Issue copying files if package exists
97 views
Skip to first unread message
Helmut Schneider
Jun 12, 2016, 9:24:03 AM6/12/16
to puppet...@googlegroups.com
Hi,
I want to copy files if a package is installed. What works fine with
the packages 'postfix', 'fail2ban' and 'apache2' does not with
'openssh-server.
class fail2ban {
$postfixPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'postfix',
default => 'undef',
}
$sshdPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
default => 'undef',
}
if ! defined (Package["$package"]) {
package { "$package":
ensure => installed,
}
}
if defined (Package["$postfixPackage"]) {
file { "/etc/fail2ban/filter.d/postfix-amavis.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
}
}
if defined (Package["$sshdPackage"]) {
file { "/etc/fail2ban/filter.d/sshd-dos.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
}
}
}
$ rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local^C
$ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local
$ sudo puppet agent -t -d | grep -Ei
'(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
[...]
Debug: /Package[postfix]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
Debug: /Package[openssh-server]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
[...]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
The container Class[Fail2ban] will propagate my refresh event
So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
file gets copied:
$ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
Autorequiring File[/etc/fail2ban/filter.d/]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
: defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
container Class[Fail2ban] will propagate my refresh event
Am I missing the obvious?
$ puppet -V
3.8.7
$ lsb_release -d
Description: Ubuntu 14.04.4 LTS
Thank you
I want to copy files if a package is installed. What works fine with
the packages 'postfix', 'fail2ban' and 'apache2' does not with
'openssh-server.
class fail2ban {
$postfixPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'postfix',
default => 'undef',
}
$sshdPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
default => 'undef',
}
if ! defined (Package["$package"]) {
package { "$package":
ensure => installed,
}
}
if defined (Package["$postfixPackage"]) {
file { "/etc/fail2ban/filter.d/postfix-amavis.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
}
}
if defined (Package["$sshdPackage"]) {
file { "/etc/fail2ban/filter.d/sshd-dos.local":
mode => "0644",
owner => 'root',
group => 'root',
source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
}
}
}
$ rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local^C
$ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local
$ sudo puppet agent -t -d | grep -Ei
'(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
[...]
Debug: /Package[postfix]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
Debug: /Package[openssh-server]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
[...]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
The container Class[Fail2ban] will propagate my refresh event
So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
file gets copied:
$ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
Autorequiring File[/etc/fail2ban/filter.d/]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
: defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
container Class[Fail2ban] will propagate my refresh event
Am I missing the obvious?
$ puppet -V
3.8.7
$ lsb_release -d
Description: Ubuntu 14.04.4 LTS
Thank you
Rob Nelson
Jun 12, 2016, 10:04:14 AM6/12/16
to puppet...@googlegroups.com
Your code only shows one package, $package, being created, but it does not show where the value for $package is set. Either that var has the value 'postfix', or the postfix package is managed in another file. Regardless, there is nothing showing where a package called $sshdPackage is managed here, which is why the if block is never hit.
--
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.
--
Helmut Schneider
Jun 12, 2016, 10:26:41 AM6/12/16
to puppet...@googlegroups.com
Rob Nelson wrote:
> Your code only shows one package, $package, being created, but it
> does not show where the value for $package is set. Either that var
The package block is missleading, it just installs fail2ban:
> Your code only shows one package, $package, being created, but it
> does not show where the value for $package is set. Either that var
$package = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'fail2ban',
default => 'undef',
}
> has the value 'postfix', or the postfix package is managed in another
> file. Regardless, there is nothing showing where a package called
> $sshdPackage is managed here, which is why the if block is never hit.
following log should prove that openssh-server is installed and managed
(somewhere).
> > Debug: /Package[openssh-server]: Provider apt does not support
> > features virtual_packages; not managing attribute allow_virtual
'postfix'-block hit and 'openssh-server' isn't?
Craig Dunn
Jun 13, 2016, 3:43:48 AM6/13/16
to puppet...@googlegroups.com
From reading your comments I think maybe you are misunderstanding what the defined() function does. This function is run *server side* during the compilation of the catalog and is saying "If this Puppet resource exists in the catalog, yet". It is not saying "If this resource is configured on the target system".
The "yet" above is also important, depending on the ordering of your includes, if the parser is evaluating this block before it evaluates wherever you declare the openssh-server package resource, then at this point it is not defined. It may well be getting declared after this point.
Given the above, what are you trying to achieve? Are you trying to manage the file resource after the package resource, or are you saying you only want to manage the file if the package exists on the target system?
If the former, you should just require the Puppet resource in your manifest;
file { "/etc/fail2ban/filter.d/sshd-dos.local": mode => "0644", owner => 'root', group => 'root', source => 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
require => Package[$sshdPackage], }
If that's not what you are trying to do, please elaborate.....
Regards
Craig
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.
Enviatics | Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com
Helmut Schneider
Jun 13, 2016, 9:49:02 AM6/13/16
to puppet...@googlegroups.com
Craig Dunn wrote:
> Given the above, what are you trying to achieve? Are you trying to
> manage the file resource after the package resource, or are you
> saying you only want to manage the file if the package exists on the
> target system?
The latter. If openssh-server is installed, copy the file sshd-dos.local
> Given the above, what are you trying to achieve? Are you trying to
> manage the file resource after the package resource, or are you
> saying you only want to manage the file if the package exists on the
> target system?
Rob Nelson
Jun 13, 2016, 10:32:27 AM6/13/16
to puppet...@googlegroups.com
I think it's important to note that CMs like Puppet only manage what you tell it to manage via your state description. "If openssh-server is installed" doesn't fit that model well because it has a conditional state based on a potentially unmanaged component. "I want to manage the package openssh-server and the file sshd-dos.local" fits the state model, as does "I do not want to manage the package openssh-server or the file sshd-dos.local," and you can use roles or ENCs to determine whether to apply the fictional class 'profile::ssh' below to a given node.
class profile::ssh {
package {'openssh-server':
ensure => present,
}
}
file {'/path/to/sshd-dos.local':
ensure => file,
source => $somesource,
require => Package['openssh-server'],
}
}
}
}
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0k77es51fdoh1000%40news.gmane.org.
Helmut Schneider
Jun 17, 2016, 6:21:27 AM6/17/16
to puppet...@googlegroups.com
Rob Nelson wrote:
> Modeling state can be tricky. It's pretty easy for a human to
> understand conditionals like "If a package is installed, install a
> file," but for state modeling, resources are best defined as either
> managed or unmanaged, not somewhere in between. It's important to
> keep this in mind when modeling state. You can always, of course,
> "beat" the computer and figure out a workaround, but you're losing
> out on the strengths of the CM tool you have chosen.
I think I found a way around without losing the strengths:
> Modeling state can be tricky. It's pretty easy for a human to
> understand conditionals like "If a package is installed, install a
> file," but for state modeling, resources are best defined as either
> managed or unmanaged, not somewhere in between. It's important to
> keep this in mind when modeling state. You can always, of course,
> "beat" the computer and figure out a workaround, but you're losing
> out on the strengths of the CM tool you have chosen.
if "$sshdPackage" in hiera_array ('packages', []) {
do_something
}
This at least fits for me. I also tried to tag packages:
define install_packages ($package = $title) {
[...]
tag "Hello"
if tagged("Hello") {
notify { "TAGGED 'Hello'": }
}
}
This works within the define but not outside
class fail2ban {
if tagged("Hello") {
notify { "TAGGED 'Hello'": }
}
}
does not output anything allthough install_packges is involved.
Reply all
Reply to author
Forward
0 new messages