Ask Your Question
2

puppet keeps trying to start ossec

asked 2013-08-21 08:55:18 -0500

rocket gravatar image

updated 2013-08-21 11:20:00 -0500

ramindk gravatar image

Hi,

I'm running puppet-server-2.7.6-2.

I created a manifest to manage ossec:

class ossec {
    file{"/var/ossec/etc/":
            ensure  => directory,
            owner   => root,
            group   => root,
            mode    => '0644',
    }
    file{"/var/ossec/etc/ossec.conf":
            ensure  => present,
            owner   => 'root',
            group   => 'root',
            mode    => '0644',
            content => template('ossec/ossec.conf.erb'),
            require => File["/var/ossec/etc"],
            notify  => Service["ossec"],
    }

    service{'ossec':
            ensure  => running,
            enable  => true,
    }
}

But then in my puppet dashboard, although ossec is already running. I noticed puppet keeps trying to start ossec service and I keep seeing this:

PropertyMessageensureensure changed 'stopped' to 'running'

Appreciate some comments why this is happening, and ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2013-08-21 11:27:29 -0500

llowder gravatar image

It looks like you haven't set status command, so it will be using the default method of checking status. This usually involves looking in the process table.

If the name of the service ossec doesn't match the exact process name, this could cause the service to appear to not be running, which would cause puppet to attempt to start it each time.

If you add status => 'some command to check status', to your service resource, you should be able to stop puppet from trying to start the service each run.

You can find more details in the docs ... (more)

edit flag offensive delete link more

Comments

Awesome! Thanks llowder. I just tested it and it worked. :-)

rocket gravatar imagerocket ( 2013-08-21 14:28:00 -0500 )edit
1

answered 2013-08-21 13:24:23 -0500

ramindk gravatar image

llowder doesn't have that quite correct. By default Puppet will look at the output of service $servicename status to determine if a service is up. If it is not, it'll attempt to restart it. If the init script does not support status you can set a status method or use the pattern parameter.

service { 'ossec':
  ensure    => running,
  enable    => true,
  hasstatus => false, # default is true as of Puppet 2.7
  pattern   => 'ossec-as-seen-in-ps', # default is service name if you don't specify
  #status   => '/usr/bin/ossectl --healthcheck', # some service have cli tools to check health
}
edit flag offensive delete link more

Comments

My answer was based on the docs for the referenced version of puppet - which states checking the process table. The default for no status has changed and is currently 'service <servicename>'

llowder gravatar imagellowder ( 2013-08-21 16:42:15 -0500 )edit

The docs you reference says that service uses hasstatus => true, by default to determine service status. The ps table is only queried when it's false. The code comment are ...(more)

ramindk gravatar imageramindk ( 2013-08-21 17:08:56 -0500 )edit

I hadn't looked at source, just the published docs. :| But, the fact still remains that explicitly setting status is the way around this.

llowder gravatar imagellowder ( 2013-08-21 17:23:07 -0500 )edit

That's not my problem with your answer, ". This usually involves looking in the process table." is incorrect. Puppet won't do that unless you tell it to.

ramindk gravatar imageramindk ( 2013-08-21 17:25:01 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-08-21 08:55:18 -0500

Seen: 321 times

Last updated: Aug 21 '13