Ask Your Question
1

upgrade to 3.7.1 causes Resource Collectors to realize everything

asked 2014-10-30 17:03:48 -0500

Fraz gravatar image

updated 2014-10-31 15:41:32 -0500

Our previous version of puppet was 3.6.0, and it worked as expected when we used resource collectors to realize users based on tags.

In Puppet 3.6.0 servers with the role role::app::psapp::bia would only create users that had tag == 'bia' , but in puppet 3.7.1 that same code attempts to realize all users, including those with other tags. This means that fsbib is created as well as fsbia. That was not the case in Puppet 3.6.0, where only fsbia would get created.

Am I doing something wrong?

== Here are the relevant code snippets ==

/etc/puppet/manifests/site.pp

/brpsappbia\d+/: { include role::app::psapp::bia }

/etc/puppet/modules/role/manifests/init.pp

class role::app::psapp::bia inherits role::base {
    include users::virtual
  Users::Virtual::Appuser <| tag == 'bia' |>
  include profile::psapp::base
}

/etc/puppet/modules/users/manifests/init.pp

define appuser ($uid,$gid,$groups=[],$homebase="/home",$realname="",$shell="/bin/bash",$pass="",$sshkey="",$type="",$at_enabled=false,$cron_enabled=false) { 
      if ( $pass != "" ) {
      user { $title:
              ensure     =>   "present",
              uid        =>   $uid,
              gid        =>   $gid,
              groups     =>   $groups,
              shell      =>   $shell,
              home       =>   "$homebase/$title",
              comment    =>   $realname,
              password   =>   $pass,
              managehome =>   true,
        }
      }
      else {
      user { $title:
              ensure     =>   "present",
              uid        =>   $uid,
              gid        =>   $gid,
              groups     =>   $groups,
              shell      =>   $shell,
              home       =>   "$homebase/$title",
              comment    =>   $realname,
              managehome =>   true,
        }
      }

      if ( $sshkey != "" ) {
       ssh_authorized_key { $title:
               ensure  =>      "present",
               type    =>      "$type",
               key     =>      "$sshkey",
               user    =>      "$title",
               require =>      User["$title"],
               name    =>      "$title",
       }
      }
      if ( $at_enabled ) {
        exec { "/bin/echo $title >> /etc/at.allow":
          unless => "/bin/grep -Fx $title /etc/at.allow",
        }
      }
      if ( $cron_enabled ) {
        exec { "/bin/echo $title >> /etc/cron.allow":
          unless => "/bin/grep -Fx $title /etc/cron.allow",
        }
      }
  }
@users::virtual::appuser { "fsbia":
      uid         =>      "973",
      gid         =>      "900",
      homebase    =>      ['/apps/psoft/pt851/fs'],
      tag         =>      ['bia','nfs'],
      require     =>      File['/apps/psoft/pt851/fs'],
}
@users::virtual::appuser { "fsbib":
      uid         =>      "977",
      gid         =>      "900",
      homebase    =>      ['/apps/psoft/pt851/fs'],
      tag         =>      ['bib','nfs'],
      require     =>      File['/apps/psoft/pt851/fs'],
 }
edit retag flag offensive close merge delete

Comments

Please check your formatting... Make sure everything is indented by 4 spaces; it'll make your request a lot more readable. sed -e 's/^/ /' mycomment.txt

cbarbour gravatar imagecbarbour ( 2014-10-30 18:31:26 -0500 )edit

OK, adjusted format - sorry about that.

Fraz gravatar imageFraz ( 2014-10-31 15:42:23 -0500 )edit

Awesome, thanks!

cbarbour gravatar imagecbarbour ( 2014-10-31 15:55:49 -0500 )edit

2 Answers

Sort by » oldest newest most voted
2

answered 2015-04-07 05:04:51 -0500

orangepeel gravatar image

Hello

I've hit the same issue. I think it is caused by the class that realizes the virtual resources having the same name (bia in your case) as the tag you are looking for so all resources it creates get that tag

Reading the Tags page ( https://docs.puppetlabs.com/puppet/la... ) this is to be expected Automatic Tagging

Every resource automatically receives the following tags:

  • Its resource type
  • List item
  • The full name of the class and/or defined type in which the resource was declared
  • Every namespace segment of the resource’s class and/or defined type

However why this causes all virtual resources to be realised I do not know.

But I can confirm I see the behaviour you see and that changing the tag name so it does not match the realizing class fixes the behaviour

I don't like this solution though as I liked having the tow things match. I have tags on users like 'globaladmin' and I realize them in usergroups::globaladmin and I then apply that class to nodes in hiera. I'll have to either change the tag or the classname so they don't match which breaks the whole point

I think this is a bug / bad feature

Neil

edit flag offensive delete link more

Comments

You hit the nail on the head. The class `role::app::psapp::bia` includes `users::virtual.` All the virtual users get the tags role, app, psapp, bia, role::app::psapp::bia, users, virtual, etc. etc. etc. The tag needs to not be any segment of the declaring class. See the compiled catalog for the list

cbarbour gravatar imagecbarbour ( 2015-04-29 00:07:20 -0500 )edit
0

answered 2014-10-31 16:06:24 -0500

cbarbour gravatar image

updated 2015-04-29 00:11:44 -0500

orangepeel's answer is correct. The reason all your resources are being declared is because 'bia' appears in the name of a class involved in declaring your virtual users. Thus, every user gets the tag 'bia.' Good catch orangepeel!

You can check the compiled catalog to see what tags each user defined type actually has. You might be surprised.

Be aware that you can realize virtual resources using any property of the resource. So, instead of using Users::Virtual::Appuser <| tag == 'bia' |> you can use Users::Virtual::Appuser <| gid == '900' |> or invent a property for this purpose, such as Users::Virtual::Appuser <| org == 'bia' |>

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-10-30 17:03:48 -0500

Seen: 184 times

Last updated: Apr 29 '15