Puppet users - Dec 2008 - setting file seltype and service refreshes ...

Hello,

I have various files where i set the SELinux type (seltype). It gets
set everytime puppet runs even if the file doesn''t change. Adding a
refresh to a file also causes the service to restart everytime. Anyone
else see this?

Gary
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

What version of Puppet do you have?

Anyone else seeing this?


On Wed, Dec 31, 2008 at 12:53 PM, gary <garyyuen@gmail.com> wrote:
>
> Hello,
>
> I have various files where i set the SELinux type (seltype). It gets
> set everytime puppet runs even if the file doesn''t change. Adding
a
> refresh to a file also causes the service to restart everytime. Anyone
> else see this?
>
> Gary
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Andrew,

0.24.7 on both client and server.


On Jan 1, 1:45 pm, "Andrew Shafer" <and...@reductivelabs.com>
wrote:
> What version of Puppet do you have?
>
> Anyone else seeing this?
>
> On Wed, Dec 31, 2008 at 12:53 PM, gary <garyy...@gmail.com> wrote:
>
> > Hello,
>
> > I have various files where i set the SELinux type (seltype). It gets
> > set everytime puppet runs even if the file doesn''t change.
Adding a
> > refresh to a file also causes the service to restart everytime. Anyone
> > else see this?
>
> > Gary
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Sounds like a bug :/

Do you have logs of that it is setting.

Sounds like it doesn''t compare current state correctly. (Assuming it is
setting it correctly)


On Thu, Jan 1, 2009 at 9:59 AM, gary <garyyuen@gmail.com> wrote:
>
> Andrew,
>
> 0.24.7 on both client and server.
>
>
> On Jan 1, 1:45 pm, "Andrew Shafer"
<and...@reductivelabs.com> wrote:
> > What version of Puppet do you have?
> >
> > Anyone else seeing this?
> >
> > On Wed, Dec 31, 2008 at 12:53 PM, gary <garyy...@gmail.com>
wrote:
> >
> > > Hello,
> >
> > > I have various files where i set the SELinux type (seltype). It
gets
> > > set everytime puppet runs even if the file doesn''t
change. Adding a
> > > refresh to a file also causes the service to restart everytime.
Anyone
> > > else see this?
> >
> > > Gary
> >
> >
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

gary wrote:
> 0.24.7 on both client and server.
What OS?  As I understand, 0.24.7 requires the libselinux-ruby
bindings, which are only available on Fedora >= 9.  I''ve noticed
that
on my Centos 5 boxes, that any selinux parameters cause puppet to log
that the resource was changed, but I haven''t looked at it closer.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The future isn''t what it used to be.
    -- Arthur C. Clarke

:) It is CentOS. I checked and it''s not setting the seltype.

I couldn''t find libselinux-ruby in EPEL. I couldn''t find a
source RPM
anywhere either.

On Jan 2, 12:12 pm, Todd Zullinger <t...@pobox.com>
wrote:
> gary wrote:
> > 0.24.7 on both client and server.
>
> What OS?  As I understand, 0.24.7 requires the libselinux-ruby
> bindings, which are only available on Fedora >= 9.  I''ve
noticed that
> on my Centos 5 boxes, that any selinux parameters cause puppet to log
> that the resource was changed, but I haven''t looked at it closer.
>
> --
> Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL:www.pobox.com/~tmz/pgp
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> The future isn''t what it used to be.
>     -- Arthur C. Clarke
>
>  application_pgp-signature_part
> < 1KViewDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

gary wrote:
> :) It is CentOS. I checked and it''s not setting the seltype.
> 
> I couldn''t find libselinux-ruby in EPEL. I couldn''t find
a source
> RPM anywhere either.
Correct.  The ruby bindings are built from the main libselinux
package.  And libselinux on CentOS is a lot older than on Fedora.  I
don''t know yet if it will be possible to get ruby bindings for selinux
on CentOS.  I''ve been meaning to ask Dan Walsh and the fedora-selinux
list about that...

For puppet, it seems that ignoring these parameters when selinux
support is not available would be appropriate.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In their enthusiasm for frequent travel through the Doors of
Perception, far too many get hung up on the doorknob.
    -- M. Domalgowski