

Thanks for the info. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us."

Bill Waterson (Calvin & Hobbes)

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5558F8D2.1010804%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.