Trying to set up a puppet module that runs through most of my samba/
domain joining steps. I have an exec statement where I run my "net
ads join -U <administrator>%<password>" command. I would like
to
include an additional test statement where the command runs only if it
hasn''t already been joined to the domain yet; however, I cannot figure
out how to syntactically use the test command so it works. The exec I
was trying to use looks like:
exec {
path => "/usr/bin",
onlyif => ''test `net ads testjoin 2>&1 | grep Join | sed
-e \''s/
*Join is OK*/1/g\'' -ne 1''
command => ''net ads join -U
<administrator>%<password>
createcomputer="Samba"
}
The onlyif doesn''t work if the result of the testjoin returns
"Join is
OK", depending on the test syntax, it just runs or doesnt regardless.
There has to be a better way to do this... anyone with experience
setting this up that cares to share? Anyone try using the
"refreshonly" option somehow? Again, my goal here is just for the net
ads join to run when the server is NOT joined to the domain (which
should be rarely). Thanks
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>exec { > path => "/usr/bin", > onlyif => ''test `net ads testjoin 2>&1 | grep Join | sed -e \''s/ >*Join is OK*/1/g\'' -ne 1'' > command => ''net ads join -U <administrator>%<password> >createcomputer="Samba" >} > >The onlyif doesn''t work if the result of the testjoin returns "Join is >OK", depending on the test syntax, it just runs or doesnt regardless. >There has to be a better way to do this... anyone with experienceThat regex doesn''t look very nice. Are you sure running it from a regular shell produces what you want? What exactly is the net ads testjoin output look like? It would be much simpler to use: onlyif => "net ads testjoin 2>&1 | grep ''Join is OK''" Which will use the return code of grep. If your code is exactly as shown in this email you are also missing a ` in your only if test, and your command => is not closed either.>setting this up that cares to share? Anyone try using the >"refreshonly" option somehow? Again, my goal here is just for the net >ads join to run when the server is NOT joined to the domain (which >should be rarely). Thanks > >-- >You received this message because you are subscribed to the >Google Groups "Puppet Users" group. >To post to this group, send email to puppet-users@googlegroups.com. >To unsubscribe from this group, send email to >puppet-users+unsubscribe@googlegroups.com. >For more options, visit this group at >http://groups.google.com/group/puppet-users?hl=en. > >This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mar 5, 2012 3:36 PM, "Kinzel, David" <David.Kinzel@encana.com> wrote:> It would be much simpler to use: > > onlyif => "net ads testjoin 2>&1 | grep ''Join is OK''" > > Which will use the return code of grep.Idk the onlyif interface offhand but you probably want a -q on the grep to suppress output. So, grep -q ''Join is OK'' or fgrep -q ''Join is OK'' -Jeremy -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I''m not sure how much membership-specific code you have, but if
it''s
more than just this you may want a custom fact rather than using
unless/onlyif every time. We use QAS instead of Samba for domain
membership but the idea is the same:
--vas_status.rb--
require ''facter''
vastool = ''/opt/quest/bin/vastool''
if File.exists? vastool
`#{vastool} status`
if $?.success?
Facter.add("vas_status") do
setcode { "joined" }
end
else
Facter.add("vas_status") do
setcode { "unjoined" }
end
end
else
Facter.add("vas_status") do
setcode { "uninstalled" }
end
end
On 03/05/2012 12:35 PM, Kinzel, David wrote:>> exec {
>> path => "/usr/bin",
>> onlyif => ''test `net ads testjoin 2>&1 | grep
Join | sed -e \''s/
>> *Join is OK*/1/g\'' -ne 1''
>> command => ''net ads join -U
<administrator>%<password>
>> createcomputer="Samba"
>> }
>>
>> The onlyif doesn''t work if the result of the testjoin returns
"Join is
>> OK", depending on the test syntax, it just runs or doesnt
regardless.
>> There has to be a better way to do this... anyone with experience
>
> That regex doesn''t look very nice. Are you sure running it from a
regular shell produces what you want? What exactly is the net ads testjoin
output look like?
>
> It would be much simpler to use:
>
> onlyif => "net ads testjoin 2>&1 | grep ''Join is
OK''"
>
> Which will use the return code of grep.
>
> If your code is exactly as shown in this email you are also missing a ` in
your only if test, and your command => is not closed either.
>
>> setting this up that cares to share? Anyone try using the
>> "refreshonly" option somehow? Again, my goal here is just
for the net
>> ads join to run when the server is NOT joined to the domain (which
>> should be rarely). Thanks
>>
>> --
>> You received this message because you are subscribed to the
>> Google Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> This email communication and any files transmitted with it may contain
> confidential and or proprietary information and is provided for the use of
the
> intended recipient only. Any review, retransmission or dissemination of
this
> information by anyone other than the intended recipient is prohibited. If
you
> receive this email in error, please contact the sender and delete this
> communication and any copies immediately. Thank you.
>
> http://www.encana.com
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Mon, Mar 05, 2012 at 12:26:24PM -0800, Adam wrote:> Trying to set up a puppet module that runs through most of my samba/ > domain joining steps. I have an exec statement where I run my "net > ads join -U <administrator>%<password>" command. I would like to > include an additional test statement where the command runs only if it > hasn''t already been joined to the domain yet; however, I cannot figure > out how to syntactically use the test command so it works.-snip- I created a module that joins AD **unless** `verify_active_directory` returns good. It depends on 2 essential scripts: * verify_active_directory - has machine been joined? - is gssapi delegation enabled? * join_active_directory - join the domain - enable gssapi delegation I''ve posted the manifest and the templates for {verify,join}_active_directory at: https://gist.github.com/1982804 As written, the scripts also depend on... * `unldif`, which is at: https://github.com/jumanjiman/unldif * `wd`, which as at: https://github.com/jumanjiman/wd If you don''t want to install eiffelstudio in order to compilet `wd`, simply remove `wd` from {verify,join}_active_directory. `wd` is a watchdog that protects me from broken DNS lookups. `unldif.sed` is absolutely essential to the scripts as written. The scripts are somewhat commented, but please let me know if you have specific questions about the scripts (and by me, I mean the list). If necessary, I can probably find some time during the day to sanitize company info from the other files in the module and post the other files, too. But the gist should get you started. hth, -paul -- Paul Morgan <jumanjiman@gmail.com> RHCE, RHCDS, RHCVA, RHCSS, RHCA http://github.com/jumanjiman GPG Public Key ID: 0xf59e77c2 Fingerprint = 3248 D0C8 4B42 2F7C D92A AEA0 7D20 6D66 F59E 77C2 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks for all of the input. Yeah this code is part of a larger manifest, and no its not verbatim what I have written, but for the topic I figured it would get the jist of what I was trying to do across (and it seems to have done that). You know, I don''t know if I just tried the grep only... for some reason I thought I had to use test or something that would return 1 or 0. Creating a custom fact is something I haven''t done before, but I might give it a shot. We are a samba shop (I lost the QAS fight). I''ll take a look at those links, thanks for referencing them... will post what my solution ends up being. On Mar 5, 3:53 pm, Jeremy Baron <jer...@tuxmachine.com> wrote:> On Mar 5, 2012 3:36 PM, "Kinzel, David" <David.Kin...@encana.com> wrote: > > > It would be much simpler to use: > > > onlyif => "net ads testjoin 2>&1 | grep ''Join is OK''" > > > Which will use the return code of grep. > > Idk the onlyif interface offhand but you probably want a -q on the grep to > suppress output. So, > > grep -q ''Join is OK'' > or > fgrep -q ''Join is OK'' > > -Jeremy-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.