Augeas problem changing values in postfix/main.cf

[PBWebGuy]

I have been working with the Augeas resource command and having a
difficult time. At this point I am perplexed as to why the following
code doesn't work. I have the following rule for updating the main.cf
file to change an existing value and to add a new element with
comments:

augeas { "dkim-postfix-settings":
require => Package["postfix"],
context => "/files/etc/postfix/main.cf",
changes => [
"set mailbox_size_limit 50000",
"set non_smtpd_milters inet:localhost:20209",
"ins #comment before non_smtpd_milters",
"set #comment[.=''] 'DKIM Settings'"
]
}

When I run puppetd on the client I get the following debug statement
and I do not get what I am expecting:

--- /etc/postfix/main.cf 2010-06-17 13:27:52.000000000 -0400
+++ /tmp/puppet-diffing.8851.0 2010-06-17 13:27:53.000000000 -0400
@@ -672,6 +672,4 @@
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noplaintext
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
-mailbox_size_limit = 50000
-# DKIM Settings
-non_smtpd_milters = inet:localhost:20209
+mailbox_size_limit = 256000000

The issues that I have are:

1) Instead of adding the new setting non_smtpd_milters, the diff is
showing that it is removing it. The main.cf file does not get
update.

2) It is very odd that the 'mailbox_size_limit' variable instead of
being set to the value in the rule, it is reset to the run-time value
in Postfix. If I manually edit the file and change it to something
other than 256000000 it is still restored to that value no mater what
I do.

What am I doing wrong?

Thanks,

John

[John Martin]

I have done some further experimenting and found things even more perplexing.  The rule is now just adding the new values that I need.  The rule is:

        augeas { "dkim-postfix-settings":
                require => Package["postfix"],
                context => "/files/etc/postfix/main.cf",
                changes => [

                        "set smtpd_milters inet:localhost:20209",

                        "set non_smtpd_milters inet:localhost:20209",

                        "ins #comment before smtpd_milters",
                        "set #comment[.=''] 'Settings for implementation of DKIM'",
                ],
                onlyif => "match smtpd_milters size == 0"
        }

When I run 'puppetd -t' on the client, sometimes it adds the lines into the main.cf configuration file and on subsequent runs it removes it.  It is not consistent.  I do not understand why it would remove the values.

Also when I run puppetd with the --debug switch I see the following:

debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with root /, lens path , flags 0
debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1 is installed
debug: Augeas[dkim-postfix-settings](provider=augeas): Will attempt to save and only run if files changed
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/smtpd_milters", "inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/non_smtpd_milters", "inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins' with params ["#comment", "before", "/files/etc/postfix/main.cf/smtpd_milters"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/#comment[.='']", "Settings for implementation of DKIM"]
debug: Augeas[dkim-postfix-settings](provider=augeas): Files changed, should execute
debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas connection
debug: //dkim/Augeas[dkim-postfix-settings]: Changing returns
debug: //dkim/Augeas[dkim-postfix-settings]: 1 change(s)
debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with root /, lens path , flags 0
debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1 is installed
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/smtpd_milters", "inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/non_smtpd_milters", "inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins' with params ["#comment", "before", "/files/etc/postfix/main.cf/smtpd_milters"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params ["/files/etc/postfix/main.cf/#comment[.='']", "Settings for implementation of DKIM"]
debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas connection
notice: //dkim/Augeas[dkim-postfix-settings]/returns: executed successfully

I'm not sure why it is running the commands twice.  Please note when it does the two sets of instructions it does add the contents to the main.cf file.  When it doesn't, it removes the contents.  Here is the output when puppet removes the contents:

debug: //liferay_system/File[/etc/postfix/main.cf]/content: Executing 'diff -u /etc/postfix/main.cf /tmp/puppet-diffing.10996.0'
--- /etc/postfix/main.cf        2010-06-17 14:00:52.000000000 -0400
+++ /tmp/puppet-diffing.10996.0 2010-06-17 14:01:15.000000000 -0400
@@ -673,6 +673,3 @@

 smtp_sasl_security_options = noplaintext
 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

 mailbox_size_limit = 256000000
-# Settings for implementation of DKIM
-smtpd_milters = inet:localhost:20209

-non_smtpd_milters = inet:localhost:20209

debug: //liferay_system/File[/etc/postfix/main.cf]: Changing checksum,content
debug: //liferay_system/File[/etc/postfix/main.cf]: 2 change(s)
debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing /etc/postfix/main.cf checksum {md5}61bcd19c95a29f17071c87c23b84579d with {md5}5df8a259e6eaf620fe70d6d4f30442e1
notice: //liferay_system/File[/etc/postfix/main.cf]/checksum: checksum changed '{md5}61bcd19c95a29f17071c87c23b84579d' to '{md5}5df8a259e6eaf620fe70d6d4f30442e1'
info: //liferay_system/File[/etc/postfix/main.cf]: Filebucketed /etc/postfix/main.cf to puppet with sum 5df8a259e6eaf620fe70d6d4f30442e1
debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing /etc/postfix/main.cf checksum {md5}5df8a259e6eaf620fe70d6d4f30442e1 with {md5}61bcd19c95a29f17071c87c23b84579d
notice: //liferay_system/File[/etc/postfix/main.cf]/content: content changed '{md5}5df8a259e6eaf620fe70d6d4f30442e1' to 'unknown checksum'

Any help would surely be appreciated.

Thanks,

John

[Patrick Mohr]

On Jun 17, 2010, at 11:04 AM, John Martin wrote:

I have done some further experimenting and found things even more perplexing.  The rule is now just adding the new values that I need.  The rule is:

        augeas { "dkim-postfix-settings":
                require => Package["postfix"],
                context => "/files/etc/postfix/main.cf",
                changes => [
                        "set smtpd_milters inet:localhost:20209",
                        "set non_smtpd_milters inet:localhost:20209",

                        "ins #comment before smtpd_milters",
                        "set #comment[.=''] 'Settings for implementation of DKIM'",
                ],
                onlyif => "match smtpd_milters size == 0"
        }

This mostly looks fine to me.  The solution to the problem is lower down.  Here's some unasked for advice that has almost nothing to do with the problem.  I would break this up into two statements like this:

augeas { "first":

require => ...,

context => ...,

changes => [

"set smtpd_milters inet:localhost:20209",

"set non_smtpd_milters inet:localhost:20209",

]

#No onlyif

}

augeas { "second":

require => Augeas["first"],

context => ...,

changes => [

"ins #comment before smtpd_milters",

"set #comment[.=''] 'Settings for implementation of DKIM'",

]

onlyif => #Test if comment exists

}

This means that if the settings change in value, augeas will set them back.

If I'm reading this bit right, you are managing main.cf with File and Augeas.  This means that when ever File runs, it wipes out your Augeas changes.  (Technically, File isn't being run, but I don't remember the right terminology.)

If I'm right, putting "require => File["/etc/postfix/main.cf"] in your first augeas statement will fix the problem with a nasty hack.  Because Augeas will always run second, the changes will always be removed and then remade during each run.

The real solution is to do one of these:

A) Make the changes to the file on the server and dump Augeas.

B) Tell puppet to only push the file if it doesn't exist.  I don't remember how to do this.  I think you might be able to by setting checksum in the file resource to null or undef.

info: //liferay_system/File[/etc/postfix/main.cf]: Filebucketed /etc/postfix/main.cf to puppet with sum 5df8a259e6eaf620fe70d6d4f30442e1
debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing /etc/postfix/main.cf checksum {md5}5df8a259e6eaf620fe70d6d4f30442e1 with {md5}61bcd19c95a29f17071c87c23b84579d
notice: //liferay_system/File[/etc/postfix/main.cf]/content: content changed '{md5}5df8a259e6eaf620fe70d6d4f30442e1' to 'unknown checksum'

Any help would surely be appreciated.

Thanks,

John

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[John Martin]

Thanks Patrick!

I like the separation of the values being set and adding the comments.  That makes complete sense.

As for the over-writing of the values, you were absolutely right.  The main.cf was being managed by a different class that another Ops engineer had implemented and I was unaware of.  I did away with Augeas after detecting that.

Regards,

John