Puppet users - Mar 2010 - How to manipulate contents of directory without affecting parent directory

Greetings,

I''m having a bit of a problem where file{} doesn''t support
globbing...

Say I have the following directory tree:
/foo  (mode: 0751)
/foo/bar1
/foo/baz1
/foo/random1
...
/foo/randomN

All subdirectories under ''/foo'' can be arbitrary names...

How I would like to be able to express this, which won''t work...
file { "/foo/*":  mode => 700; }

What comes close is:
file { "/foo": mode => 700, recurse => "true",
recurselimit => 1; }

The problem with that, is ''/foo'' is also set to mode 700, when
it
should remain mode 751...

What is the proper way to express the above in Puppet, in the absence
of globbing capabilities, when I want to make changes _only_ to the
files and/or directories contained _within_ the specified directory
while leaving the specified directory alone?

I feel like I''m missing something really obvious...  :(

Thanks!

--
Terra

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 3/31/10 5:37 PM, Terra wrote:
> Greetings,
>
> I''m having a bit of a problem where file{} doesn''t
support globbing...
>
> Say I have the following directory tree:
> /foo  (mode: 0751)
> /foo/bar1
> /foo/baz1
> /foo/random1
> ...
> /foo/randomN
>
> All subdirectories under ''/foo'' can be arbitrary names...
>
> How I would like to be able to express this, which won''t work...
> file { "/foo/*":  mode =>  700; }
>
> What comes close is:
> file { "/foo": mode =>  700, recurse =>  "true",
recurselimit =>  1; }
>
> The problem with that, is ''/foo'' is also set to mode 700,
when it
> should remain mode 751...
>
> What is the proper way to express the above in Puppet, in the absence
> of globbing capabilities, when I want to make changes _only_ to the
> files and/or directories contained _within_ the specified directory
> while leaving the specified directory alone?
>
> I feel like I''m missing something really obvious...  :(
You can use an exec and call chmod or find depending on whether you want 
a hard recurselimit or not:

exec { "find /foo -exec chmod 700 {} \;": }

or

exec { "find /foo -maxdepth 1 -exec chmod 700 {} \;": }

Brian

>
> Thanks!
>
> --
> Terra
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hello Brian,

On Mar 31, 3:24 pm, Brian Wingenroth <wingenr...@jhu.edu>
wrote:
> On 3/31/10 5:37 PM, Terra wrote:
>
>
>
> > Greetings,
>
> > I''m having a bit of a problem where file{} doesn''t
support globbing...
>
> > Say I have the following directory tree:
> > /foo  (mode: 0751)
> > /foo/bar1
> > /foo/baz1
> > /foo/random1
> > ...
> > /foo/randomN
>
> > All subdirectories under ''/foo'' can be arbitrary
names...
>
> > How I would like to be able to express this, which won''t
work...
> > file { "/foo/*":  mode =>  700; }
>
> > What comes close is:
> > file { "/foo": mode =>  700, recurse =>
 "true", recurselimit =>  1; }
>
> > The problem with that, is ''/foo'' is also set to mode
700, when it
> > should remain mode 751...
>
> > What is the proper way to express the above in Puppet, in the absence
> > of globbing capabilities, when I want to make changes _only_ to the
> > files and/or directories contained _within_ the specified directory
> > while leaving the specified directory alone?
>
> > I feel like I''m missing something really obvious...  :(
>
> You can use an exec and call chmod or find depending on whether you want
> a hard recurselimit or not:
>
> exec { "find /foo -exec chmod 700 {} \;": }
>
> or
>
> exec { "find /foo -maxdepth 1 -exec chmod 700 {} \;": }
>
I could go that route, but it seemed like the thermonuclear
option...  ;)

I was hoping that there was a way for Puppet to remember the
subdirectories and only chmod on new subdirectories that are not mode
700...

or if that is too complicated to support internally, then something
simple like:
If file{} had globbing ability, then
[pseudo]  file { "/foo/*": ... }
for item in /foo/*
  if item is not a directory: then continue
  if item mode != 700: then chmod 700 item

I guess I''m just a little hesitant to do this via a crafted
exec{"find"} type solution, because it is going to be fired off on
every puppet run regardless if it is needed or not...

It would appear that file{ recurselimit } emulates: find -maxdepth

Perhaps a new file{} parameter that emulates: find -mindepth
(recursemin)

So, something like this would work:
file { "/foo": mode => 700, recursemin => 1, recurselimit =>
1; }
if recursemin => 0, then include "/foo" and would be the default if
not specified

If ''recursemin'' was added, then for naming purposes,
''recursemax =recurselimit''

Thanks for the feedback Brian!

--
Terra

> Brian
>
>
>
> > Thanks!
>
> > --
> > Terra
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

> I was hoping that there was a way for Puppet to remember the
> subdirectories and only chmod on new subdirectories that are not mode
> 700...
>
> or if that is too complicated to support internally, then something
> simple like:
> If file{} had globbing ability, then
> [pseudo]  file { "/foo/*": ... }
> for item in /foo/*
>  if item is not a directory: then continue
>  if item mode != 700: then chmod 700 item
>

Thus the server doesn''t know what files the client has, so it
can''t
presently do that -- it couldn''t build the resource graph.

Exec in your usage may feel like the thermonuclear option, but you''re
using
it in a fairly limited way... be sure it''s executed with a require in
the
right
place in the dependency chain and it''s not too unreasonable IMHO, as
it''s
not a resource intensive command.

It''s there to fill in the gaps for things that are hard to model.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

> file { "/foo/*":  mode => 700; }
>
> What comes close is:
> file { "/foo": mode => 700, recurse => "true",
recurselimit => 1; }
I''m not sure if this will work (I''ve never tried to ignore the
top
level directory), but you can try:

file { "/foo": mode => 700, recurse => "true",
recurselimit => 1,
ignore => "/foo"; }

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hello John,

On Thu, Apr 1, 2010 at 5:16 AM, John Lyman <jlyman2@gmail.com>
wrote:
>> file { "/foo/*":  mode => 700; }
>>
>> What comes close is:
>> file { "/foo": mode => 700, recurse =>
"true", recurselimit => 1; }
>
> I''m not sure if this will work (I''ve never tried to
ignore the top
> level directory), but you can try:
>
> file { "/foo": mode => 700, recurse => "true",
recurselimit => 1,
> ignore => "/foo"; }
>
I tried that early on and it didn''t work, it still does a chmod 700
/foo /foo/*...  :(

However, using ''ignore'' like that would obliviate the need for
''recursemin'' as suggested earlier and would be
''obvious'' enough that
Puppet users could use it...

Thanks for the suggestion though!

--
Terra

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.