Hi all, Does anyone have an all-in-one-run work around for this issue: http://projects.puppetlabs.com/issues/791 Where Puppet / Ruby / libc is not rereading the naming service settings if Puppet itself changes them. I''ve got a situation where we set up LDAP but can''t create some files as an LDAP user in the same run. Hacky answers are welcome - my objective is to as close to a single pass as possible, I really don''t want to have to wait for another scheduled run. Thanks, -Luke -- Luke Bigum Information Systems Ph: +44 (0) 20 3192 2520 luke.bigum@lmax.com | http://www.lmax.com LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved. The information in this email is not directed at residents of the United States of America or any other jurisdiction where trading in CFDs and/or FX is restricted or prohibited by local laws or regulations. The information in this email and any attachment is confidential and is intended only for the named recipient(s). The email may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not the intended recipient please notify the sender immediately and delete any copies of this message. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. LMAX operates a multilateral trading facility. Authorised and regulated by the Financial Services Authority (firm registration number 509778) and is registered in England and Wales (number 06505809). Our registered address is Yellow Building, 1A Nicholas Road, London, W11 4AN. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
inline On Mon, May 28, 2012 at 05:17:25PM +0100, Luke Bigum wrote:> Hi all, > > Does anyone have an all-in-one-run work around for this issue: > > http://projects.puppetlabs.com/issues/791 > > Where Puppet / Ruby / libc is not rereading the naming service > settings if Puppet itself changes them. I''ve got a situation where > we set up LDAP but can''t create some files as an LDAP user in the > same run.I do this successfully by using the numeric uid/gid, avoiding all lookup issues. But for my own files on this system my username and uid have never changed and will never change.> Hacky answers are welcome - my objective is to as close to a single > pass as possible, I really don''t want to have to wait for another > scheduled run.This is pretty repellent, but occasionally in our industry grime seems to be used as an all-purpose adhesive: 1) config naming service (ldap etc.) 2) exec to touch a file and restart puppet exec depends on the final naming service config resource exec creates the touched file 3) file creation depends on the exec resource so if the file exists puppet has restarted and ldap is configured You will want to separate things by stages or dependencies so that most useful configuration is done by the time puppet restarts. Nothing more embarrassing than puppetizing your own failure-by-pam-misconfiguration.> Thanks, > > -Luke > > -- > Luke Bigum > > Information Systems > Ph: +44 (0) 20 3192 2520 > luke.bigum@lmax.com | http://www.lmax.com > LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN > > > FX and CFDs are leveraged products that can result in losses exceeding > your deposit. They are not suitable for everyone so please ensure you > fully understand the risks involved. The information in this email is not > directed at residents of the United States of America or any other > jurisdiction where trading in CFDs and/or FX is restricted or prohibited > by local laws or regulations. > > The information in this email and any attachment is confidential and is > intended only for the named recipient(s). The email may not be disclosed > or used by any person other than the addressee, nor may it be copied in > any way. If you are not the intended recipient please notify the sender > immediately and delete any copies of this message. Any unauthorised > copying, disclosure or distribution of the material in this e-mail is > strictly forbidden. > > LMAX operates a multilateral trading facility. Authorised and > regulated by the Financial Services Authority (firm registration > number 509778) and > is registered in England and Wales (number 06505809). Our registered > address is Yellow Building, 1A Nicholas Road, London, W11 > 4AN. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On May 28, 11:17 am, Luke Bigum <Luke.Bi...@lmax.com> wrote:> Hi all, > > Does anyone have an all-in-one-run work around for this issue: > > http://projects.puppetlabs.com/issues/791 > > Where Puppet / Ruby / libc is not rereading the naming service settings > if Puppet itself changes them. I''ve got a situation where we set up LDAP > but can''t create some files as an LDAP user in the same run.The bottom line is that any given process will read nsswitch.conf at most once. It is important to understand that if you are running the agent in daemon mode, because then *every* run between service start and service shutdown on any given node is performed by the same process (that reads nsswitch.conf at most once, even if one of the runs changes it). Therefore, if you are managing nsswitch.conf then you should probably run the Puppet agent periodically via cron instead of as a long- running daemon. Moreover, name-service lookups performed by the agent will never recognize changes to the name service configuration performed during the same run.> Hacky answers are welcome - my objective is to as close to a single pass > as possible, I really don''t want to have to wait for another scheduled run.If you run the agent from cron then you could conceivably simulate a multiple-stage Puppet run by making the command be something such as puppet agent --onetime --tag name_service && puppet agent --onetime John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.