Hi All,
When I try to run any sudo commands like the below
class test {
exec { "sudocmd" :
cwd => "/home/server/",
path => ["/usr/bin/","/usr/sbin/","/bin"],
command => "sudo apt-get update",
}
}
Im getting the following error
# puppetd --server prudhvi.example.com --test
info: Caching catalog for node1.example.com
info: Applying configuration version ''1274952926''
err: //test/Exec[sudocmd]/returns: change from notrun to 0 failed:
sudo apt-get update returned 1 instead of one of [0] at /etc/puppet/
manifests/site.pp:15
notice: Finished catalog run in 0.10 seconds
When i see # top
puppetd is being run by user puppet
Is that the problem.
Thanks in advance,
prudhvi
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Hi Prudhvi, though I''m a Puppet newbie I do think indeed that the puppetd usually is run as user root because most configuration changes do require root privileges. Was there any particular reason why you instead have your puppetd run as user puppet? Anyway, I would assume that in this case the user puppet requires a sudoers rule on that host that allows him to install packages system wide via apt (or any other packaging tool) At least I would think some entry like (as root execute "visudo") (please, note I am not familiar with debianish systems as we use redhattish ones, so my path assumption may be wrong) puppet ALL = NOPASSWD: /usr/sbin/apt-get or more specific puppet <hostname> = NOPASSWD: /usr/sbin/apt-get update You should probably check for prevalent sudoers rules of user puppet by e.g. # su puppet -c sudo\ -l On May 27, 11:37 am, prudhvi <prudh...@gmail.com> wrote:> Hi All, > > When I try to run any sudo commands like the below > > class test { > exec { "sudocmd" : > cwd => "/home/server/", > path => ["/usr/bin/","/usr/sbin/","/bin"], > command => "sudo apt-get update", > } > > } > > Im getting the following error > > # puppetd --server prudhvi.example.com --test > info: Caching catalog for node1.example.com > info: Applying configuration version ''1274952926'' > err: //test/Exec[sudocmd]/returns: change from notrun to 0 failed: > sudo apt-get update returned 1 instead of one of [0] at /etc/puppet/ > manifests/site.pp:15 > notice: Finished catalog run in 0.10 seconds > > When i see # top > puppetd is being run by user puppet > Is that the problem. > > Thanks in advance, > prudhvi-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On May 27, 1:49 pm, DWIM <ralph.gro...@itdz-berlin.de> wrote:> Hi Prudhvi, > > puppet <hostname> = NOPASSWD: /usr/sbin/apt-get update >Oops, think to have forgotten a glob wildcard here and it should rather read uppet <hostname> = NOPASSWD: /usr/sbin/apt-get update * But the first more unspecific rule I mentioned should accept any number of arguments anyway -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Shouldn''t you use?
class test {
exec { "sudocmd" :
cwd => "/home/server/",
path => ["/usr/bin/","/usr/sbin/","/
bin"],
command => "sudo apt-get update -y",
timeout => "-1"
}
}
--
Marley Bacelar
Project Fedora Ambassador
VCP, VSP. VTSP., ITILF, IBM 000-076, IBM 000-330, IBM 000-331
marleybacelar@gmail.com
2010/5/27 DWIM <ralph.grothe@itdz-berlin.de>
>
>
> On May 27, 1:49 pm, DWIM <ralph.gro...@itdz-berlin.de> wrote:
> > Hi Prudhvi,
> >
> > puppet <hostname> = NOPASSWD: /usr/sbin/apt-get update
> >
>
> Oops, think to have forgotten a glob wildcard here and it should
> rather read
>
> uppet <hostname> = NOPASSWD: /usr/sbin/apt-get update *
>
>
> But the first more unspecific rule I mentioned should accept any
> number of arguments anyway
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On May 27, 2010, at 5:00 AM, Marley Bacelar wrote:> Shouldn''t you use? > > class test { > exec { "sudocmd" : > cwd => "/home/server/", > path => ["/usr/bin/","/usr/sbin/","/ > bin"], > command => "sudo apt-get update -y", > timeout => "-1" > } > }I think the -y is only needed for upgrade dist-upgrade and other apt commands that change packages, but I''m not sure. I also recommend that you put in a timeout. Make it an hour or few if you want, but it''s usually a good idea to make it end eventually. Besides, update should finish really fast because it doesn''t even download packages. Also, as someone else said, you probably don''t need sudo because the puppet client is probably already running as root. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I face the same problem when trying the package type
class apache {
package { ["apache"] :
ensure => latest,
}
}
err: //apache/Package[apache]/ensure: change from purged to latest
failed: Could not update: Execution of ''/usr/bin/apt-get -q -y -o
DPkg::Options::=--force-confold install apache'' returned 100: E: Could
not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are
you root?
at /etc/puppet/manifests/site.pp:28
It asks me for root privileges..
Isnt there anyother way other than editing sudoers file on every
node???
and I also tried with timeout => "-1" in exec which resulted in the
same error.
thank you everyone,
bhaskar.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
You have two possible problems. It''s also possible that the directory was locked because something else was doing stuff with packages. This is rather unlikely though. The puppet client runs as the user you run it as. If you start it as a service, it runs as root. If you start is as an ordinary user, it runs as that user. What you need to do is run puppet as root when you manually start it. If this doesn''t help, it might be easier to ask for help on IRC or try to contact me through Gtalk. On May 27, 2010, at 10:30 PM, prudhvi wrote:> I face the same problem when trying the package type > > class apache { > package { ["apache"] : > ensure => latest, > } > } > > err: //apache/Package[apache]/ensure: change from purged to latest > failed: Could not update: Execution of ''/usr/bin/apt-get -q -y -o > DPkg::Options::=--force-confold install apache'' returned 100: E: Could > not open lock file /var/lib/dpkg/lock - open (13: Permission denied) > E: Unable to lock the administration directory (/var/lib/dpkg/), are > you root? > at /etc/puppet/manifests/site.pp:28 > > It asks me for root privileges.. > Isnt there anyother way other than editing sudoers file on every > node??? > > and I also tried with timeout => "-1" in exec which resulted in the > same error. > > thank you everyone, > bhaskar. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/28/2010 07:30 AM, prudhvi wrote:> I face the same problem when trying the package type > [...] > It asks me for root privileges..well I know 0 system-wide package management systems that don''t require root to change the system. but if you got apache installed what about services, what about configuration files etc.?> Isnt there anyother way other than editing sudoers file on every > node???how about running puppet as root? or why do you want to run puppet as a unpriviledged users but still change the system aka managing packages, services etc. system-wide?> and I also tried with timeout => "-1" in exec which resulted in the > same error.why should that fix it? what was your intention to use that? if the exec is applied as unpriviledged user it will fail the same way. cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv/WRwACgkQbwltcAfKi3+4ugCfR4Uq2tj+Y+MSepDvbHDenhPt Xx4An1/zqVYY2Q9fsoEtuh8XcBGDR5VD =MptV -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.