Puppet users - Oct 2010 - Problem overriding file resource in 2.6.x

Hi folks,

I have a couple of classes to manage ssh servers. All my hosts include
ssh::server which manages a generic config file, and some of them
include ssh::server::forceip which use a template to force sshd to bind
on specific IP addresses. Here is the code:

class ssh::server {

        $servicename = $osvendor ? {
                "redhat" => "sshd",
                "debian" => "ssh",
        }

        package { "openssh-server": ensure => installed }

        service { $servicename:
                ensure => running,
                enable => true,
                require => Package["openssh-server"],
                subscribe => Package["openssh-server"],
        }

        file { "/etc/ssh/sshd_config":
                source => "puppet:///modules/ssh/sshd_config",
                owner => "root",
                group => "root",
                mode => 0400,
                notify => Service[$servicename],
        }

}

class ssh::server::forceip inherits ssh::server {

        File["/etc/ssh/sshd_config"] {
                content => template("ssh/sshd_config.erb"),
                source => undef,
        }

}

Everything works as intended with 0.25.x clients (with 0.25.x or 2.6.x
puppetmaster).

I have a test puppetmaster running 2.6.x (both client and server, I use
RPM packages from tmz-puppet repo:
puppet{,-server}-2.6.3-0.2.rc1.el5). This host includes the
ssh::server::forceip class. From time to time, the sshd_config file from
the ::forceip class gets overwritten by the generic one, then comes back
on the next run. I can''t see anything changing between runs; the
ssh::server::forceip class is still in classes.txt.

What am I doing wrong?

-- 
Arnaud

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Oct 21, 7:54 am, Arnaud Gomes-do-Vale <Arnaud.Go...@ircam.fr>
wrote:
> class ssh::server {
[...]
>         file { "/etc/ssh/sshd_config":
>                 source => "puppet:///modules/ssh/sshd_config",
>                 owner => "root",
>                 group => "root",
>                 mode => 0400,
>                 notify => Service[$servicename],
>         }
>
> }
>
> class ssh::server::forceip inherits ssh::server {
>
>         File["/etc/ssh/sshd_config"] {
>                 content => template("ssh/sshd_config.erb"),
>                 source => undef,
>         }
>
> }
>
> Everything works as intended with 0.25.x clients (with 0.25.x or 2.6.x
> puppetmaster).
>
> I have a test puppetmaster running 2.6.x (both client and server, I use
> RPM packages from tmz-puppet repo:
> puppet{,-server}-2.6.3-0.2.rc1.el5). This host includes the
> ssh::server::forceip class. From time to time, the sshd_config file from
> the ::forceip class gets overwritten by the generic one, then comes back
> on the next run. I can''t see anything changing between runs; the
> ssh::server::forceip class is still in classes.txt.
>
> What am I doing wrong?
Are you sure that your sshd_config.erb template is not to blame?  That
is, could it under some circumstances produce output that looks like
the generic file?

If the template is not the problem then I would suspect the fact that
you are using both the ''source'' and the
''content'' properties of the
file (but if that''s it, then I''d account it a Puppet bug). 
Even
though ::sourceip overrides ''source'' to undef, it would be
cleaner
either for both to use ''source'' or for both to use
''content''.
Converting a static source file to a template should be trivial.

You might consider, however, doing away with the ::forceip subclass
altogether, relying instead on a single template to handle all nodes.
The template would probably be a bit more complicated than your
current one, but you would get rid of an entire class and an entire
static file from you configuration -- probably a win overall.


Cheers,

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Arnaud Gomes-do-Vale <Arnaud.Gomes@ircam.fr> writes:
> What am I doing wrong?
I had an old puppetd process running while it should have been killed
weeks ago. I have killed it this afternoon and it looks like everything
is working properly now.

-- 
Arnaud

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.