Here's a short overview about the changes found in this release:

    * Cleanup __group: No getent gshadow in old Redhat, use groupmod -g
            (Matt Coddington)
    * Bugfix __package_yum: Missing cat
    * Bugfix __start_on_boot: Correctly use sed and quotes (Steven Armstrong)
    * Feature __file: Support for --state exists (Steven Armstrong)
    * Feature core: Make variable __manifest available to type manifests
    * Feature core: Correct parent dependency handling (Steven Armstrong)
    * Bugfix several types: Fix sed for FreeBSD (Istvan Beregszaszi)
    * New Type: __jail (Jake Guffey)
    * Change Type: __rvm*: --state present/absent not installed/remvoed (Evax Software)
    * Bugfix Type: __cron: Hide error output from crontab
    * Various smaller bugfixes (Chris Lamb)

For more information visit the cdist homepage.

Situation

We noticed that the nginx logfile is not being rotated on some freshly setup Centos 6.2 servers, which should have been triggered by logrotate running from cron. The used cron implementation is cronie together with anacron.

Background

I first suspected the setup being broken due permissions issues with cronie, which requires special permissions as found in the CAVEATS section of cron(8):

The crontab files have to be regular files or symlinks to regular files,
they must not be executable  or  writable  by anyone  else than the owner.
This requirement can be overridden by using the -p option on the crond command line.

We had this bug before, but this time it is different:

• The Logrotate cronjob is located at /etc/cron.daily/logrotate
• The cron.{daily, weekly, monthly} jobs are defined in /etc/anacrontab
• The anacron command interprets jobs in /etc/anacrontab
• Anacron is called from /etc/cron.hourly/0anacron
• /etc/cron.d/0hourly contains 01 * * * * root run-parts /etc/cron.hourly

Solution

In our situation /etc/cron.d/0hourly was missing, because we removed all files from /etc/cron.d/ and put only our own files in there. The simple fix is to ensure the contents of this directory are not removed anymore and to reinstall the cronie package to recreate the /etc/cron.d/0hourly file.

Introduction

For some time when you pressed button 1 on the Mac Book Air 4,2 under Linux/Xorg and moved the finger (classic select something on the screen behaviour), a button 3 (right click) even was emitted.

Current status

As reported on bugzilla, it seems Peter Hutterer merged the relevant fixes into the master tree, which were submitted by Chase Douglas in the patches 9210 until 9219 (9214 and 9215 seem to be the relevant ones)

I haven't tested it so far, but the commits around the merge look good!

Here's a short overview about the changes found in this release:

    * Cleanup documentation: Fix environment variable list to be properly 
            displayed (Giel van Schijndel)
    * Cleanup documentation: Some minor corrections
    * New Type: __package_opkg (Giel van Schijndel)
    * New Type: __package_pkg_freebsd (Jake Guffey)
    * New Type: __mysql_database (Benedikt Koeppel)
    * Feature __package: Support for OpenWRT (Giel van Schijndel)
    * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel)
    * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington)
    * New Example: Use rsync to backup files (Matt Coddington) 
    * Feature core: Exit non-zero, if configuration failed
    * Documentation: Describe how to do templating (Aurélien Bondis)

For more information visit the cdist homepage.

Introduction

For a long time I had a "secret list" of bugs that made me going crazy when using puppet. But as I get more often asked Why have you writen cdist and migrate away from puppet?, I'm publishing the list here, to give it a real home.

Early clearification, before rumors come up and bad blood created: This is not intented to be a bash puppet page, but a I don't need to re-explain why I moved away from puppet and have written cdist page.

Bugs

This is the initial short list, explanations may follow.

• Puppet parser order dependant, 2008, still open in 2012
• Cannot get return code of command, 2009
• Local puppet != remote, 2010, >= 2 years idle
• Service stopping broken in debian, 2010, >= 10 months idle
• ${var} does not work everywhere, 2010, >= 9 months idle
• "magic var" only in some scopes, 2010, rejected
• Mount/autorequire, 2010, >= 1 year idle
• Old bug marked as duplicate of a new one (see above)
• Parser bug
• SSL cert not submitted to a new puppetmaster, 2010, >= 1 year idle
• Reusing defines not possible, 2010, rejected
• Param a=$undef broken, 2010, fixed
• Templating broken, 2010, fixed
• Puppetd creates empty files, if it gets a 404, 2010, >= 11 months idle
• Fixed symptom, not source, rescheduling of import problem, see above
• "" (empty string) is not a valid resource reference, 2010, fixed
• Puppet changes the errror message on 2nd run, 2011, >= 1 year idle
• Fix error messages to be meaningful, 2011, >= 1 year idle
• In puppet, $name is not always what you expect
• Error "regexp buffer overflow" when backing up binary data
• Could not intern from pson: expected (with pseudo random values afterwards)

Contact

If you think there's something wrong here and want to discuss the listing, do not hesitate to discuss it on one of the cdist communication channels (irc, mailing list, mail).

Here's a short overview about the changes found in this release:

    * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C)
    * Cleanup: Better hint to source of error
    * Cleanup: Do not output failing script, but path to script only
    * Cleanup: Remove support for __debug variable in manifests (Type != Core
            debugging)
    * Cleanup: Change __package_* to support absent/present (default state
            name now). The values removed/installed will be removed in cdist 2.1.
    * Cleanup: Change __process to support absent/present (default state
            name now). The values running/stopped will be removed in cdist 2.1.
    * Feature Core: Support boolean parameters (Steven Armstrong)

For more information visit the cdist homepage.

Situation

I've tried to create a smart file definition for two files that belong into one directory using this code snippet:

file { ["check-disk-shell-net-snmp", "check_icinga_config.sh"]:
    ensure => present,
    path => "${check_base}/${name}",
    source => "puppet:///modules/icinga2/${name}",
    owner => icinga,
    group => icinga,
    mode => 775,
    require => File["${check_base}"];
}   

As described in the puppet documentation, the path is usually constructed by using namevar, which I interpret as "the variable named name".

The problem

What happens is actually something totally different (puppet --version: 2.7.5):

err: Failed to apply catalog: Cannot alias File[check-disk-shell-net-snmp] to
["/opt/local.ch/sys/icinga/checks/icinga2::serverchecks"] at
/etc/puppet/modules/icinga2/manifests/serverchecks.pp:25; resource
["File", "/opt/local.ch/sys/icinga/checks/icinga2::serverchecks"] already defined at
/etc/puppet/modules/icinga2/manifests/serverchecks.pp:25

The internal alias message is a bit confusing (I did not intentionally create an alias), but that puppet is using the classname instead of the name supplied to file is surprising.

Update: I've found the correct documentation part in the puppet language guide that describes the feature I was trying to use:

Most resources have an attribute (often called simply name) whose value 
will default to the title if you don’t specify it. (Internally, this is 
called the “namevar.”) For the file type, the path will default to the 
title. A resource’s namevar value almost always has to be unique. 
(The exec and notify types are the exceptions.)

The solution

Well, there are two solutions:

• rewrite to two file entries (simple, code redundancy, ugly)
• switch over to using cdist (more initial effort, biased author)

It is very good from time to time being remembered, which motivations I had when starting the cdist project. In this case, it had been:

• Supply understandable, good error messages to the user
• Do what the user expects
• Consistent behaviour

<spam> If you are interested, there is commercial support available for puppet to cdist migrations. </spam>

Here's a short overview about the changes found in this release:

    * Bugfix __file: Use chmod after chown/chgrp (Matt Coddington)
    * Bugfix __user: Correct shadow field in explorer (Matt Coddington)
    * Bugfix __link: Properly handle existing links (Steven Armstrong)
    * Bugfix __key_value: More robust implementation (Steven Armstrong)
    * Bugfix __user: Fix for changing a user's group by name (Matt Coddington)
    * New Type: __package_pip
    * Bugfix/Cleanup: Correctly allow Object ID to start and end with /, but
            not contain //.

For more information visit the cdist homepage.

Motivation

Some days ago I've replaced cronwrapper, a script to monitor output of cron scripts with the replacement cwrap in local.ch's puppet configuration.

If the script prints on stdout, cwrap does not raise an error by default, which cronwrapper did.

To notify every user of the change, I want to send an email to every ex-cronwrapper user.

Solution

The configuration is stored in a subversion repo, which I locally sync using git svn. Thus I can use git log -p to see all changes.

A typical line of interest looks like this:

-        command => '/usr/local/bin/cronwrapper.sh EMAIL@EXAMPLE.COM "[mob][low][dev03-sth][front] description" /usr/bin/php /some/script',

Thanks to git, grep, sed, awk, there is a pretty simple solution (not the most beautiful) to this problem. First of all, get all patches:

git log -p

Then find all removal entries of cronwrapper:

grep ^- | grep cronwrapper

But only those containing an e-mail address:

grep '@'

And filter out the e-mail address:

sed 's/.* \(.*@.*\)/\1/' | awk '{ print $1 }'

Replace all quotes and backslash quotes:

sed -e 's/\\"//g' -e 's/"//g' -e "s/'//g"

The problem now is that some e-mail adresses are indeed multiple e-mail adresses (abc@example.com;def@example.com) and some e-mail adresses are lower, some upper case.

Breaking up the concatenated addresses can be done use awk easily:

awk '{ gsub(";", "\n"); print $0 }'

Transforming all addresses to lower case can be done using the fine utility tr:

tr '[A-Z]' '[a-z]'

Filter out all duplicates:

sort | uniq

The result is a list of e-mail addresses. Making them usable for copy & paste into webmail of exchange needs another filter to convert \n to ;, but add one \n at the end:

awk 'ORS=";" { print $0 } END { ORS="\n"; print "" }' 

So in the end, the complete chanin looks like this:

git log -p | grep ^- | grep cronwrapper | \
grep '@' | sed 's/.* \(.*@.*\)/\1/' | awk '{ print $1 }' | \
sed -e 's/\\"//g' -e 's/"//g' -e "s/'//g" | \
tr '[A-Z]' '[a-z]' | \
awk '{ gsub(";", "\n"); print $0 }' | \
sort | uniq | \
awk 'ORS=";" { print $0 } END { ORS="\n"; print "" }'

For me, this is a nice demonstration of the power of shell, unix tools and filtering via pipes.

Motivation

Assume that you are managing a pretty large infrastructure of hosts, sometimes there is a need to execute a command on all of them.

The big question is, where to find out, which hosts exist.

Solution

The usual approach is to invent some kind of centralised daemon that collects or searches for available hosts. There is a way simpler solution available in my situation, which may help you as well: We do have a monitoring infrastructure, to which all hosts transmit their configuration. The configuration is stored containing the full hostname (like foo.bar.local.ch) plus the .cfg suffix.

Thus a script that can be used to execute something on all hosts (sequentially though) can look like this:

for host in $(ssh monitoring01 "cd /opt/icinga/etc/hosts.d; ls"); do
    host=${host%.cfg}
    ssh "root@$host" "$@"
done