Ask Your Question
0

puppet resource service and apparmor

asked 2016-07-06 08:20:48 -0600

spic gravatar image

updated 2016-07-06 18:33:18 -0600

lupin gravatar image

Hi there, i am new here and did not find any search form to first check whether this question have already been asked/solved. Very sorry if i missed something.

Here is my questions. Working on Ubuntu LTS 16.04 with puppet 3.8.5 I am trying to manage apparmor profiles with puppet. Therefore in my manifest i added the following line (in order to restart the apparmor service whenever the apache profile is modified (not sure yet it is i good idea) :

  file { '/etc/apparmor.d/usr.sbin.apache2':
        owner => root,
        group => root,
        mode => 644,
        ensure => 'file',
        source => 'puppet:///files/apparmor_profile_apache',
  }

  File['/etc/apparmor.d/usr.sbin.apache2'] ~> Service['apparmor']

When running the agent i know get this error message :

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find resource 'Service[apparmor]' for relationship from 'File[/etc/apparmor.d/usr.sbin.apache2]' on node xxxxxxxxxxxxxxxxxxx

while puppet seems to effectively know the apparmor service :

root@xxxxxxxxxxxxxx:/etc/apparmor.d# puppet resource service apparmor
service { 'apparmor':
ensure => 'running',
enable => 'true',
}

Any clue will be welcomed. Thanks a lot. With Regards

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2016-07-27 09:55:48 -0600

spic gravatar image

updated 2016-07-27 09:57:08 -0600

Hello. First of all please accept my apologizes for the delay...it was vacations time. You are right, after adding :

service { 'apparmor': ensure => 'runing', enable => true, }

the agent do not complain anymore. Thanks a lot for your input.

edit flag offensive delete link more
0

answered 2016-07-06 18:36:57 -0600

lupin gravatar image

Did you define a service resource for apparmor in your class manifest? You need something like.

 file { '/etc/apparmor.d/usr.sbin.apache2':
        owner => root,
        group => root,
        mode => 644,
        ensure => 'file',
        source => 'puppet:///files/apparmor_profile_apache',
  } ~>
 service { 'apparmor':
    ensure => 'runing',
   enable => true,
 }
edit flag offensive delete link more

Comments

I was going to post the same thing. Service['apparmor'] refers to a separate service resource declared somewhere in your catalog. in the above answer, you are actually managing the resource and notifying it. I don't believe you can notify a service resource you are not managing.

DarylW gravatar imageDarylW ( 2016-07-27 16:07:39 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-07-06 08:19:12 -0600

Seen: 108 times

Last updated: Jul 27 '16