Ask Your Question
1

How can i Chown directories recursivley

asked 2015-02-12 08:04:15 -0500

rupeshr gravatar image

I have to see that /usr/share/jbossas and all the files and directories under it are jboss:jboss all the time below is the Linux command I use.

chown -R jboss:jboss /us/share/jbossas

We have puppet installed in environment with 1500 servers.

edit retag flag offensive close merge delete

4 Answers

Sort by ยป oldest newest most voted
2

answered 2015-02-12 11:39:36 -0500

tsheriffk gravatar image

updated 2015-02-13 09:10:13 -0500

I am by far not an expert, but maybe this will help..

exec { 'jboss chown':
     command  => "/bin/chown -R jboss:jboss /usr/share/jbossas",
     require  => File['/usr/share/jbossas'],
     unless   => '/bin/ls -ld /usr/share/jbossas | /bin/grep "jboss jboss"',
}

You will need to have something that you can match against, so that it doesn't always run, hence the "unless".. this is not a very elegant "unless", and you would need to provide something that would be valid. You also need to have declared the /usr/share/jbossas resource in your manifest

You might also consider using the the recurse attribute ( https://docs.puppetlabs.com/references/latest/type.html#file ) however in my experience, it took a lot longer for the manifest to apply using the recurse from puppet, as opposed to using the chown. But in the event that you aren't able to come up with something to use as a check for your exec (ie the "unless"), i dont know that the performing an exec would be an option. From the looks of it, you would probably need to use recurse, as you dont have a specific file/directory to check to see if it was jboss:jboss..

file { '/usr/share/jbossas' :
    ensure    => directory,
    owner     => 'jboss',
    group      => 'jboss',
    require     => [ User['jboss'], Group['jboss'], ],
    recurse    => true,

}

so something like to snippet above might be the direction you would need to go (obviously you need to have defined the group and user for the above snip to work.

It goes without saying, that if you are going to run this against 1500 servers, you will want to test test test test before you implement anything..

EDIT: Based on your comment, If you know that the files that are incorrectly owned will be owned by root, and you are OK with the overhead of scanning the directory every run, you could do the following

exec { 'jboss chown':
     command  => "/bin/chown -R jboss:jboss /usr/share/jbossas",
     require  => File['/usr/share/jbossas'],
     onlyif   => '/bin/ls -lhR /usr/share/jbossas/ | /bin/grep -i root',
}

Which means that only if the return value for the command returns a value of 1 will it execute.. again, this might not be a good solution as there may be lots of files to evaluate every run, as well as if there are files that are owned by something other than root wont trigger a run.

edit flag offensive delete link more

Comments

Bonus reason for using `exec` over `file` resource: the `refreshonly` metaparameter can be used to chain this behind known changes to the directory so you don't have to chown the dir constantly.

7yl4r gravatar image7yl4r ( 2017-07-24 15:42:29 -0500 )edit
0

answered 2015-02-12 12:19:04 -0500

rupeshr gravatar image

can we have this check and if the output is greater than o then execute it

checkusr=ls -lhR /usr/share/jbossas/ | grep -i root | wc -l [root@ jbossas]# echo $checkusr 1 Can we have a loop to check if checkusr is greater than 1 then ony perform the 'jboss chown'

edit flag offensive delete link more

Comments

In theory, I think that would work... but the depending on the number of files in the directory, that might be a lot of overhead to scan the entire directory every 30 min, on 1500 systems. You wouldnt want to loop, only add that cmd as the limiter in the exec command (see edited solution above)

tsheriffk gravatar imagetsheriffk ( 2015-02-13 09:04:35 -0500 )edit
0

answered 2015-02-16 07:28:20 -0500

rnelson0 gravatar image

Execs can have a very high overhead. Adding this to a manifest may have a negative effect on the speed of your runs and that can cascade over 1500 nodes. It may be better to look for a cron job.

cron {'chown_jbossas':
  ensure  => present,
  command => '/bin/chown -R jboss:jboss /usr/share/jbossas'
  minute  => 0,
  user    => 'root',
}

You could set the hour/minute/etc to the correct specificity. and the burden is now on your nodes rather than on the master. Of course, Puppet will still enforce the cron job being present.

edit flag offensive delete link more
0

answered 2015-10-30 09:19:09 -0500

raghon gravatar image

Had a peak at the previous posts, and believe that at find -exec is a bit faster:

exec {'seafile_chown':
   command => '/usr/bin/find /opt/seafile ! -user seafile -exec /bin/chown seafile:seafile {} \;'
}

I just skip the onlyif, as I'm doing the find anyway.

Best regards Ragnar Hongset @raghon Consulting www.raghon.no

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-02-12 08:04:15 -0500

Seen: 8,736 times

Last updated: Oct 30 '15