Puppet users - Jan 2009 - Nagios_host files are mode 600, need 644

Hi, so I''m exporting a nagios_host type that gets collected by the
nagios server and each host has it''s own file, however, when each host
file is written, it''s only readable by root.  How can I make all the
files mode 644 when they''re written?  Or how would I go about using
the "file" type to make sure that all the files in a dir are mode
644?  Thanks.

Scott
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
> Hi, so I''m exporting a nagios_host type that gets collected by the
> nagios server and each host has it''s own file, however, when each
host
> file is written, it''s only readable by root.  How can I make all
the
> files mode 644 when they''re written?  Or how would I go about
using
> the "file" type to make sure that all the files in a dir are mode
> 644?  Thanks.
you can define a file resource to manage these files and set the  
appropriate modes in this resource.

have a look @ how I do it on:  
https://git.puppet.immerda.ch/?p=module-nagios;a=blob;f=manifests/init.pp;h=1df5008493aaeecae97a8a2e7754ad9e0634c604;hb=HEAD
from line 83
on.

cheers pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

The issue is that I don''t know the exact names of all the nagios_hosts
ahead of time, so I can''t declare file resources explicitly, each host
has it''s own host file.

So I''ve tried declaring a "file" resource for the directory
that the
nagios_host files get deposited in and using "recurse" to set the
permissions on all the files in the directory but I get an error in
puppet saying I have a circular dependency, I''m assuming because the
"nagios_host" type explicitly sets permissions on the files.

I''ve tried using "exec" but I need to make sure the exec gets
called
after all the nagios_hosts are collected otherwise it''s pointless but
how do you tell the exec command to run after the collection?

I''ve tried setting a "before" parameter in the exported
@@nagios_host
resource but puppet gave me an error when I tried to use the "title"
of the exec instead of the command.  I haven''t tired using the exec
command itself in the "before" parameter because it has switches, i.e.
"chmod 644 /etc/nagios3/hosts/*", and I thought it would cause
problems with spaces and it looks messier as well.  I don''t mind doing
that, though, if it works.

Cheers,
Scott

On Jan 22, 5:25 pm, Peter Meier <peter.me...@immerda.ch>
wrote:
> Hi,
>
> > Hi, so I''m exporting a nagios_host type that gets collected
by the
> > nagios server and each host has it''s own file, however, when
each host
> > file is written, it''s only readable by root.  How can I make
all the
> > files mode 644 when they''re written?  Or how would I go about
using
> > the "file" type to make sure that all the files in a dir are
mode
> > 644?  Thanks.
>
> you can define a file resource to manage these files and set the  
> appropriate modes in this resource.
>
> have a look @ how I do it on:
 https://git.puppet.immerda.ch/?p=module-nagios;a=blob;f=manifests/ini...from
line 83  
> on.
>
> cheers pete
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jan 22, 2009, at 4:55 PM, Scott wrote:
> The issue is that I don''t know the exact names of all the
nagios_hosts
> ahead of time, so I can''t declare file resources explicitly, each
host
> has it''s own host file.
>
> So I''ve tried declaring a "file" resource for the
directory that the
> nagios_host files get deposited in and using "recurse" to set the
> permissions on all the files in the directory but I get an error in
> puppet saying I have a circular dependency, I''m assuming because
the
> "nagios_host" type explicitly sets permissions on the files.
It does not, so I don''t see why you''d get a cycle.  What does
the
cycle say?
>
> I''ve tried using "exec" but I need to make sure the exec
gets called
> after all the nagios_hosts are collected otherwise it''s pointless
but
> how do you tell the exec command to run after the collection?
Well, you could have each nagios instance require the exec, but that  
would be messy.
>
> I''ve tried setting a "before" parameter in the exported
@@nagios_host
> resource but puppet gave me an error when I tried to use the
"title"
> of the exec instead of the command.  I haven''t tired using the
exec
> command itself in the "before" parameter because it has switches,
i.e.
> "chmod 644 /etc/nagios3/hosts/*", and I thought it would cause
> problems with spaces and it looks messier as well.  I don''t mind
doing
> that, though, if it works.

Nah, if the relationship to the title doesn''t work, the relationship  
to the command won''t.

This is obviously something I just didn''t really think about when  
developing this stuff.  However, based on how Puppet works ATM, you  
should not have to worry about it beyond the first run.  If you set  
the perms correctly, then Puppet will retain them afterward.

Really, though, managing the perms with ''file'' statements
should work.

-- 
The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
> The issue is that I don''t know the exact names of all the
nagios_hosts
> ahead of time, so I can''t declare file resources explicitly, each
host
> has it''s own host file.
>
> So I''ve tried declaring a "file" resource for the
directory that the
> nagios_host files get deposited in and using "recurse" to set the
> permissions on all the files in the directory but I get an error in
> puppet saying I have a circular dependency, I''m assuming because
the
> "nagios_host" type explicitly sets permissions on the files.
or you could write a wrapper define which manages on one side the file  
and the nagios host entry.

like I have done it in the yum::repo wrapper:  
https://git.puppet.immerda.ch/?p=module-yum;a=blob;f=manifests/init.pp;h=0a5e892ddc8177dba194ad1b515be0bbb4302c2b;hb=HEAD

cheers pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi, a little late on the thread, but I just use a straight up file 
resource that serves out the hosts/ folder for my nagios root. All the 
files in the fileserver have the proper owner, group, and mode, so I 
don''t need to define those in the resource. I know it''s not
very puppety
to be serving out files, but when I took a look at the nagios types they 
looked pretty much the same as typing out the nagios config files.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

The situation is a little more complicated than just trying to do a
"recurse" on the directory to set the permissions.  In my config, I
create the directory where all the nagios_hosts are collected and I
then make that resource a requirement for all the exported
nagios_hosts.  So obviously I can''t have that directory as a resource
later on when I want to do a "recurse" on it to change the
permissions.

So in this case, what I did was back out one directory and try to
create a file resource based on the parent dir "/etc/nagios3" and then
use "recurse" on that to try to set the permissions.  And
that''s when
I get the circular dependency error.

Taking out the resource for the initial directory creation as well as
the dependency for each nagios_host means that I''ll have to create
that directory (and there are actually a couple of others too) by hand
every time I want to have nagios installed on a server, not really the
point of having puppet.

All this would be so much easier if I could just set either the
permissions or the ownership when the files are initially created.
Why are these files automatically owned by root and mode 600?  I don''t
know about other distros but in Ubuntu, it automatically breaks nagios
since nagios is run as the user nagios and can''t read the files.

Cheers,
Scott

On Jan 23, 7:15 am, Luke Kanies <l...@madstop.com>
wrote:
> On Jan 22, 2009, at 4:55 PM, Scott wrote:
>
> > The issue is that I don''t know the exact names of all the
nagios_hosts
> > ahead of time, so I can''t declare file resources explicitly,
each host
> > has it''s own host file.
>
> > So I''ve tried declaring a "file" resource for the
directory that the
> > nagios_host files get deposited in and using "recurse" to
set the
> > permissions on all the files in the directory but I get an error in
> > puppet saying I have a circular dependency, I''m assuming
because the
> > "nagios_host" type explicitly sets permissions on the files.
>
> It does not, so I don''t see why you''d get a cycle.  What
does the  
> cycle say?
>
>
>
> > I''ve tried using "exec" but I need to make sure the
exec gets called
> > after all the nagios_hosts are collected otherwise it''s
pointless but
> > how do you tell the exec command to run after the collection?
>
> Well, you could have each nagios instance require the exec, but that  
> would be messy.
>
>
>
> > I''ve tried setting a "before" parameter in the
exported @@nagios_host
> > resource but puppet gave me an error when I tried to use the
"title"
> > of the exec instead of the command.  I haven''t tired using
the exec
> > command itself in the "before" parameter because it has
switches, i.e.
> > "chmod 644 /etc/nagios3/hosts/*", and I thought it would
cause
> > problems with spaces and it looks messier as well.  I don''t
mind doing
> > that, though, if it works.
>
> Nah, if the relationship to the title doesn''t work, the
relationship  
> to the command won''t.
>
> This is obviously something I just didn''t really think about when
 
> developing this stuff.  However, based on how Puppet works ATM, you  
> should not have to worry about it beyond the first run.  If you set  
> the perms correctly, then Puppet will retain them afterward.
>
> Really, though, managing the perms with ''file'' statements
should work.
>
> --
> The reasonable man adapts himself to the world; the unreasonable one
> persists in trying to adapt the world to himself. Therefore all
> progress depends on the unreasonable man. -- George Bernard Shaw
> ---------------------------------------------------------------------
> Luke Kanies |http://reductivelabs.com|http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ok, so to make things simpler, how do I change owner and mode of
nagios_host, etc. files when they''re created?

Thanks,
Scott

On Jan 29, 2:01 pm, Scott <scott...@gmail.com>
wrote:
> The situation is a little more complicated than just trying to do a
> "recurse" on the directory to set the permissions.  In my config,
I
> create the directory where all the nagios_hosts are collected and I
> then make that resource a requirement for all the exported
> nagios_hosts.  So obviously I can''t have that directory as a
resource
> later on when I want to do a "recurse" on it to change the
> permissions.
>
> So in this case, what I did was back out one directory and try to
> create a file resource based on the parent dir "/etc/nagios3" and
then
> use "recurse" on that to try to set the permissions.  And
that''s when
> I get the circular dependency error.
>
> Taking out the resource for the initial directory creation as well as
> the dependency for each nagios_host means that I''ll have to create
> that directory (and there are actually a couple of others too) by hand
> every time I want to have nagios installed on a server, not really the
> point of having puppet.
>
> All this would be so much easier if I could just set either the
> permissions or the ownership when the files are initially created.
> Why are these files automatically owned by root and mode 600?  I
don''t
> know about other distros but in Ubuntu, it automatically breaks nagios
> since nagios is run as the user nagios and can''t read the files.
>
> Cheers,
> Scott
>
> On Jan 23, 7:15 am, Luke Kanies <l...@madstop.com> wrote:
>
> > On Jan 22, 2009, at 4:55 PM, Scott wrote:
>
> > > The issue is that I don''t know the exact names of all
the nagios_hosts
> > > ahead of time, so I can''t declare file resources
explicitly, each host
> > > has it''s own host file.
>
> > > So I''ve tried declaring a "file" resource for
the directory that the
> > > nagios_host files get deposited in and using "recurse"
to set the
> > > permissions on all the files in the directory but I get an error
in
> > > puppet saying I have a circular dependency, I''m assuming
because the
> > > "nagios_host" type explicitly sets permissions on the
files.
>
> > It does not, so I don''t see why you''d get a cycle.
 What does the  
> > cycle say?
>
> > > I''ve tried using "exec" but I need to make
sure the exec gets called
> > > after all the nagios_hosts are collected otherwise it''s
pointless but
> > > how do you tell the exec command to run after the collection?
>
> > Well, you could have each nagios instance require the exec, but that  
> > would be messy.
>
> > > I''ve tried setting a "before" parameter in the
exported @@nagios_host
> > > resource but puppet gave me an error when I tried to use the
"title"
> > > of the exec instead of the command.  I haven''t tired
using the exec
> > > command itself in the "before" parameter because it has
switches, i.e.
> > > "chmod644/etc/nagios3/hosts/*", and I thought it would
cause
> > > problems with spaces and it looks messier as well.  I
don''t mind doing
> > > that, though, if it works.
>
> > Nah, if the relationship to the title doesn''t work, the
relationship  
> > to the command won''t.
>
> > This is obviously something I just didn''t really think about
when  
> > developing this stuff.  However, based on how Puppet works ATM, you  
> > should not have to worry about it beyond the first run.  If you set  
> > the perms correctly, then Puppet will retain them afterward.
>
> > Really, though, managing the perms with ''file''
statements should work.
>
> > --
> > The reasonable man adapts himself to the world; the unreasonable one
> > persists in trying to adapt the world to himself. Therefore all
> > progress depends on the unreasonable man. -- George Bernard Shaw
> > ---------------------------------------------------------------------
> > Luke Kanies |http://reductivelabs.com|http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---