Puppet users - Sep 2009 - ensure => true not working for sshd

Hello,

I''m confused why puppet wont start a service I have configured.

In the module, which is definitely being run (everything else in it
works):

service { ssh:
   name => ''sshd'',
   ensure => true,
   enable => true
 }

As I understand the docs, the ensure => true should start sshd if it
is not running (or at least try to).  But when I turn off ssh on a
managed host, it''s not started by puppet.

[root@opstest-host-3 yum.repos.d]# service sshd stop
Stopping sshd:                                             [  OK  ]
[root@opstest-host-3 yum.repos.d]# !/etc
/etc/init.d/puppet once
[root@opstest-host-3 yum.repos.d]# !ta
tail -f /var/log/puppets.log
Sep 18 04:18:17 opstest-host-3 puppetd[13199]: Reopening log files
Sep 18 04:18:21 opstest-host-3 puppetd[13199]: Starting catalog run
Sep 18 04:18:32 opstest-host-3 puppetd[13199]: Finished catalog run in
10.93 seconds

Can anyone point me to what I''m doing wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Lavender wrote:
> Hello,
> 
> I''m confused why puppet wont start a service I have configured.
> 
> In the module, which is definitely being run (everything else in it
> works):
> 
> service { ssh:
>    name => ''sshd'',
>    ensure => true,
>    enable => true
>  }
> 
> As I understand the docs, the ensure => true should start sshd if it
> is not running (or at least try to).  But when I turn off ssh on a
> managed host, it''s not started by puppet.
> 
> [root@opstest-host-3 yum.repos.d]# service sshd stop
> Stopping sshd:                                             [  OK  ]
> [root@opstest-host-3 yum.repos.d]# !/etc
> /etc/init.d/puppet once
> [root@opstest-host-3 yum.repos.d]# !ta
> tail -f /var/log/puppets.log
> Sep 18 04:18:17 opstest-host-3 puppetd[13199]: Reopening log files
> Sep 18 04:18:21 opstest-host-3 puppetd[13199]: Starting catalog run
> Sep 18 04:18:32 opstest-host-3 puppetd[13199]: Finished catalog run in
> 10.93 seconds
> 
> Can anyone point me to what I''m doing wrong?
Depending on your /etc/init.d/ssh''s capabilities you either have to 
specify "hasstatus=>true" or provide a appropriate
"pattern=>".

See the TypeReference for details.


Regards, DavidS


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for your response.

I went through the type reference a little more closely.  I had
assumed that the provider => redhat (I am running rhel 5) would give
me service xyz start/status/stop/restart on everything, but I see now
that''s not the case.  Modules are being updated accordingly :)

However, even after updating this and informing puppet that sshd''s
init script has a status command, sshd is not behaving correctly.
Further investigation reveals this is actually a bug in the red hat
init script.  ''service sshd status'' simply uses pidof to
determine if
sshd is running, but sshd forks off existing ssh sessions, allowing
the daemon to be started/stopped/etc while people are still
connected.  pidof finds these and reports that sshd is running, and
puppet has no reason not to believe the init script.

I am off to figure out how to file bugs against RHEL5.  I suppose this
little gotcha is not a bad thing to have on the mailing list for
google to find in any case.

Thanks again for the help!

Ben

On Sep 18, 10:41 am, David Schmitt <da...@dasz.at>
wrote:
> Ben Lavender wrote:
> > Hello,
>
> > I''m confused why puppet wont start a service I have
configured.
>
> > In the module, which is definitely being run (everything else in it
> > works):
>
> > service { ssh:
> >    name => ''sshd'',
> >    ensure => true,
> >    enable => true
> >  }
>
> > As I understand the docs, the ensure => true should start sshd if
it
> > is not running (or at least try to).  But when I turn off ssh on a
> > managed host, it''s not started by puppet.
>
> > [root@opstest-host-3 yum.repos.d]# service sshd stop
> > Stopping sshd:                                             [  OK  ]
> > [root@opstest-host-3 yum.repos.d]# !/etc
> > /etc/init.d/puppet once
> > [root@opstest-host-3 yum.repos.d]# !ta
> > tail -f /var/log/puppets.log
> > Sep 18 04:18:17 opstest-host-3 puppetd[13199]: Reopening log files
> > Sep 18 04:18:21 opstest-host-3 puppetd[13199]: Starting catalog run
> > Sep 18 04:18:32 opstest-host-3 puppetd[13199]: Finished catalog run in
> > 10.93 seconds
>
> > Can anyone point me to what I''m doing wrong?
>
> Depending on your /etc/init.d/ssh''s capabilities you either have
to
> specify "hasstatus=>true" or provide a appropriate
"pattern=>".
>
> See the TypeReference for details.
>
> Regards, DavidS
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Lavender wrote:
> Thanks for your response.
> 
> I went through the type reference a little more closely.  I had
> assumed that the provider => redhat (I am running rhel 5) would give
> me service xyz start/status/stop/restart on everything, but I see now
> that''s not the case.  Modules are being updated accordingly :)
> 
> However, even after updating this and informing puppet that sshd''s
> init script has a status command, sshd is not behaving correctly.
> Further investigation reveals this is actually a bug in the red hat
> init script.  ''service sshd status'' simply uses pidof to
determine if
> sshd is running, but sshd forks off existing ssh sessions, allowing
> the daemon to be started/stopped/etc while people are still
> connected.  pidof finds these and reports that sshd is running, and
> puppet has no reason not to believe the init script.

That''s exactly the reason (I presume) why the redhat provider
doesn''t
set hasstatus.


Regards, DavidS

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 18/09/09 12:18, David Schmitt wrote:
> 
> Ben Lavender wrote:
>> Thanks for your response.
>>
>> I went through the type reference a little more closely.  I had
>> assumed that the provider => redhat (I am running rhel 5) would give
>> me service xyz start/status/stop/restart on everything, but I see now
>> that''s not the case.  Modules are being updated accordingly :)
>>
>> However, even after updating this and informing puppet that
sshd''s
>> init script has a status command, sshd is not behaving correctly.
>> Further investigation reveals this is actually a bug in the red hat
>> init script.  ''service sshd status'' simply uses pidof
to determine if
>> sshd is running, but sshd forks off existing ssh sessions, allowing
>> the daemon to be started/stopped/etc while people are still
>> connected.  pidof finds these and reports that sshd is running, and
>> puppet has no reason not to believe the init script.
> 
> 
> That''s exactly the reason (I presume) why the redhat provider
doesn''t
> set hasstatus.
I run sshd under runit and wanted to ensure that there was no sshd
daemon started from the standard init script.

I use this:

status     => "pgrep -f ''/usr/sbin/sshd'' -P 1"

ie. check for sshd running with parent pid = 1.

R.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

>> That''s exactly the reason (I presume) why the redhat provider
doesn''t
>> set hasstatus.
>
> I run sshd under runit and wanted to ensure that there was no sshd
> daemon started from the standard init script.
>
> I use this:
>
> status     => "pgrep -f ''/usr/sbin/sshd'' -P
1"
>
> ie. check for sshd running with parent pid = 1.
That''s a great workaround--I''ll be using it tomorrow!  Thanks.
> R.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---