The new and more aggressive purging of the Cron

33 views
Skip to first unread message

Trevor Vaughan

unread,
Jul 10, 2015, 4:59:40 PM7/10/15
to puppe...@googlegroups.com
Hi All,

So, I just ran across this today (because I don't usually purge cron).

https://docs.puppetlabs.com/puppet/3.7/reference/deprecated_resource.html#cron

Which is not mirrored as a caveat in the latest cron resource page (purge isn't mentioned at all).

https://docs.puppetlabs.com/references/latest/type.html#cron

Unfortunately, I didn't catch this earlier and what I actually would like is for cron to purge based on user IDs in the following form:

1) Purge if user matches Array
2) Purge if user not in Array
3) Purge for all users whose crontabs are managed by Puppet, but nobody else

Each of these should be able to accept regexes in the case that you're running in something like OpenShift and want to ensure that the OpenShift users can't enable cron jobs.

Thoughts?

Thanks,

Trevor

--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699

-- This account not approved for unencrypted proprietary information --

Eric Sorenson

unread,
Jul 14, 2015, 5:29:25 PM7/14/15
to puppe...@googlegroups.com
On Fri, 10 Jul 2015, Trevor Vaughan wrote:

> Hi All,
>
> So, I just ran across this today (because I don't usually purge cron).
>
> https://docs.puppetlabs.com/puppet/3.7/reference/deprecated_resource.html#cron
>
> Which is not mirrored as a caveat in the latest cron resource page (purge
> isn't mentioned at all).
>
> https://docs.puppetlabs.com/references/latest/type.html#cron

Fair enough, could you file a docs ticket about that? The deprecation page is
static but the type reference is auto-generated from the Puppet source, so
there's (sadly) two places that need to change.

> Unfortunately, I didn't catch this earlier and what I actually would like
> is for cron to purge based on user IDs in the following form:
>
> 1) Purge if user matches Array
> 2) Purge if user not in Array
> 3) Purge for all users whose crontabs are managed by Puppet, but nobody else
>
> Each of these should be able to accept regexes in the case that you're
> running in something like OpenShift and want to ensure that the OpenShift
> users can't enable cron jobs.
>
> Thoughts?

I see where you're coming from... but it seems really complicated, especially
number 3. Does #2 not work today with the unless_uid param?
https://docs.puppetlabs.com/references/latest/type.html#resources-attribute-unless_uid


Eric Sorenson - eric.s...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles

Trevor Vaughan

unread,
Jul 15, 2015, 11:40:18 AM7/15/15
to puppe...@googlegroups.com
Hi Eric,

#2 does happen with the unless_uid param but #1 and #3 are my 80% use case.

I.e. I want to purge the crontabs for 'root', 'joe', and 'bob' and "If someone did things by hand, please don't break it but purge everyone that we're managing because we want to manage them".

These shouldn't be that complicated. #1 is just the opposite of #2 and #3 just requires a catalog delve to populate the array for #1 prior to execution.

Trevor
Reply all
Reply to author
Forward
0 new messages