How to restart Winbind when hung?
659 views
Skip to first unread message
Adam
Jul 18, 2012, 10:08:26 AM7/18/12
to puppet...@googlegroups.com
Hello fellow puppet masters,
We currently use winbind to allow our admins to log onto our Linux servers with their Windows AD accounts. Every now and then, a comms issue will drop AD out from under the server, which causes winbind to stop checking AD. The service is still technically running though, so puppet thinks everything is fine. I can run a "getent passwd <username>" to verify that winbind is or isn't working.
So I wanted to utilize that check and have my winbind service entry to subscribe to this exec:
service{ 'winbind':
exec{ 'check-winbind':
So when the command failed, that would trigger puppet to restart the service. But when the check would return 0 (because it couldn't find user in AD), puppet gives me the following:
Service[winbind]: Dependency Exec[check-winbind] has failures: true
Service[winbind]: Skipping because of failed dependencies
Not what I wanted to see... though I do understand why it is saying it (just not how to change it). So what I ended up doing was turning the command into an "unless" statement, and set the "command" to be "service winbind restart", and remove the subscribe statement form my winbind service entry. Now, this works... but it just seems silly to me to have to restart the service via an exec statement when I am already monitoring the winbind service.
Any ideas on how to simplify this and get it back to my original goal of subscribing the service to this check? Thanks!
We currently use winbind to allow our admins to log onto our Linux servers with their Windows AD accounts. Every now and then, a comms issue will drop AD out from under the server, which causes winbind to stop checking AD. The service is still technically running though, so puppet thinks everything is fine. I can run a "getent passwd <username>" to verify that winbind is or isn't working.
So I wanted to utilize that check and have my winbind service entry to subscribe to this exec:
service{ 'winbind':
enable => true,
ensure => running,
subcribe => Exec['check-winbind'];
}ensure => running,
subcribe => Exec['check-winbind'];
path => ['/usr/bin','/sbin','/bin'],
command => ['getent passwd user | grep -c user'],
}command => ['getent passwd user | grep -c user'],
So when the command failed, that would trigger puppet to restart the service. But when the check would return 0 (because it couldn't find user in AD), puppet gives me the following:
Service[winbind]: Dependency Exec[check-winbind] has failures: true
Service[winbind]: Skipping because of failed dependencies
Not what I wanted to see... though I do understand why it is saying it (just not how to change it). So what I ended up doing was turning the command into an "unless" statement, and set the "command" to be "service winbind restart", and remove the subscribe statement form my winbind service entry. Now, this works... but it just seems silly to me to have to restart the service via an exec statement when I am already monitoring the winbind service.
Any ideas on how to simplify this and get it back to my original goal of subscribing the service to this check? Thanks!
Matthew Burgess
Jul 18, 2012, 10:59:50 AM7/18/12
to puppet...@googlegroups.com
example would then read:
service{ 'winbind':
enable => true,
ensure => running,
}
I suspect this overrides the usual puppet behaviour of using 'service
winbind status' to perform the status check, but that may not be an
issue in your case.
Regards,
Matt.
Adam
Jul 19, 2012, 4:06:29 PM7/19/12
to puppet...@googlegroups.com, matthew....@googlemail.com
Matt,
Good thinking, I hadn't thought of that! Even though it does override the usual puppet behavior, if winbind is stopped then that query will also fail; therefore, the functionality is all still there. Thanks!
Adam
Good thinking, I hadn't thought of that! Even though it does override the usual puppet behavior, if winbind is stopped then that query will also fail; therefore, the functionality is all still there. Thanks!
Adam
Reply all
Reply to author
Forward
0 new messages