search

saz / puppet-sudo

Manage sudo with Puppet on Debian-, RedHat- and SUSE-based linux distributions and some BSDs
Other
105 stars 215 forks source link

Puppetlabs/apache and sudo #202

Closed sudodevnull closed 6 years ago

sudodevnull commented 6 years ago

I am getting a dependency cycle between your module and the puppetlabs/apache module. Hoping you can help identify/resolve the problem here:

Failed to apply catalog: Found 1 dependency cycle: (Anchor[sudo::begin] => Class[Sudo] => Stage[postfeatures] => Stage[hieraclasses] => Class[Apache] => Package[httpd] => File[headers.load] => Apache::Mod[headers] => Class[Apache::Mod::Headers] => Stage[main] => Stage[postfeatures] => Class[Sudo] => Anchor[sudo::begin]) Try the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz

Here is the digraph: digraph Resource_Cycles { label = "Resource Cycles" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Exec[mkdir /etc/httpd/conf.modules.d]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Linuxauth]" -> "Class[Linuxauth]" -> "Stage[postfeatures]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Exec[mkdir /etc/httpd/conf.modules.d]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "Anchor[sudo::begin]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "Exec[mkdir /etc/httpd/conf.modules.d]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "Anchor[sudo::begin]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Linuxauth]" -> "Class[Linuxauth]" -> "Stage[postfeatures]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo::Configs]" -> "Class[Sudo::Configs]" -> "Stage[postfeatures]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo::Params]" -> "Class[Sudo::Params]" -> "Stage[postfeatures]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "Anchor[sudo::begin]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "Anchor[sudo::end]" -> "Class[Sudo]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "File[/etc/sudoers.d/]" -> "Class[Sudo]" "Anchor[sudo::begin]" -> "Class[Sudo]" -> "Stage[postfeatures]" -> "Stage[hieraclasses]" -> "Class[Apache]" -> "Package[httpd]" -> "File[headers.load]" -> "Apache::Mod[headers]" -> "Class[Apache::Mod::Headers]" -> "Stage[main]" -> "Stage[postfeatures]" -> "Class[Sudo]" -> "File[/etc/sudoers]" -> "Class[Sudo]" }

sudodevnull commented 6 years ago

Here is our current wrapper class for your module:

class linuxauth::sudo {
  $sudoers_env          = $facts['tier'] ? {
    /(uat|dev|sit)/     => 'nonprod',
    /(prod|dr)/         => 'prod',
  }

  $sudoers_data         = lookup('linuxauth::sudoers')

  $sudoers_base         = $sudoers_data['base'] ? {
    undef               => {},
    default             => $sudoers_data['base'],
  }

  $sudoers_applications = $sudoers_data[$sudoers_env][$::node_type] ? {
    undef               => {},
    default             => $sudoers_data[$sudoers_env][$::node_type],
  }

  $sudoers              = $sudoers_base + $sudoers_applications

  contain class { '::sudo':
    purge               => false,
    config_file_replace => false,
  }

  if ! $sudoers.empty {
    $sudoers.each |$sudoer, $config| {
      ::sudo::conf { $sudoer :
        content        => $config[content],
        sudo_file_name => $sudoer,
      }
    }
  }
}
sudodevnull commented 6 years ago

This is for rhel7

sudodevnull commented 6 years ago

I believe it is due to your anchor

saz commented 6 years ago

This should be fixed in the current master

sudodevnull commented 6 years ago

can I asked what you did to resolve? I have not tested yet...