Puppet users - Apr 2007 - Best practice: how to set up mountpoints?

Hi,

[Note: I''ve been saving up my puppet questions for a free moment so
pardon my bombardment of the list]

What''s the best way to set up mounts and mountpoints with puppet?

I am currently using something like:

----
class software_depot_client {
  # create NFS mountpoint
  file { "/mnt/nfs/repository":
    path => "/mnt/nfs/repository",
    ensure => directory,
    recurse => true
  }
#     owner => "root",
#     group => "root",
#     mode => "0777",

  # mount NFS partition
  mount { "/mnt/nfs/repository":
    device => "repohost.example.edu:/repository",
    fstype => nfs,
    options => "ro,tcp,bg,intr,soft,nfsvers=3",
    dump => 0,
    pass => 0,
    ensure => mounted
  }
#    require => File["/mnt/nfs/repository"],
}
----

The NFS part works fine - the proper line is added to /etc/fstab, the
volume mounts, etc.

The problem comes in when setting up the actual mountpoint directory. If
the directory /mnt/nfs/repository doesn''t exist, the mount{}
declaration
fails as expected. If /mnt/nfs/repository doesn''t exist, it gets
created
by the file{} declaration. Howevery, if /mnt/nfs/repository exists and
the remote volume is mounted (in this case having ownership
nfsnobody:nfsnobody and permissions 0666 instead of root:root 0777)
puppet gets crabby trying to fix permissions and ownership. The
''require
=> File[]'' argument doesn''t seem to help; I''m
missing how to tell puppet
to not try to create the mountpoint or tweak its permissions if a volume
is already mounted there.

I''ve checked the docs and the recipes and I know I''m missing
something
important.

Thanks,

-- Bob

Hi,

One more thing: why would puppetd be scanning the entire tree under
/mnt/nfs/repository? Out of curiousity, I ran strace against puppet and
saw a lot of entries like:

...
gettimeofday({1177907995, 799445}, NULL) = 0
select(6, [4], [], [], {0, 0})          = 0 (Timeout)
stat64("/mnt/nfs/repository/yum/centos/2.1/source",
{st_mode=S_IFDIR|0555, st_size=64, ...}
) = 0
stat64("/mnt/nfs/repository/yum/centos/2.1/source",
{st_mode=S_IFDIR|0555, st_size=64, ...}
) = 0
lstat64("/mnt/nfs/repository/yum/centos/2.1/source",
{st_mode=S_IFDIR|0555, st_size=64, ...
}) = 0
stat64("/mnt/nfs/repository/yum/centos/2.1/source",
{st_mode=S_IFDIR|0555, st_size=64, ...}
) = 0
geteuid32()                             = 0
open("/mnt/nfs/repository/yum/centos/2.1/source",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTO
RY) = 6
fstat64(6, {st_mode=S_IFDIR|0555, st_size=64, ...}) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC)         = 0
lseek(6, 0, SEEK_SET)                   = 0
...

and I don''t recall telling puppet to go rummaging through the
repository
(this is on a CentOS 4.4 box so I''m doubly confused by it wandering
through the CentOS 2.1 repository tree...)

I wouldn''t care so much but puppet is eating up a single CPU on this
box
 which (IIRC) wasn''t happening before I put this mount in place. It may
be a different manifest that''s causing the issue; I don''t
know.

-- Bob

On Apr 29, 2007, at 11:43 PM, Bob Apthorpe wrote:
> One more thing: why would puppetd be scanning the entire tree under
> /mnt/nfs/repository? Out of curiousity, I ran strace against puppet  
> and
> saw a lot of entries like:
Because you have ''recurse => true'' in the File declaration.

  --
  No matter how rich you become, how famous or powerful, when you die
  the size of your funeral will still pretty much depend on the
  weather.        -- Michael Pritchard
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On Apr 29, 2007, at 9:56 PM, Bob Apthorpe wrote:
>
> The problem comes in when setting up the actual mountpoint  
> directory. If
> the directory /mnt/nfs/repository doesn''t exist, the mount{}  
> declaration
> fails as expected. If /mnt/nfs/repository doesn''t exist, it gets  
> created
> by the file{} declaration. Howevery, if /mnt/nfs/repository exists and
> the remote volume is mounted (in this case having ownership
> nfsnobody:nfsnobody and permissions 0666 instead of root:root 0777)
> puppet gets crabby trying to fix permissions and ownership. The  
> ''require
> => File[]'' argument doesn''t seem to help; I''m
missing how to tell
> puppet
> to not try to create the mountpoint or tweak its permissions if a  
> volume
> is already mounted there.
This is the first time I''ve heard of someone running into this problem.

I believe that mount point permissions and ownership are determined  
by the mounted filesystem, so there''s no much point in bothering to  
manage either of those for mount points.  Puppet will create them  
with reasonable permissions by default (root/root and 755, for most  
cases), and the mount will just replace them.

This is just one more reason to be able to control whether a given  
statement only creates the resource, or maybe only affects existing  
resources.  Thats been requested, but no one has implemented it yet.

  --
  A child can go only so far in life without potty training.  It is not
  mere coincidence that six of the last seven presidents were potty
  trained, not to mention nearly half of the nation''s state
legislators.
                  -- Dave Barry
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

Hi,

Luke Kanies wrote:
> On Apr 29, 2007, at 11:43 PM, Bob Apthorpe wrote:
> 
>> One more thing: why would puppetd be scanning the entire tree under
>> /mnt/nfs/repository? Out of curiousity, I ran strace against puppet  
>> and
>> saw a lot of entries like:
> 
> Because you have ''recurse => true'' in the File
declaration.
That makes sense, sort of. I added that because it seemed cleaner than
creating /mnt/nfs, then creating /mnt/nfs/repository, then mounting the
remote volume. Conveniently, there are only 2-3 places I have to back
out that change and puppet will take care of the rest. :)

-- Bob

On Apr 30, 2007, at 9:43 AM, Bob Apthorpe wrote:
>
> That makes sense, sort of. I added that because it seemed cleaner than
> creating /mnt/nfs, then creating /mnt/nfs/repository, then mounting  
> the
> remote volume. Conveniently, there are only 2-3 places I have to back
> out that change and puppet will take care of the rest. :)
Puppet can''t recursively create directories like you''re trying
to do
anyway.

It''s a long-standing feature request, but it has a simple workaround  
so I''m not inclined to provide it, and no one else has considered it  
worthy of their effort, either.

  --
  Really?  He might do it just for fun.  I know I would.  If I were God,
  I''d get together with all my other God friends and have a big party.
  We''d all get drunk and create unliftable rocks, then try to lift
them.
  It would be loads of fun!  Then I''d probably just destroy the rocks
  with a lightning bolt.  Then I''d probably pass out.  :^)
                  -- toMM, in rec.puzzles
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

Hi,

Luke Kanies wrote:
> On Apr 30, 2007, at 9:43 AM, Bob Apthorpe wrote:
>> That makes sense, sort of. I added that because it seemed cleaner than
>> creating /mnt/nfs, then creating /mnt/nfs/repository, then mounting  
>> the
>> remote volume. Conveniently, there are only 2-3 places I have to back
>> out that change and puppet will take care of the rest. :)
> 
> Puppet can''t recursively create directories like you''re
trying to do
> anyway.
> 
> It''s a long-standing feature request, but it has a simple
workaround
> so I''m not inclined to provide it, and no one else has considered
it
> worthy of their effort, either.
wrt to ''recurse => true'':

"That word - I don''t think it means what you think it means."
:)

-- Bob