change from 'notrun' to ['0'] failed

[Helmut Schneider]

Hi,

I want to copy a file if a diff fails:

exec { "Private key
'${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem'
changed, updating":
path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
command => "$copyPrivateCommand",
unless => "diff -q
${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key > /dev/null",
notify => Exec['/usr/local/bin/apache.sh -c restart'],
logoutput => true,
}

This results in:

Debug: Executing: 'diff -q
/usr/local/etc/letsencrypt/live/www./privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null'
Error: no implicit conversion of nil into String
Error: /Stage[main]/Letsencrypt/Exec[Private key
'/usr/local/etc/letsencrypt/live/www/privkey.pem' changed,
updating]/returns: change from 'notrun' to ['0'] failed: no implicit
conversion of nil into String (corrective)
Debug: /Stage[main]/Letsencrypt/Exec[Copy live public key for www (SAN:
www)]: 'cp -L /usr/local/etc/letsencrypt/live/www/fullchain.pem
/usr/local/etc/ssl/www.letsencrypt.4096.crt' won't be executed because
of failed check 'refreshonly'

The diff itself runs fine:

[helmut@BSDHelmut ~]$ sudo diff -q
/usr/local/etc/letsencrypt/live/www/privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null; echo $?
1
[helmut@BSDHelmut ~]$

Where is the issue?

[helmut@BSDHelmut ~]$ puppet -V
5.5.16
[helmut@BSDHelmut ~]$

Thank you!

[Bart-Jan Vrielink]

Hello,

I cannot fully understand what you are trying to do, as I do not know what $copyPrivateCommand is, but I would advice against using an exec for copying a file, but just use a file resource instead:

file { "${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem":
  ensure => file,
  source => "${appEtcConfPath}/ssl/private/${letsencryptCommonName}.letsencrypt.${letsencryptKeySize}.key",

  notify => Exec['/usr/local/bin/apache.sh -c restart'],

  # Or better: notify => Service['apache'],
}

This should only copy the private key if the source is different from the target and only in that case restart Apache.

N.B. Avoid exec resources as much as possible, as they often result in overly complex Puppet code that is hard to debug.

[helmut@BSDHelmut ˜]$ sudo diff -q

/usr/local/etc/letsencrypt/live/www/privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null; echo $?
1

[helmut@BSDHelmut ˜]$

Where is the issue?

[helmut@BSDHelmut ˜]$ puppet -V
5.5.16
[helmut@BSDHelmut ˜]$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0lyako587brxt001%40news.gmane.org.

[Helmut Schneider]

Bart-Jan Vrielink wrote:

> I cannot fully understand what you are trying to do, as I do not know
> what $copyPrivateCommand is, but I would advice against using an exec
> for copying a file, but just use a file resource instead:

$copyPrivateKeyCommand = "cp -L

${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key"

But the copy command does not fail, it is the diff the results in the
error.

I check if the certificate was renewed and then copy it. The
certificate is on the agent system, not the master so I need to do the
exec.

[Bart-Jan Vrielink]

Hello,

The file resource also copies the file from the client, so it should work.

Of course, I do not (and/or cannot) explain why the diff fails, but by using a file resource (with a local file as a source) one simply works around this :)

-----Original message-----
From: Helmut Schneider <jump...@gmx.de>

-- 
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0lyf0k2bdc0qg001%40news.gmane.org.

[Dirk Heinrichs]

Am Sonntag, den 01.09.2019, 14:52 +0000 schrieb Helmut Schneider:

The certificate is on the agent system, not the master so I need to do the exec.

No, you don't, as Bart-Jan already wrote.

Bye...

Dirk

-- 

Dirk Heinrichs

Senior Systems Engineer, Delivery Pipeline

OpenText ™ Discovery | Recommind

Phone: +49 2226 15966 18

Email: dhei...@opentext.com

Website: www.recommind.de

Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach

Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.

[Helmut Schneider]

Bart-Jan Vrielink wrote:

> file {
> "${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem":
>   ensure => file,   source =>
> "${appEtcConfPath}/ssl/private/${letsencryptCommonName}.letsencrypt.${
> letsencryptKeySize}.key",   notify => Exec['/usr/local/bin/apache.sh
> -c restart'],   # Or better: notify => Service['apache'], }

Uhhhhh, now I understand, I can copy files locally! Thanks, this is
REALLY helpful!