Puppet does not honor 'require' modules - ruby

I have created a module to add a user as follows:
user { 'test':
ensure => 'present',
comment => 'Test User',
home => '/home/test',
shell => '/bin/bash',
managehome => 'true',
gid => 'postgres',
groups => 'users',
password => '$1$PIp.c9J6$gdAyd76OhBk7n9asda80wm0',
require => [ Package['rubygem-ruby-shadow'], Class['postgres'] ],
}
It requires the class postgres as I need its primary group to be assigned to postgres, and the rubygem-ruby-shadow dependency is for the password setup.
My problem is puppet does not honor these requirements. Puppet will always execute the useradd module first before rubygem-ruby-shadow, and this causes the password setup to fail. I have also tried to include rubygem-ruby-shadow in the same class as useradd but to no avail.
The output upon running puppet agent -t:
linux-z14x:~ # puppet agent -t
info: Caching catalog for linux-z14x.playground.local
info: /User[test]: Provider useradd does not support features manages_passwords; not managing attribute password
info: Applying configuration version '1425978163'
notice: /Stage[main]/Users/Package[rubygem-ruby-shadow]/ensure: created
notice: /User[test]/ensure: created
notice: Finished catalog run in 78.19 seconds
Running it the second time:
linux-z14x:~ # puppet agent -t
info: Caching catalog for linux-z14x.playground.local
info: Applying configuration version '1425978163'
notice: /Stage[main]/Users/User[test]/password: changed password
notice: Finished catalog run in 74.79 seconds
My rubygem-ruby-shadow class:
package { 'rubygem-ruby-shadow':
ensure => 'installed',
require => Class['myrepo'],
provider => 'zypper',
}
How do I get rubygem-ruby-shadow module to run first before the useradd?
Puppet master version is 3.7.4-1 (on CentOS) and puppet client is 2.6.12-0.10.1 (on SLES 11 SP2).
Thanks.

This is unfortunate. The provider detects the absence of ruby-shadow during agent initialization, and does not update its capabilities during the transaction.
This may be limitation of Puppet that might be fixed in a more recent version (what are you using?)
I do try and make sure to provide ruby-shadow along with Puppet itself everywhere, to avoid this very issue.

Related

How do you update a windows package using puppet, when older version is previously installed?

my puppet module is able to install the msi provided no problem on any windows machine. However the issue is, when I go to update the module and put in a newer version, it stays on the previous version instead of installing the newer version. Here's the block
package { 'AWS Command Line Interface':
ensure => "${awscli_version_for_install_windows}",
provider => 'windows',
source => "c:\windows\temp\AWSCLI_${awscli_version_for_install_windows}.msi",
install_options => ['/qn', '/norestart', '/l*v', 'c:\windows\temp\awscli.log'],
}
Hey guys so I actually found out the fix. In the install_options command you need to include “REINSTALLMODE=AMUS”
package { 'AWS Command Line Interface':
ensure => "${awscli_version_for_install_windows}",
provider => 'windows',
source => "c:\windows\temp\AWSCLI_${awscli_version_for_install_windows}.msi",
install_options => ['/qn', ‘REINSTALLMODE=AMUS’, '/norestart', '/l*v', 'c:\windows\temp\awscli.log'],
}

Executing bash script from puppet fails

I have been trying to copy and execute a shell script residing in puppet master machine to my puppet agent
This is my code
[root#ip-****** manifests]# cat site.pp
class mymodule::myklass{
file {'my_bash_script':
ensure => 'file',
source => '/etc/puppet/modules/mymodule/my_bash_script.sh',
path => '/home/ec2-user/my_bash_script.sh',
owner => 'root',
mode => '755',
notify => Exec['run_my_script'],
}
exec { 'run_my_script':
command => '/home/ec2-user/my_bash_script.sh',
}
}
include mymodule::myklass
my script:
[root#ip-********* mymodule]# cat my_bash_script.sh
#!/bin/sh
mv /usr/bin/node /usr/bin/bnode
ln -s /usr/local/bin/node /usr/bin/node
mv /usr/bin/npm /usr/bin/bnpm
ln -s /usr/local/bin/npm /usr/bin/npm
I am getting the following error:
[root#ip-*********** /]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for ip*****************8
Info: Applying configuration version '1472235841'
Error: /Stage[main]/Mymodule::Myklass/File[my_bash_script]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///modules/mymodule/my_bash_script.sh
Notice: /Stage[main]/Mymodule::Myklass/Exec[run_my_script]: Dependency File[my_bash_script] has failures: true
Warning: /Stage[main]/Mymodule::Myklass/Exec[run_my_script]: Skipping because of failed dependencies
Notice: Finished catalog run in 0.08 seconds
Can anyone please help me resolve this error?
You have to use the puppet module URI to source your file resources if they are located in your module/files directories:
file {'my_bash_script':
ensure => 'file',
source => 'puppet:///modules/mymodule/my_bash_script.sh',
path => '/home/ec2-user/my_bash_script.sh',
owner => 'root',
mode => '755',
notify => Exec['run_my_script'],
}
Note the documentation here: https://docs.puppet.com/puppet/latest/reference/types/file.html#file-attribute-source
If it still fails with that error, then that means the file is missing from your $modulepath/mymodule/files/my_bash_script.sh so you need to place it there.
Furthermore, your bash script could be converted to intrinsic Puppet DSL, and it is odd that you are including a class inside of itself at the end.

Dependency loop during Pupppet provisioning due missing OS package

Im trying to provision my development server using Vagrant and Puppet. Below is some of my Puppet Manifest at this point. The issue im having is that im ending up in a dependency loop which is ofcourse correct. The only problem is that i dont see a way to do it without so therefor i need some help.
Im using the latest version of the box provided by Puppetlabs named puppetlabs/ubuntu-14.04-64-puppet. While adding a PPA to the package manager i receive an error that apt-add-repository is not available. Therefor you need to install the software-properties-common package.
The only problem is that before installing this package, you need to run apt-get update. The second problem is that the manifest wont accept it and it will try to add the PPA before so that, ofcourse which is a logic conclusion, it only has to update the package manager once. But by picking this last solution i will end up in a loop which triggers an error:
==> default: Error: Failed to apply catalog: Found 1 dependency cycle:
==> default: (Exec[add-apt-repository-ppa:ondrej/php-7.0] => Class[Apt::Update] => Exec[apt_update] => Class[Apt::Update] =>
Package[git] => Class[Systempackages] => Apt::Ppa[ppa:ondrej/php-7.0]
=> Exec[add-apt-repository-ppa:ondrej/php-7.0])
class systempackages {
package { [ 'git', 'curl', 'acl', 'unattended-upgrades', 'vim', 'software-properties-common']:
ensure => "installed",
require => [
Class['apt::update'],
],
}
}
/*===========================================*/
## System
Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
class{'systempackages':}
# APT
class { 'apt':
update => {
frequency => 'always',
},
}
apt::ppa { 'ppa:ondrej/php-7.0':
before => Package['php7.0-cli'],
require => Class['systempackages'],
}
# PHP
package {'php7.0-cli':
ensure => 'installed',
}
Given that this is on vagrant, I suggest installing package software-properties-common manually as part of your Vagrantfile.
Something like config.vm.provision "shell", inline: "apt-get update && apt-get install software-properties-common should work.
The circular dependency reflects the fact that Puppet is not a provisioning system. It can be used by a provisioning system or in conjunction with one, but it depends on a fairly substantial software stack being available before it can get off the ground. If Package 'software-properties-common' is necessary for full functioning of the Apt subsystem, then your best bet is to rely on your provisioning system to install it, so that it is available before Puppet ever runs, and to avoid declaring any relationship between that package and the classes and resources of the Apt module.
You are also impacted by the puppetlabs-apt module being quite good about declaring the relationships needed to ensure proper order of application. This is a double-edged sword, however: people cause themselves trouble with surprising frequency by declaring their own relationships with classes or defined types from that module that conflict with the ones it declares itself. In particular, it is asking for trouble to have your Apt::ppa resource require a class containing resources that themselves require any class or resource from the Apt module.
In any case, class apt::update is not a public class of the module. The main implication is that code outside the module should not reference it in any way. You should instead rely on the value you provided for class parameter $apt::update to instruct Puppet to perform an apt-get update at a suitable time.

Puppet - unable to execute ONLY ONCE ordered chain of Exec commands after notification

TLDR:
I can't configure ordered chain of Puppet "Exec" commands to run ONLY ONCE.
Details:
I want to use Vagrant and Puppet modules to setup VM with installed Redmine and some sample data loaded into it.
I'm using https://forge.puppetlabs.com/johanek/redmine and it works great - Redmine is installed and it works.
My goal:
Now I want to load sample data into Redmine using REST API:
Create 1 test project
Import 2 issues into this project
I want to run 2 simple "Exec", one after another and ONLY ONCE, but I can't achieve this, hence the question.
My current effort:
I've tried to subscribe to one of latest steps in redmine installation
subscribe => [Exec['rails_migrations']]
and then import data, but the first step "create-project1" always notifies second step "import-issues", so it creates duplicated data.
And if run vagrant provision few times, the "import-issues" creates duplicates of this issues.
Here is my code:
exec {'create-project1':
subscribe => [Exec['rails_migrations']],
path => ['/usr/bin', '/usr/sbin', '/bin'],
creates => "$redmine_install_dir/.data_loaded",
command => "curl WHICH_CREATES_PROJECT && touch $redmine_install_dir/.data_loaded",
notify => [Exec['import-issues']],
} ->
exec {'import-issues':
path => ['/usr/bin', '/usr/sbin', '/bin'],
command => "curl WHICH_IMPORTS_ISSUES",
refreshonly => true,
}
Question:
How to configure those Exec commands to run in chain and ONLY ONCE?
Im also thinking about extending this chain to 5 commands in near future, so keep that in mind.
you were almost there with 'ONLY ONCE' - Puppet has onlyif properties that you can include in your exec block to test if a file already exists or not.
you could then do something like
exec {'create-project1':
subscribe => [Exec['rails_migrations']],
path => ['/usr/bin', '/usr/sbin', '/bin'],
onlyif => "test ! -f $redmine_install_dir/.data_loaded"
command => "curl WHICH_CREATES_PROJECT && touch $redmine_install_dir/.data_loaded",
notify => [Exec['import-issues']],
which test on the existence of the $redmine_install_dir/.data_loaded- you should be able to play a bit with that to achieve what you want

Telling Puppet to only run an install if registry key is not present

I have written manifest that installs an .exe and applies a hotfix to it every-time it installs on a new machine.
windowsinstaller { 'AppFabric install 1.1 install':
software_title => 'AppFabric 1.1 for Windows Server',
software_path => '/Microsoft/AppFabric1.1/WindowsServerAppFabricSetup_x64.exe',
install_options => ['/i','/SkipUpdates'],
}
windowsinstaller { 'AppFabric 1.1 HotFix install':
software_title => 'Windows Server AppFabric v1.1 CU5 [KB2932678]',
software_path => '/Microsoft/AppFabric1.1/AppFabric1.1-KB2932678-x64-ENU.exe',
install_options => ['/q','/norestart'],
subscribe => Windowsinstaller['AppFabric install 1.1 install']
}
service { 'Remote Registry Service':
name => 'RemoteRegistry',
ensure => running,
restart => true,
}
I am trying to get this install to run only if it's registry key is absent.
Using puppetlabs registry module you can manage keys, redirect them, and change the values.
reference: http://puppetlabs.com/blog/module-of-the-week-puppetlabs-registry-windows
Unfortunately, I can't seem to find a way to simply check if the key is there, I can either delete it or make sure its present using ensure => present and ensure => absent.
As I can't put resources into variables I am finding it hard to use conditional statements, and as present and absent set the key instead of check it, I don't think I can use meta parameters with the registry_key resource.
I know that I can wrap everything in an if statement and use a custom fact but I have been told that this is not the right way to proceed.
If anyone has an example of where this has been done before either using this module or something else registered in the puppet forge or any ideas it would be greatly appreciated.
The user manbart found the answer 7 months ago with this question
Exec onlyif registry value is not present
calling reg.exe to query the registry in an exec resource.

Resources