From 45dfa6984cb185afc85c183152fbc6c2837e1345 Mon Sep 17 00:00:00 2001 From: Peter Meier Date: Thu, 23 Jun 2011 11:05:43 +0200 Subject: don't use a hardcoded concatdir Get the concat base directory from a fact -> makes it useable if Puppet's :vardir is not /var/lib/puppet/. This fixes problems with PE and makes the module also useable for puppet runs as unpriviledged user. --- lib/facter/concat_basedir.rb | 5 +++++ manifests/setup.pp | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 lib/facter/concat_basedir.rb diff --git a/lib/facter/concat_basedir.rb b/lib/facter/concat_basedir.rb new file mode 100644 index 0000000..02e9c5b --- /dev/null +++ b/lib/facter/concat_basedir.rb @@ -0,0 +1,5 @@ +Facter.add("concat_basedir") do + setcode do + File.join(Puppet[:vardir],"concat") + end +end diff --git a/manifests/setup.pp b/manifests/setup.pp index fa8c7eb..5b3ad26 100644 --- a/manifests/setup.pp +++ b/manifests/setup.pp @@ -14,7 +14,7 @@ # It also copies out the concatfragments.sh file to /usr/local/bin class concat::setup { $root_group = 0 - $concatdir = "/var/lib/puppet/concat" + $concatdir = $concat_basedir $majorversion = regsubst($puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1') file{"/usr/local/bin/concatfragments.sh": -- cgit v1.2.3 From b9e33c4e6b42c9e35e0db6c1494dafc4a4c5f07e Mon Sep 17 00:00:00 2001 From: Peter Meier Date: Thu, 23 Jun 2011 13:37:03 +0200 Subject: finish work for unpriviledged user To be able to use the module as an unprivileged user we need to adjust certain things: * only enforce the run user and group if we are root and can actually change the user * set owner/group of our files and directories to our own user/group * place the concat script in a location we can write -> use the concat dir for that. --- manifests/fragment.pp | 2 +- manifests/init.pp | 24 ++++++++++++++---------- manifests/setup.pp | 13 ++++++++----- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/manifests/fragment.pp b/manifests/fragment.pp index 7afc4c0..1fb4128 100644 --- a/manifests/fragment.pp +++ b/manifests/fragment.pp @@ -13,7 +13,7 @@ # - group Owner of the file # - backup Controls the filebucketing behavior of the final file and # see File type reference for its use. Defaults to 'puppet' -define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = root, $group = $concat::setup::root_group, $backup = "puppet") { +define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = $id, $group = $concat::setup::root_group, $backup = "puppet") { $safe_name = regsubst($name, '/', '_', 'G') $safe_target_name = regsubst($target, '/', '_', 'G') $concatdir = $concat::setup::concatdir diff --git a/manifests/init.pp b/manifests/init.pp index 3a17346..19d91a1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,9 +44,9 @@ # # DETAIL: # We use a helper shell script called concatfragments.sh that gets placed -# in /usr/local/bin to do the concatenation. While this might seem more -# complex than some of the one-liner alternatives you might find on the net -# we do a lot of error checking and safety checks in the script to avoid +# in /concat/bin to do the concatenation. While this might +# seem more complex than some of the one-liner alternatives you might find on +# the net we do a lot of error checking and safety checks in the script to avoid # problems that might be caused by complex escaping errors etc. # # LICENSE: @@ -87,7 +87,7 @@ # ALIASES: # - The exec can notified using Exec["concat_/path/to/file"] or Exec["concat_/path/to/directory"] # - The final file can be referened as File["/path/to/file"] or File["concat_/path/to/file"] -define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") { +define concat($mode = 0644, $owner = $id, $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") { $safe_name = regsubst($name, '/', '_', 'G') $concatdir = $concat::setup::concatdir $version = $concat::setup::majorversion @@ -126,7 +126,7 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group } File{ - owner => root, + owner => $id, group => $group, mode => $mode, backup => $backup @@ -164,13 +164,17 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group } exec{"concat_${name}": - user => root, - group => $group, notify => File[$name], subscribe => File[$fragdir], alias => "concat_${fragdir}", - require => [ File["/usr/local/bin/concatfragments.sh"], File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ], - unless => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", - command => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + require => [ File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ], + unless => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + command => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + } + if $id == 'root' { + Exec["concat_${name}"]{ + user => root, + group => $group, + } } } diff --git a/manifests/setup.pp b/manifests/setup.pp index 5b3ad26..53092ab 100644 --- a/manifests/setup.pp +++ b/manifests/setup.pp @@ -13,12 +13,15 @@ # # It also copies out the concatfragments.sh file to /usr/local/bin class concat::setup { - $root_group = 0 + $root_group = $id ? { + root => 0, + default => $id + } $concatdir = $concat_basedir $majorversion = regsubst($puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1') - file{"/usr/local/bin/concatfragments.sh": - owner => root, + file{"${concatdir}/bin/concatfragments.sh": + owner => $id, group => $root_group, mode => 755, source => $majorversion ? { @@ -26,9 +29,9 @@ class concat::setup { default => "puppet:///modules/concat/concatfragments.sh" }; - $concatdir: + [ $concatdir, "${concatdir}/bin" ]: ensure => directory, - owner => root, + owner => $id, group => $root_group, mode => '0750'; } -- cgit v1.2.3