classe uses two defines but second is ignored

[Andreas Dvorak]

Dear all,

ich habe a defined class, that is called two times in on class but only the first call is executed.
baader::replace {'access notConfigGroup' is done, but not baader::replace {'com2sec notConfigUser':
And baader::replace {'view all included': is done.
Can somebody please explain the reason and how can I solve this?

define baader::replace($file, $old, $new, $ensure = 'replace') {
  $grep='/bin/grep'
  $sed='/bin/sed'
 
  case $ensure {
    default : { err ( "unknown ensure value ${ensure}" ) }
    replace : {
      exec { "${sed} -i -e's/${old}/${new}/' '${file}'":
        unless => "${grep} -qFx '${old}' '${file}'",
        onlyif => "/usr/bin/test -f '${file}'",
      }
    }
    insert_after : {
      exec { "${sed} -i -e's/${old}/&\\n${new}/' '${file}'":
        unless => "${grep} -qFx '${old}' '${file}'",
        onlyif => "/usr/bin/test -f '${file}'",
      }
    }
  }
}

class snmp::config{
  case $::osfamily {
    redhat:{
        baader::replace {'access notConfigGroup':
        ensure => 'replace',
        file   => '/etc/snmp/snmpd.conf',
        old    => 'access  notConfigGroup \"\"      any       noauth    exact  systemview none none',
        new    => 'access  notConfigGroup \"\"      any       noauth    exact  all none none',
      }

      baader::replace {'com2sec notConfigUser':
        ensure => 'replace',
        file   => '/etc/snmp/snmpd.conf',
        old    => 'com2sec notConfigUser  default       public',
        new    => 'com2sec notConfigUser  default       Baad01',
      }

      baader::replace {'view all included':
        ensure => 'insert_after',
        file   => '/etc/snmp/snmpd.conf',
        old    => '#       name           incl\/excl     subtree         mask(optional)',
        new    => 'view    all            included      .1',
      }
    }

...

Best regards
Andreas

[jcbollinger]

On Wednesday, February 12, 2014 9:14:19 AM UTC-6, Andreas Dvorak wrote:

Dear all,

ich habe a defined class, that is called two times in on class but only the first call is executed.
baader::replace {'access notConfigGroup' is done, but not baader::replace {'com2sec notConfigUser':
And baader::replace {'view all included': is done.
Can somebody please explain the reason and how can I solve this?

Your definition has a suspicious bit that is probably a cut & paste error.

 

define baader::replace($file, $old, $new, $ensure = 'replace') {
  $grep='/bin/grep'
  $sed='/bin/sed'
 
  case $ensure {
    default : { err ( "unknown ensure value ${ensure}" ) }
    replace : {
      exec { "${sed} -i -e's/${old}/${new}/' '${file}'":
        unless => "${grep} -qFx '${old}' '${file}'",

Consider the 'unless' parameters here ^

 

        onlyif => "/usr/bin/test -f '${file}'",
      }
    }
    insert_after : {
      exec { "${sed} -i -e's/${old}/&\\n${new}/' '${file}'":
        unless => "${grep} -qFx '${old}' '${file}'",

and here ^

 

        onlyif => "/usr/bin/test -f '${file}'",
      }
    }
  }
}

 
When your defined type is operating in 'replace' mode, the 'unless' parameter to the Exec tells it to do nothing if the string to replace appears as a complete line of the target file.  It is possible that you really do mean that -- that is, you only want to perform the replacement if the 'old' string is part of a larger line -- but I'm guessing that it's just copied from the 'unless' parameter in the other alternative.  If the objective is instead to avoid running sed when it wouldn't have any effect, then you want something more like this:

onlyif => "/usr/bin/test -f '${file}' && ${grep} -qF '${old}' '${file}'"

It is possible that you will need also to declare

provider => 'shell'

to make it work.

You can verify that the overall definition is being applied in each case by adding a Notify resource to it, but I am confident that you will find it indeed is being applied.


John

[Andreas Dvorak]

Hi John,

thank you for your reply. You have found an other issue.
But my main problem is that the second call of "replace" is ignored.
I still do not understand the reason.

Best regards,
Andreas

[jcbollinger]

On Monday, February 17, 2014 4:13:38 AM UTC-6, Andreas Dvorak wrote:

Hi John,

thank you for your reply. You have found an other issue.
But my main problem is that the second call of "replace" is ignored.

As I said at the end, I don't think the second 'replace' resource is being ignored at all.  At any rate, you have presented no evidence of it, and I have no reason to believe that the manifest you presented would be subject to such an issue.  I already described one way that you could test whether the resource is in fact ignored.

On the other hand, the real problem I described will result in Puppet deciding under some circumstances that the Exec resource inside one of your baader::replace resources is already in sync.  Depending on the logging level with which you are running the agent, that might result in nothing related to the resource being emitted to the log / standard out, which in turn could lead you to think that the resource was being ignored.


John