kenyon
commented
1 year ago Files under puppet control aren't supposed to be purged, since puppet is managing them. Only non-managed files should be purged.
Closed bpadgett505 closed 1 year ago
kenyon
commented
1 year ago Files under puppet control aren't supposed to be purged, since puppet is managing them. Only non-managed files should be purged.
bpadgett505
commented
1 year ago Yes, I'm seeing files not under Puppet control that are not being purged. Some are being purged. Some are not.
kenyon
commented
1 year ago You might be able to tell why if you run puppet with --debug.
saz
commented
1 year ago @bpadgett505 can you show us some file names?
bpadgett505
commented
1 year ago Hiya,
Here is an example. The files with a puppet-bak are not under puppet control but they are being handled.
115_sierra_romeo_foxtrot is being ignored by puppet and is not defined in my code.
I found at least three or four names last Friday that were being ignored.
Thanks for taking a look at my issue.
Here is a puppet debug run where I grep -i for sudo:
kenyon
commented
1 year ago I think it's probably failing because of bad permissions. Should be 0600 or 0660, otherwise the visudo -c fails.
saz
commented
1 year ago Are you sure, those files are not managed by puppet? It might be possible, that there's neither sudo nor a part of the file name in the title, which won't therefore be matched by grep.
What happens if you're manually removing such a file and run puppet right after?
Which parameters are you setting?
zilchms
commented
1 year ago @bpadgett505 If you could also provide what your are feeding into your puppetcode, whether that be the relevant hiera entries or .pp files. That would be awesome. Would help immensely with debugging.
From what I can read out of your debug-logs etc, these 3 files are not touched by puppet.
-rw-r--r-- 1 root root 0 Oct 7 12:24 103_trout_fishing_rules.puppet-bak
-rw-r--r-- 1 root root 0 Oct 7 12:22 104_windows_sucks.puppet-bak
-rw-r--r-- 1 root root 0 Oct 7 12:27 115_sierra_romeo_foxtrotAs kenyon noted, the common denominator seems to be the file permissions. So I would like to know where they are from (manually placed, placed by something in your puppetcode or something else entirely)
PS: it seems these files are empty? maybe thats causing some misbehaviour?
saz
commented
1 year ago purge => true must be set on the file resource /etc/sudoers.d to remove any unmanaged files. As this is some behavior of the puppet file type, it's not related to permissions (as new files are created and owned by root) or any validation command (this will only affect new or changed files).
Either those files are managed by puppet or purge_ignore is set and those files are matching and are therefore not removed (not sure if they will show up during an agent run with --debug).
Another idea: maybe something else is creating those files between agent runs?
saz
commented
1 year ago @bpadgett505 As there's no response for a longer time and nobody else reports this behavior, I'll close the issue. If you think it's still a valid issue, please let me know.
Hello,
I have recently setup this module in my environment.
During my testing last week I found that not all of the files that are not under Puppet control in /etc/sudoers.d are being purged.
I messed around with it for a couple of hours trying to find any correlation to the file names but was unable to.
Is this a known issue or could I be missing a declaration in my code to make this work properly?
Thanks.