From 8478e8613ded138b5d68b122cb82f5418a199764 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 11 Jul 2013 10:04:21 -0700 Subject: changes to support restrictive permissions for /etc/leap. this is required to work with the latest leap_cli. --- puppet/modules/try/manifests/file.pp | 38 +++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) (limited to 'puppet/modules/try') diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index 47a8c269..7063ded9 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -1,23 +1,47 @@ # -# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined. +# Works like the built-in type "file", but gets gracefully ignored if the target/source does not exist or is undefined. +# +# Also, if the source or target doesn't exist, and the destination is a git repo, then the file is restored from git. # # /bin/true and /usr/bin/test are hardcoded to their paths in debian. # - +# known limitations: +# * restore does not work for directories +# define try::file ( $ensure = undef, $target = undef, + $source = undef, + $owner = undef, + $group = undef, + $recurse = undef, + $purge = undef, + $force = undef, + $mode = undef, $restore = true) { - if $target != undef { + if $target { + $target_or_source = $target + } else { + $target_or_source = $source + } + + if $target_or_source != undef { exec { "check_${name}": command => "/bin/true", - onlyif => "/usr/bin/test -e '${target}'", + onlyif => "/usr/bin/test -e '${target_or_source}'", loglevel => info; } file { "$name": ensure => $ensure, target => $target, + source => $source, + owner => $owner, + group => $group, + recurse => $recurse, + purge => $purge, + force => $force, + mode => $mode, require => $require ? { undef => Exec["check_${name}"], default => [ $require, Exec["check_${name}"] ] @@ -27,10 +51,10 @@ define try::file ( } # - # if the target does not exist (or is undef), and the file happens to be in a git repo, + # if the target/source does not exist (or is undef), and the file happens to be in a git repo, # then restore the file to its original state. # - if $target == undef or $restore { + if ($target_or_source == undef) or $restore { $file_basename = basename($name) $file_dirname = dirname($name) $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true" @@ -48,7 +72,7 @@ define try::file ( } } else { exec { "restore_${name}": - unless => "/usr/bin/test -e '${target}'", + unless => "/usr/bin/test -e '${target_or_source}'", command => $command, cwd => $file_dirname, require => $require ? { -- cgit v1.2.3 From e52f2191b616f77ffaf94152f3241ea017c296e3 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 15 Jul 2013 07:16:35 -0700 Subject: an entirely different implementation of try::file, using all execs. the built in file resource of puppet can't be used for what we want, because if you specify $source, it always bombs out if it doesn't exist, regardless of dependencies. --- puppet/modules/try/manifests/file.pp | 92 +++++++++++++++++++++++------------- 1 file changed, 58 insertions(+), 34 deletions(-) (limited to 'puppet/modules/try') diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index 7063ded9..d21925c0 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -6,7 +6,10 @@ # /bin/true and /usr/bin/test are hardcoded to their paths in debian. # # known limitations: -# * restore does not work for directories +# * this is far too noisy +# * $restore does not work for directories +# * only file:// $source is supported +# * $content is not supported, only $target or $source. # define try::file ( $ensure = undef, @@ -20,33 +23,55 @@ define try::file ( $mode = undef, $restore = true) { - if $target { - $target_or_source = $target - } else { - $target_or_source = $source + # dummy exec to propagate requires: + # metaparameter 'require' will get triggered by this dummy exec + # so then we just need to depend on this to capture all requires. + # exec { $name: command => "/bin/true" } + + exec { + "chmod_${name}": + command => "chmod -R ${mode} '${name}'", + onlyif => "/usr/bin/test $mode", + loglevel => debug; + "chown_${name}": + command => "chown -R ${owner} '${name}'", + onlyif => "/usr/bin/test $owner", + loglevel => debug; + "chgrp_${name}": + command => "chgrp -R ${group} '${name}'", + onlyif => "/usr/bin/test $group", + loglevel => debug; } - if $target_or_source != undef { - exec { "check_${name}": - command => "/bin/true", - onlyif => "/usr/bin/test -e '${target_or_source}'", - loglevel => info; + if $target { + exec { "symlink_${name}": + command => "ln -s ${target} ${name}", + onlyif => "/usr/bin/test -d '${target}'", } - file { "$name": - ensure => $ensure, - target => $target, - source => $source, - owner => $owner, - group => $group, - recurse => $recurse, - purge => $purge, - force => $force, - mode => $mode, - require => $require ? { - undef => Exec["check_${name}"], - default => [ $require, Exec["check_${name}"] ] - }, - loglevel => info; + } elsif $source { + if $ensure == "directory" { + if $purge { + exec { "rsync_${name}": + command => "rsync -r --delete '${source}/' '${name}'", + onlyif => "/usr/bin/test -d '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } + } else { + exec { "cp_r_${name}": + command => "cp -r '${source}' '${name}'", + onlyif => "/usr/bin/test -d '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } + } + } else { + exec { "cp_${name}": + command => "cp '${source}' '${name}'", + onlyif => "/usr/bin/test -e '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } } } @@ -54,20 +79,23 @@ define try::file ( # if the target/source does not exist (or is undef), and the file happens to be in a git repo, # then restore the file to its original state. # + + if $target { + $target_or_source = $target + } else { + $target_or_source = $source + } + if ($target_or_source == undef) or $restore { $file_basename = basename($name) $file_dirname = dirname($name) $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true" debug($command) - if $target == undef { + if $target_or_source == undef { exec { "restore_${name}": command => $command, cwd => $file_dirname, - require => $require ? { - undef => undef, - default => [ $require ] - }, loglevel => info; } } else { @@ -75,10 +103,6 @@ define try::file ( unless => "/usr/bin/test -e '${target_or_source}'", command => $command, cwd => $file_dirname, - require => $require ? { - undef => undef, - default => [ $require ] - }, loglevel => info; } } -- cgit v1.2.3 From 3a12f829316b7ccaf353158ea58d27d6fd400065 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 19 Jul 2013 01:55:47 -0700 Subject: try::file - absolute exec paths. --- puppet/modules/try/manifests/file.pp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'puppet/modules/try') diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index d21925c0..4cefef2f 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -3,7 +3,7 @@ # # Also, if the source or target doesn't exist, and the destination is a git repo, then the file is restored from git. # -# /bin/true and /usr/bin/test are hardcoded to their paths in debian. +# All executable paths are hardcoded to their paths in debian. # # known limitations: # * this is far too noisy @@ -30,36 +30,36 @@ define try::file ( exec { "chmod_${name}": - command => "chmod -R ${mode} '${name}'", + command => "/bin/chmod -R ${mode} '${name}'", onlyif => "/usr/bin/test $mode", loglevel => debug; "chown_${name}": - command => "chown -R ${owner} '${name}'", + command => "/bin/chown -R ${owner} '${name}'", onlyif => "/usr/bin/test $owner", loglevel => debug; "chgrp_${name}": - command => "chgrp -R ${group} '${name}'", + command => "/bin/chgrp -R ${group} '${name}'", onlyif => "/usr/bin/test $group", loglevel => debug; } if $target { exec { "symlink_${name}": - command => "ln -s ${target} ${name}", + command => "/bin/ln -s ${target} ${name}", onlyif => "/usr/bin/test -d '${target}'", } } elsif $source { - if $ensure == "directory" { + if $ensure == 'directory' { if $purge { exec { "rsync_${name}": - command => "rsync -r --delete '${source}/' '${name}'", + command => "/usr/bin/rsync -r --delete '${source}/' '${name}'", onlyif => "/usr/bin/test -d '${source}'", unless => "/usr/bin/diff -q '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] } } else { exec { "cp_r_${name}": - command => "cp -r '${source}' '${name}'", + command => "/bin/cp -r '${source}' '${name}'", onlyif => "/usr/bin/test -d '${source}'", unless => "/usr/bin/diff -q '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] @@ -67,7 +67,7 @@ define try::file ( } } else { exec { "cp_${name}": - command => "cp '${source}' '${name}'", + command => "/bin/cp '${source}' '${name}'", onlyif => "/usr/bin/test -e '${source}'", unless => "/usr/bin/diff -q '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] -- cgit v1.2.3 From 9ac4380bc1c6c4c88392c371cd3f4b306c3879d9 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 29 Jul 2013 17:12:28 -0700 Subject: try::file bugfixes -- add refreshonly to chmod/chown, ensure old file is replaced even if it is a link --- puppet/modules/try/manifests/file.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'puppet/modules/try') diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index 4cefef2f..56a7c997 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -10,6 +10,7 @@ # * $restore does not work for directories # * only file:// $source is supported # * $content is not supported, only $target or $source. +# * does not auto-require all the parent directories like 'file' does # define try::file ( $ensure = undef, @@ -32,14 +33,17 @@ define try::file ( "chmod_${name}": command => "/bin/chmod -R ${mode} '${name}'", onlyif => "/usr/bin/test $mode", + refreshonly => true, loglevel => debug; "chown_${name}": command => "/bin/chown -R ${owner} '${name}'", onlyif => "/usr/bin/test $owner", + refreshonly => true, loglevel => debug; "chgrp_${name}": command => "/bin/chgrp -R ${group} '${name}'", onlyif => "/usr/bin/test $group", + refreshonly => true, loglevel => debug; } @@ -67,9 +71,9 @@ define try::file ( } } else { exec { "cp_${name}": - command => "/bin/cp '${source}' '${name}'", + command => "/bin/cp --remove-destination '${source}' '${name}'", onlyif => "/usr/bin/test -e '${source}'", - unless => "/usr/bin/diff -q '${source}' '${name}'", + unless => "/usr/bin/test ! -h '${name}' && /usr/bin/diff -q '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] } } -- cgit v1.2.3 From e86f20b2435ec251c6373baf4c2ee36d5f26b83e Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 25 Nov 2013 01:20:52 -0800 Subject: fixed `diff` bug with try::file and directories --- puppet/modules/try/manifests/file.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/try') diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index 56a7c997..cd1bb035 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -58,14 +58,14 @@ define try::file ( exec { "rsync_${name}": command => "/usr/bin/rsync -r --delete '${source}/' '${name}'", onlyif => "/usr/bin/test -d '${source}'", - unless => "/usr/bin/diff -q '${source}' '${name}'", + unless => "/usr/bin/diff -rq '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] } } else { exec { "cp_r_${name}": command => "/bin/cp -r '${source}' '${name}'", onlyif => "/usr/bin/test -d '${source}'", - unless => "/usr/bin/diff -q '${source}' '${name}'", + unless => "/usr/bin/diff -rq '${source}' '${name}'", notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] } } -- cgit v1.2.3