For those running selinux, have you seen these in your logs whenever puppetd runs: type=AVC msg=audit(01/30/2008 16:37:03.193:877) : avc: denied { write } for pid=14469 comm=semanage path=/tmp/puppet.14421.0 dev=dm-3 ino=18 scontext=root:system_r:semanage_t:s0-s0:c0.c1023 tcontext=root:object_r:tmp_t:s0 tclass=file It seems to be caused when puppetd tries to write to /tmp (I assume it keeps some sort of state information here temporarily?). johnn
Johnny Tan wrote:> For those running selinux, have you seen these in your logs > whenever puppetd runs: > > type=AVC msg=audit(01/30/2008 16:37:03.193:877) : avc: > denied { write } for pid=14469 comm=semanage > path=/tmp/puppet.14421.0 dev=dm-3 ino=18 > scontext=root:system_r:semanage_t:s0-s0:c0.c1023 > tcontext=root:object_r:tmp_t:s0 tclass=file > > It seems to be caused when puppetd tries to write to /tmp (I > assume it keeps some sort of state information here > temporarily?).Basically, puppet uses temporary files to capture output of commands. IE, when running command "foo" it does foo > /tmp/puppet.$$ and then picks up the contents of /tmp/puppet.$$ after the command has completed. However, a number of commands, including semanage, are restricted by SELinux policy from writing out to any files, even temporary files. If you''re writing your own native type, you can check out how I worked around it in the provider for my selmodule type: http://spook.wpi.edu -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
Hey guys, I recently setup storeconfigs with a MySQL database and am giddy over all the information available in one location. I like writing SQL queries a lot more than parsing logfiles :-) Anyway, has anyone written a web interface for browsing/reporting on this data? [1] The first feature that comes to mind is a simple table listing all hosts and the last time they were updated. Those updated in the last hour would be color-coded green, others (presumably out-of-date) would be red. Summary reports would also be nice, listing parameters and how many hosts have it (how many are running RHEL4, etc.). I could whip something together using PHP, but I see two possible drawbacks. 1. Somebody already wrote such an app. 2. Puppet developers (especially Luke) may cringe, wanting it to be written in Ruby. Thanks! [1] I noticed PuppetShow in the wiki, but I''m not sure if that utilizes the DB. Plus it looks a little outdated. ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
On Feb 1, 2008, at 10:19 AM, John Philips wrote:> recently setup storeconfigs with a MySQL database > and am giddy over all the information available in one > location. I like writing SQL queries a lot more than > parsing logfiles :-) > > Anyway, has anyone written a web interface for > browsing/reporting on this data? [1]http://reductivelabs.com/trac/puppetshow In other words, yes. It''s not all that up to date, but it''s decent. -- If there is anything the nonconformist hates worse than a conformist, it''s another nonconformist who doesn''t conform to the prevailing standard of nonconformity. --Bill Vaughan --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On Jan 31, 2008, at 4:27 PM, Luke Kanies wrote:> On Feb 1, 2008, at 10:19 AM, John Philips wrote: > >> recently setup storeconfigs with a MySQL database >> and am giddy over all the information available in one >> location. I like writing SQL queries a lot more than >> parsing logfiles :-) >> >> Anyway, has anyone written a web interface for >> browsing/reporting on this data? [1] > > > http://reductivelabs.com/trac/puppetshow > > In other words, yes. > > It''s not all that up to date, but it''s decent.I''m almost back to a point where I can start working on it again. I''ll be setting up a test environment shortly, the main features I''ll be working on are: 1. ACL system 2. A portal with various general stats, etc. 3. Updating to Rails 2.0.2 4. Freezing the puppet gem in vendor/gems, removing duplicate model code, etc. 5. Adding support for report data/graphs. 6. Adding support for my relation_browser plugin I''m considering using hobo (http://hobocentral.net) for some of this, it has a nice template language and ACL stuff baked-in. -Blake