Puppet users - May 2007 - Purging issue

I have a little issue with purging. I use:

        file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
                ensure  =>      directory,
                mode    =>      0700,
                recurse =>      true,
                purge   =>      true,
        }

 but purging does not work, i can do a touch 
/etc/shorewall/puppet/rules/blahblah  and the file is not purged at all. 
I use puppetversion => 0.22.4

i tried also just:


        file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
                purge   =>      true,
        }


but this does not change anything.


mainhost:/etc/shorewall%(root)> /usr/bin/sudo /usr/bin/puppetd --config 
/usr/local/.aqadmin/etc/puppetd.conf --onetime --test --debug|grep -i rules
debug: 
//mainhost.aqserver.net/shorewall-rule[backupserver-to-host]/File[/etc/shorewall/puppet/rules/200]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[backupserver-to-host]/File[/etc/shorewall/puppet/rules/200]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall-rule[monitoring-to-host]/File[/etc/shorewall/puppet/rules/201]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[monitoring-to-host]/File[/etc/shorewall/puppet/rules/201]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall/shorewall-realize[rules]/Exec[shorewall-sort-rules]/notify:
subscribes to Service[shorewall]
debug: 
//mainhost.aqserver.net/shorewall-rule[serverguard-to-host]/File[/etc/shorewall/puppet/rules/202]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[serverguard-to-host]/File[/etc/shorewall/puppet/rules/202]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: 
Autorequiring File[/etc/shorewall/puppet]
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/200] 
=> shorewall-realize[rules]: false
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/202] 
=> shorewall-realize[rules]: false
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/201] 
=> shorewall-realize[rules]: false
debug: //mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet]: 
Not managing more explicit file /etc/shorewall/puppet/rules
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/202
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/200
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/201
mainhost:/etc/shorewall%(root)> ll puppet/rules
total 24K
drwx------ 2 root root 4096 May 15 08:50 .
drwx------ 9 root root 4096 May 15 08:37 ..
-rw-r--r-- 1 root root   28 May 15 08:37 200
-rw-r--r-- 1 root root   67 May 15 08:37 201
-rw-r--r-- 1 root root   67 May 15 08:44 202
-rwx------ 1 root root   28 May 15 08:39 209
-rwx------ 1 root root    0 May 15 08:50 blahblah


the 209 and blahblah are NOT managed by puppet but are still there. Any 
ideas why it fails  ?

-- 
Cordialement,
Ghislain


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

ADNET Ghislain a écrit :
> I have a little issue with purging. I use:
>
>        file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
>                ensure  =>      directory,
>                mode    =>      0700,
>                recurse =>      true,
>                purge   =>      true,
>        }
>
> but purging does not work, i can do a touch 
> /etc/shorewall/puppet/rules/blahblah  and the file is not purged at 
> all. I use puppetversion => 0.22.4
curiously it work with:

    file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
                ensure  =>      directory,
                recurse =>      true,
                purge   =>      true
        }


so it seems mode and owner prevent purge from working. I was knowing 
that owner prevented the purge but not the mode now i know :)


-- 
Cordialement,
Ghislain



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On May 15, 2007, at 5:50 AM, ADNET Ghislain wrote:
> curiously it work with:
>
>    file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
>                ensure  =>      directory,
>                recurse =>      true,
>                purge   =>      true
>        }
>
>
> so it seems mode and owner prevent purge from working. I was  
> knowing that owner prevented the purge but not the mode now i know :)
In the currently released version, setting any property is sufficient  
to have a file considered to be managed and thus not open to purging.

In SVN, I''ve fixed this so that if you are doing a remote copy and  
have purge enabled, then local files that are not otherwise managed  
will be purged regardless of the other properties you set.

However, what you''re doing here looks like it''s just an rm -rf
in
that directory, right?  Why not just do ensure => absent?

  --
  I don''t know the key to success, but the key to failure is trying to
  please everybody.  -- Bill Cosby
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

> However, what you''re doing here looks like it''s just an
rm -rf in
> that directory, right?  Why not just do ensure => absent?
>
>   
in fact i use the directory to build firewall rules. Each rule create 
one file, at the end i do a cat directory/* > myconfigfile. With purge 
if there is any file that is not managed (read a firewall rule that has 
been removed) it is purged by puppet and the type notify a function that 
reconstruct the rules files that triggers a restart of the firewall.  
When i finish this i will try to publish it as a module to manage 
shorewall with puppet :)

  I am in early beta right now with the purging working.  Using text 
replacement in files would not have worked when i removed a rules 
because i would have to explicitly  delete it. Using this trick i can be 
sure only the rules i define are in my shorewall config :)  This feature 
is really excellent i love it !  I also use this to manage the 
/etc/apt/sources.list.d  directory in etch . Far easier than to manage  
the sources.list file itself thanks to puppet :)


-- 
Cordialement,
Ghislain



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On May 15, 2007, at 3:57 PM, ADNET Ghislain wrote:
> in fact i use the directory to build firewall rules. Each rule  
> create one file, at the end i do a cat directory/* > myconfigfile.  
> With purge if there is any file that is not managed (read a  
> firewall rule that has been removed) it is purged by puppet and the  
> type notify a function that reconstruct the rules files that  
> triggers a restart of the firewall.  When i finish this i will try  
> to publish it as a module to manage shorewall with puppet :)
>
>  I am in early beta right now with the purging working.  Using text  
> replacement in files would not have worked when i removed a rules  
> because i would have to explicitly  delete it. Using this trick i  
> can be sure only the rules i define are in my shorewall config :)   
> This feature is really excellent i love it !  I also use this to  
> manage the /etc/apt/sources.list.d  directory in etch . Far easier  
> than to manage  the sources.list file itself thanks to puppet
Ah, I see.  In that case, I would set the owner/mode on the file as  
you create it, and then purge with no owner/mode setting.  That''s the  
only way to make it work at the moment.

I could possibly make this work, but I hadn''t thought about it.  Hmm.

  --
  You''ve achieved success in your field when you don''t know
whether what
  you''re doing is work or play.  -- Warren Beatty
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

> Ah, I see.  In that case, I would set the owner/mode on the file as  
> you create it, and then purge with no owner/mode setting.  That''s
the
> only way to make it work at the moment.
>
> I could possibly make this work, but I hadn''t thought about it. 
Hmm.
>   
yes i done it now but i ..by default... you allways choose the lazy way :)
but working like that is fine, it''s just to know that purging requires 
to be conservative on the directory.

The more i use puppet the more i love it, thanks Luke ! :)

-- 
Cordialement,
Ghislain


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users