Puppet users - Jun 2010 - Augeas problem changing values in postfix/main.cf

I have been working with the Augeas resource command and having a
difficult time.  At this point I am perplexed as to why the following
code doesn''t work.  I have the following rule for updating the main.cf
file to change an existing value and to add a new element with
comments:

        augeas { "dkim-postfix-settings":
                require => Package["postfix"],
                context => "/files/etc/postfix/main.cf",
                changes => [
                        "set mailbox_size_limit 50000",
                        "set non_smtpd_milters inet:localhost:20209",
                        "ins #comment before non_smtpd_milters",
                        "set #comment[.='''']
''DKIM Settings''"
                ]
        }

When I run puppetd on the client I get the following debug statement
and I do not get what I am expecting:

--- /etc/postfix/main.cf        2010-06-17 13:27:52.000000000 -0400
+++ /tmp/puppet-diffing.8851.0  2010-06-17 13:27:53.000000000 -0400
@@ -672,6 +672,4 @@
 smtpd_sasl_local_domain = $myhostname
 smtp_sasl_security_options = noplaintext
 smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
-mailbox_size_limit = 50000
-# DKIM Settings
-non_smtpd_milters = inet:localhost:20209
+mailbox_size_limit = 256000000

The issues that I have are:

1) Instead of adding the new setting non_smtpd_milters, the diff is
showing that it is removing it.  The main.cf file does not get
update.

2) It is very odd that the ''mailbox_size_limit'' variable
instead of
being set to the value in the rule, it is reset to the run-time value
in Postfix.  If I manually edit the file and change it to something
other than 256000000 it is still restored to that value no mater what
I do.

What am I doing wrong?

Thanks,

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have done some further experimenting and found things even more
perplexing.  The rule is now just adding the new values that I need.  The
rule is:

        augeas { "dkim-postfix-settings":
                require => Package["postfix"],
                context => "/files/etc/postfix/main.cf",
                changes => [
                        "set smtpd_milters inet:localhost:20209",
                        "set non_smtpd_milters inet:localhost:20209",
                        "ins #comment before smtpd_milters",
                        "set #comment[.='''']
''Settings for implementation of
DKIM''",
                ],
                onlyif => "match smtpd_milters size == 0"
        }

When I run ''puppetd -t'' on the client, sometimes it adds the
lines into the
main.cf configuration file and on subsequent runs it removes it.  It is not
consistent.  I do not understand why it would remove the values.

Also when I run puppetd with the --debug switch I see the following:

debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
root /, lens path , flags 0
debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
is installed
debug: Augeas[dkim-postfix-settings](provider=augeas): Will attempt to save
and only run if files changed
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params ["/files/etc/postfix/main.cf/smtpd_milters",
"inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params ["/files/etc/postfix/main.cf/non_smtpd_milters",
"inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''ins''
with params ["#comment", "before",
"/files/etc/postfix/main.cf/smtpd_milters
"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params
["/files/etc/postfix/main.cf/#comment[.='''']",
"Settings for
implementation of DKIM"]
debug: Augeas[dkim-postfix-settings](provider=augeas): Files changed, should
execute
debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
connection
debug: //dkim/Augeas[dkim-postfix-settings]: Changing returns
debug: //dkim/Augeas[dkim-postfix-settings]: 1 change(s)
debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
root /, lens path , flags 0
debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
is installed
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params ["/files/etc/postfix/main.cf/smtpd_milters",
"inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params ["/files/etc/postfix/main.cf/non_smtpd_milters",
"inet:localhost:20209"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''ins''
with params ["#comment", "before",
"/files/etc/postfix/main.cf/smtpd_milters
"]
debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set''
with params
["/files/etc/postfix/main.cf/#comment[.='''']",
"Settings for
implementation of DKIM"]
debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
connection
notice: //dkim/Augeas[dkim-postfix-settings]/returns: executed successfully

I''m not sure why it is running the commands twice.  Please note when it
does
the two sets of instructions it does add the contents to the main.cf file.
When it doesn''t, it removes the contents.  Here is the output when
puppet
removes the contents:

debug: //liferay_system/File[/etc/postfix/main.cf]/content: Executing
''diff
-u /etc/postfix/main.cf /tmp/puppet-diffing.10996.0''
--- /etc/postfix/main.cf        2010-06-17 14:00:52.000000000 -0400
+++ /tmp/puppet-diffing.10996.0 2010-06-17 14:01:15.000000000 -0400
@@ -673,6 +673,3 @@
 smtp_sasl_security_options = noplaintext
 smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
 mailbox_size_limit = 256000000
-# Settings for implementation of DKIM
-smtpd_milters = inet:localhost:20209
-non_smtpd_milters = inet:localhost:20209
debug: //liferay_system/File[/etc/postfix/main.cf]: Changing
checksum,content
debug: //liferay_system/File[/etc/postfix/main.cf]: 2 change(s)
debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing
/etc/postfix/main.cf checksum {md5}61bcd19c95a29f17071c87c23b84579d with
{md5}5df8a259e6eaf620fe70d6d4f30442e1
notice: //liferay_system/File[/etc/postfix/main.cf]/checksum: checksum
changed ''{md5}61bcd19c95a29f17071c87c23b84579d'' to
''{md5}5df8a259e6eaf620fe70d6d4f30442e1''
info: //liferay_system/File[/etc/postfix/main.cf]: Filebucketed
/etc/postfix/main.cf to puppet with sum 5df8a259e6eaf620fe70d6d4f30442e1
debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing
/etc/postfix/main.cf checksum {md5}5df8a259e6eaf620fe70d6d4f30442e1 with
{md5}61bcd19c95a29f17071c87c23b84579d
notice: //liferay_system/File[/etc/postfix/main.cf]/content: content changed
''{md5}5df8a259e6eaf620fe70d6d4f30442e1'' to ''unknown
checksum''

Any help would surely be appreciated.

Thanks,

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Jun 17, 2010, at 11:04 AM, John Martin wrote:
> I have done some further experimenting and found things even more
perplexing.  The rule is now just adding the new values that I need.  The rule
is:
> 
>         augeas { "dkim-postfix-settings":
>                 require => Package["postfix"],
>                 context => "/files/etc/postfix/main.cf",
>                 changes => [
>                         "set smtpd_milters inet:localhost:20209",
>                         "set non_smtpd_milters
inet:localhost:20209",
>                         "ins #comment before smtpd_milters",
>                         "set #comment[.='''']
''Settings for implementation of DKIM''",
>                 ],
>                 onlyif => "match smtpd_milters size == 0"
>         }
This mostly looks fine to me.  The solution to the problem is lower down. 
Here''s some unasked for advice that has almost nothing to do with the
problem.  I would break this up into two statements like this:

augeas { "first":
	require => ...,
	context => ...,
	changes => [
		"set smtpd_milters inet:localhost:20209",
		"set non_smtpd_milters inet:localhost:20209",
	]
	#No onlyif
}

augeas { "second":
	require => Augeas["first"],
	context => ...,
	changes => [
		"ins #comment before smtpd_milters",
		"set #comment[.=''''] ''Settings for
implementation of DKIM''",
	]
	onlyif => #Test if comment exists
}

This means that if the settings change in value, augeas will set them back.
> When I run ''puppetd -t'' on the client, sometimes it adds
the lines into the main.cf configuration file and on subsequent runs it removes
it.  It is not consistent.  I do not understand why it would remove the values.
> 
> Also when I run puppetd with the --debug switch I see the following:
> 
> debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
root /, lens path , flags 0
> debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
is installed
> debug: Augeas[dkim-postfix-settings](provider=augeas): Will attempt to save
and only run if files changed
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/smtpd_milters",
"inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/non_smtpd_milters",
"inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''ins'' with params ["#comment", "before",
"/files/etc/postfix/main.cf/smtpd_milters"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/#comment[.='''']",
"Settings for implementation of DKIM"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): Files changed,
should execute
> debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
connection
> debug: //dkim/Augeas[dkim-postfix-settings]: Changing returns
> debug: //dkim/Augeas[dkim-postfix-settings]: 1 change(s)
> debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
root /, lens path , flags 0
> debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
is installed
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/smtpd_milters",
"inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/non_smtpd_milters",
"inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''ins'' with params ["#comment", "before",
"/files/etc/postfix/main.cf/smtpd_milters"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command
''set'' with params
["/files/etc/postfix/main.cf/#comment[.='''']",
"Settings for implementation of DKIM"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
connection
> notice: //dkim/Augeas[dkim-postfix-settings]/returns: executed successfully
> 
> I''m not sure why it is running the commands twice.  Please note
when it does the two sets of instructions it does add the contents to the
main.cf file.  When it doesn''t, it removes the contents.  Here is the
output when puppet removes the contents:
> 
> debug: //liferay_system/File[/etc/postfix/main.cf]/content: Executing
''diff -u /etc/postfix/main.cf /tmp/puppet-diffing.10996.0''
> --- /etc/postfix/main.cf        2010-06-17 14:00:52.000000000 -0400
> +++ /tmp/puppet-diffing.10996.0 2010-06-17 14:01:15.000000000 -0400
> @@ -673,6 +673,3 @@
>  smtp_sasl_security_options = noplaintext
>  smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
>  mailbox_size_limit = 256000000
> -# Settings for implementation of DKIM
> -smtpd_milters = inet:localhost:20209
> -non_smtpd_milters = inet:localhost:20209
> debug: //liferay_system/File[/etc/postfix/main.cf]: Changing
checksum,content
> debug: //liferay_system/File[/etc/postfix/main.cf]: 2 change(s)
> debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing
/etc/postfix/main.cf checksum {md5}61bcd19c95a29f17071c87c23b84579d with
{md5}5df8a259e6eaf620fe70d6d4f30442e1
> notice: //liferay_system/File[/etc/postfix/main.cf]/checksum: checksum
changed ''{md5}61bcd19c95a29f17071c87c23b84579d'' to
''{md5}5df8a259e6eaf620fe70d6d4f30442e1''
If I''m reading this bit right, you are managing main.cf with File and
Augeas.  This means that when ever File runs, it wipes out your Augeas changes. 
(Technically, File isn''t being run, but I don''t remember the
right terminology.)

If I''m right, putting "require =>
File["/etc/postfix/main.cf"] in your first augeas statement will fix
the problem with a nasty hack.  Because Augeas will always run second, the
changes will always be removed and then remade during each run.

The real solution is to do one of these:
A) Make the changes to the file on the server and dump Augeas.
B) Tell puppet to only push the file if it doesn''t exist.  I
don''t remember how to do this.  I think you might be able to by setting
checksum in the file resource to null or undef.
> info: //liferay_system/File[/etc/postfix/main.cf]: Filebucketed
/etc/postfix/main.cf to puppet with sum 5df8a259e6eaf620fe70d6d4f30442e1
> debug: //liferay_system/File[/etc/postfix/main.cf]/checksum: Replacing
/etc/postfix/main.cf checksum {md5}5df8a259e6eaf620fe70d6d4f30442e1 with
{md5}61bcd19c95a29f17071c87c23b84579d
> notice: //liferay_system/File[/etc/postfix/main.cf]/content: content
changed ''{md5}5df8a259e6eaf620fe70d6d4f30442e1'' to
''unknown checksum''
> 
> Any help would surely be appreciated.
> 
> Thanks,
> 
> John
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks Patrick!

I like the separation of the values being set and adding the comments.  That
makes complete sense.

As for the over-writing of the values, you were absolutely right.  The
main.cf was being managed by a different class that another Ops engineer had
implemented and I was unaware of.  I did away with Augeas after detecting
that.

Regards,

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.