user and service interdependencies
42 views
Skip to first unread message
Vadym Chepkov
Dec 11, 2015, 7:28:05 AM12/11/15
to puppet...@googlegroups.com
Hi,
How would one gracefully solve a problem like this, we are facing time to time, mostly in the development cycle
Lets say somebody wrote code like this (for simplicity):
user { 'tools':
ensure => present,
}
service { 'tools':
ensure => 'running',
require => User['tools'],
}
It ran, created user, started service. Then somebody realized, hey, I didn't set home for the user, and update the code
user { 'tools':
ensure => present,
home => '/apps/tools',
}
Problem here, puppet can't apply this code anymore, since 'user' resource will call usermod command and it refuses update user's home if a process running.
Service needs to be stopped, user modified and then service started. One could create an exec, to stop the service, but how to 'notify' this exec, I can't figure out.
Thanks,
Vadym
How would one gracefully solve a problem like this, we are facing time to time, mostly in the development cycle
Lets say somebody wrote code like this (for simplicity):
user { 'tools':
ensure => present,
}
service { 'tools':
ensure => 'running',
require => User['tools'],
}
It ran, created user, started service. Then somebody realized, hey, I didn't set home for the user, and update the code
user { 'tools':
ensure => present,
home => '/apps/tools',
}
Problem here, puppet can't apply this code anymore, since 'user' resource will call usermod command and it refuses update user's home if a process running.
Service needs to be stopped, user modified and then service started. One could create an exec, to stop the service, but how to 'notify' this exec, I can't figure out.
Thanks,
Vadym
Luke Bigum
Dec 11, 2015, 8:04:13 AM12/11/15
to puppet...@googlegroups.com
[root@localhost ~]# usermod -d /home/foo test
usermod: user test is currently used by process xxxxx
Huh, learn something new every day :-)
This is a feature of the provider, usermod, to be honest I think anything you try do here with Puppet is going to be pretty nasty. You could do this:
user { 'tools':
ensure => present,
home => '/apps/tools',
}
exec { 'fix_home':
command => '/usr/local/bin/fix_home.sh',
unless => "grep '/apps/tools' /etc/passwd",
}
Which is very specific and pretty horrid. I think you're trying to solve this in the wrong way though. What needs to happen is some sort of migration/upgrade/downtime (execute a series of commands in sequence), and Puppet is not a very good tool for that. Instead I would invest time into ensuring you don't get into this problem in the first place:
define user_and_service($username, $service, $homedir) {
validate_string($username)
validate_string($homedir)
user { $username:
home => $homedir,
}
service { $service:
ensure => 'running',
require => User[$username],
}
}
It's a bit of a dumb example, but illustrates the idea that you can't do what has happened to you without setting a certain parameter.
--
Luke Bigum
Senior Systems Engineer
Information Systems
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F3D433F0-238D-448F-8B82-1703DFA2974F%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
---
LMAX Exchange, Yellow Building, 1A Nicholas Road, London W11 4AN
http://www.LMAX.com/
#1 Fastest Growing Tech Company in the UK - Sunday Times Tech Track 100 (2014)
2015 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2015 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2014 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Infrastructure/Technology Initiative - WSL Institutional Trading Awards
2013 #15 Fastest Growing Tech Company in the UK - Sunday Times Tech Track 100
2013 Best Overall Testing Project - The European Software Testing Awards
2013 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2013 Best FX Trading Platform - ECN/MTF - WSL Institutional Trading Awards
2013 Best Executing Venue - Forex Magnates Awards
---
FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved.
This message and its attachments are confidential, may not be disclosed or used by any person other than the addressee and are intended only for the named recipient(s). This message is not intended for any recipient(s) who based on their nationality, place of business, domicile or for any other reason, is/are subject to local laws or regulations which prohibit the provision of such products and services. This message is subject to the following terms (http://lmax.com/pdf/general-disclaimers.pdf), if you cannot access these, please notify us by replying to this email and we will send you the terms. If you are not the intended recipient, please notify the sender immediately and delete any copies of this message.
LMAX Exchange is the trading name of LMAX Limited. LMAX Limited operates a multilateral trading facility. LMAX Limited is authorised and regulated by the Financial Conduct Authority (firm registration number 509778) and is a company registered in England and Wales (number 6505809).
LMAX Hong Kong Limited is a wholly-owned subsidiary of LMAX Limited. LMAX Hong Kong is licensed by the Securities and Futures Commission in Hong Kong to conduct Type 3 (leveraged foreign exchange trading) regulated activity with CE Number BDV088.
usermod: user test is currently used by process xxxxx
Huh, learn something new every day :-)
This is a feature of the provider, usermod, to be honest I think anything you try do here with Puppet is going to be pretty nasty. You could do this:
user { 'tools':
ensure => present,
home => '/apps/tools',
}
command => '/usr/local/bin/fix_home.sh',
unless => "grep '/apps/tools' /etc/passwd",
}
Which is very specific and pretty horrid. I think you're trying to solve this in the wrong way though. What needs to happen is some sort of migration/upgrade/downtime (execute a series of commands in sequence), and Puppet is not a very good tool for that. Instead I would invest time into ensuring you don't get into this problem in the first place:
define user_and_service($username, $service, $homedir) {
validate_string($username)
validate_string($homedir)
user { $username:
home => $homedir,
}
service { $service:
ensure => 'running',
require => User[$username],
}
}
It's a bit of a dumb example, but illustrates the idea that you can't do what has happened to you without setting a certain parameter.
--
Luke Bigum
Senior Systems Engineer
Information Systems
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F3D433F0-238D-448F-8B82-1703DFA2974F%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
---
LMAX Exchange, Yellow Building, 1A Nicholas Road, London W11 4AN
http://www.LMAX.com/
#1 Fastest Growing Tech Company in the UK - Sunday Times Tech Track 100 (2014)
2015 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2015 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2014 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Infrastructure/Technology Initiative - WSL Institutional Trading Awards
2013 #15 Fastest Growing Tech Company in the UK - Sunday Times Tech Track 100
2013 Best Overall Testing Project - The European Software Testing Awards
2013 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2013 Best FX Trading Platform - ECN/MTF - WSL Institutional Trading Awards
2013 Best Executing Venue - Forex Magnates Awards
---
FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved.
This message and its attachments are confidential, may not be disclosed or used by any person other than the addressee and are intended only for the named recipient(s). This message is not intended for any recipient(s) who based on their nationality, place of business, domicile or for any other reason, is/are subject to local laws or regulations which prohibit the provision of such products and services. This message is subject to the following terms (http://lmax.com/pdf/general-disclaimers.pdf), if you cannot access these, please notify us by replying to this email and we will send you the terms. If you are not the intended recipient, please notify the sender immediately and delete any copies of this message.
LMAX Exchange is the trading name of LMAX Limited. LMAX Limited operates a multilateral trading facility. LMAX Limited is authorised and regulated by the Financial Conduct Authority (firm registration number 509778) and is a company registered in England and Wales (number 6505809).
LMAX Hong Kong Limited is a wholly-owned subsidiary of LMAX Limited. LMAX Hong Kong is licensed by the Securities and Futures Commission in Hong Kong to conduct Type 3 (leveraged foreign exchange trading) regulated activity with CE Number BDV088.
Vadym Chepkov
Dec 12, 2015, 2:59:39 PM12/12/15
to Puppet Users
To solve this type of collisions "require-notify" relationship needs to be established,
i.e. ability to notify refreshonly exec, for example, before changing user's attributes.
Another good example when this is necessary - lets say a service is depending on an NFS file system and you need to change a mount point.
Again, mount will fail if service is running, since it won't be able unmount old one. For such a routine configuration change should be a more elegant solution than 'don't hold it this way'.
Thanks,
Vadym
Klavs Klavsen
Dec 17, 2015, 6:21:28 AM12/17/15
to Puppet Users
Someone should really create a ticket with a suggestion to fix it (with some examples of what this new option should fix) - and share it here - so everyone can watch the ticket and chime in (it's open source.. remember ;)
Dirk Heinrichs
Dec 17, 2015, 7:05:35 AM12/17/15
to puppet...@googlegroups.com
Am 11.12.2015 um 13:27 schrieb Vadym
Chepkov:
Problem here, puppet can't apply this code anymore, since 'user' resource will call usermod command and it refuses update user's home if a process running. Service needs to be stopped, user modified and then service started. One could create an exec, to stop the service, but how to 'notify' this exec, I can't figure out.
Huh? Thought things like this to be a Windows-only problem. And this
is how I solve it there (for example: update the config file for a
service which locks that config file while running):
file {'config_file_tmp':
...
}
->
exec {'kill_service':
...
}
->
file {'config_file':
source => 'config_file_tmp',
...
}
->
service {'the_service':
ensure => running,
...
}
Guess you could do something similar in your case.
HTH...
Dirk
file {'config_file_tmp':
...
}
->
exec {'kill_service':
...
}
->
file {'config_file':
source => 'config_file_tmp',
...
}
->
service {'the_service':
ensure => running,
...
}
Guess you could do something similar in your case.
HTH...
Dirk
--
Dirk Heinrichs, Senior Systems Engineer, Engineering Solutions
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Tel: +49 2226 1596666 (Ansage) 1149
Email: d...@recommind.com
Skype: dirk.heinrichs.recommind
www.recommind.com
Dirk Heinrichs, Senior Systems Engineer, Engineering Solutions
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Tel: +49 2226 1596666 (Ansage) 1149
Email: d...@recommind.com
Skype: dirk.heinrichs.recommind
www.recommind.com
Vince Skahan
Dec 17, 2015, 10:19:11 AM12/17/15
to Puppet Users
On Thursday, December 17, 2015 at 3:21:28 AM UTC-8, Klavs Klavsen wrote:
Someone should really create a ticket with a suggestion to fix it (with some examples of what this new option should fix) - and share it here - so everyone can watch the ticket and chime in (it's open source.. remember ;)
Ummm - that 'someone' should be 'you' if there is something you think should be fixed/enhanced.
Reply all
Reply to author
Forward
0 new messages