Puppet: System Administration Automated

Support

Ticket #138 (closed defect: fixed)

Opened 3 years ago

Last modified 2 years ago

cron type of puppet lack some functions and fails on legal crontabs

Reported by: gadnet@aqueos.com Assigned to: luke
Priority: normal Milestone:
Component: puppet Version: 0.16.5
Severity: normal Keywords: cron
Cc: Triage Stage:
Attached Patches: Complexity:

Description

Hi,

The cron type does not handle lines containing assignement of environement variables. From the man page here is the syntax :

An active line in a crontab will be either an environment setting or a cron command. An environment setting

is of the form,

name = value

where the spaces around the equal-sign (=) are optional, and any subsequent non-leading spaces in value will be part of the value assigned to name. The value string may be placed in quotes (single or double, but match- ing) to preserve leading or trailing blanks. The value string is not parsed for environmental substitutions, thus lines like

PATH = $HOME/bin:$PATH

will not work as you might expect.

Several environment variables are set up automatically by the cron(8) daemon. SHELL is set to /bin/sh, and LOGNAME and HOME are set from the /etc/passwd line of the crontab's owner. PATH is set to "/usr/bin:/bin". HOME, SHELL, and PATH may be overridden by settings in the crontab; LOGNAME is the user that the job is run- ning from, and may not be changed.

(Another note: the LOGNAME variable is sometimes called USER on BSD systems... on these systems, USER will be set also.)

In addition to LOGNAME, HOME, and SHELL, cron(8) will look at MAILTO if it has any reason to send mail as a result of running commands in this crontab. If MAILTO is defined (and non-empty), mail is sent to the user so named. If MAILTO is defined but empty (MAILTO=""), no mail will be sent. Otherwise mail is sent to the owner of the crontab.

right now the puppetd throw an error when encountering this legal lines:

core1:/root%(root)> puppetd --server xxxx.xxx --waitforcert 60 --test info: Caching configuration at /etc/puppet/localconfig.yaml info: No classes to store info: file=/usr/local/lib/ruby/1.8/facter/local.rb: Adding aliases facterlocal notice: Starting configuration run err: Could not apply complete configuration: Could not match 'TZ=Europe/Paris' notice: Finished configuration run in 0.18 seconds core1:/root%(root)>

So it should be corrected to :

1/ do not fail on those lines 2/ add to the cron object the capability to add such assignement

particulary the assignement should be able to build such lines:

MAILTO=ghislain@haque0s.com * * * * * echo 'hello ghislain' MAILTO=luke@madstip.com * * * * * echo 'use the force, Luke'

it mean add the line in the order we need as the MAILTO lines will not be usefull if it is AFTER the cronline and not before. For exemple :

cron { puppetcron:

command => "puppetd --server $puppetserver --onetime", user => root, hour => 2, minute => 0, assignname => "MAILTO", assignvalue => "myname@here.com", assign => "before"

}

it could be handy to have the possibility to add a line at the start of the crontab like this :

cron { mailto:

assignname => "MAILTO", assignvalue => "myname@here.com", assign => "firstline"

}

so all output of all this crontab will be send to the adress specified.

best regards, Ghislain.

Change History

05/14/06 12:17:52 changed by gadnet@aqueos.com

As put in the mailling list here are some more problems with the cron puppet type:

1/ ability to manage acces right to the crontabs (FreeBSD /var/cron/deny /var/cron/allow, linux /etc/cron.deny /etc/cron.allow )

cron { userrights:

deny => [nobody,www,whatever] allow => cronman

}

would put in /var/cron/cron.allow

cronman

and in /var/cron/cron.deny

nobody www whatever

2/ Ability to manage the system crontab as well as the user crontab

cron { puppetcron:

command => "puppetd --server $puppetserver --onetime", user => root, hour => 2, minute => 0, systemcrontab => true

}

some user cannot have crontab for a security reason so you have them in you cron.deny:

(root)> echo 'vdhrecordings' > /var/cron/deny (root)> crontab -u vdhrecordings -e crontab: you (vdhrecordings) are not allowed to use this program

So this prevent the user to create his own crontab BUT, as root, you CAN create an entry in the system crontab "/etc/crontab" like this:

* * * * * vdhrecordings /bin/ls|mail -s 'test !!' gg@aqueos.com

(this is the same than in a crontab but with the username as first argument)

and it will run as a cron for the user.

3/ special multiple hour syntax not supported

cron { test: ensure => present, hour => "*/2", command => "ls" }

wich means execute this every 2 hours makes puppet complain:

warning: cron=test: State hour failed: */2 is not a valid hour in file /etc/puppet/manifests/site.pp at line 62

best regards, Ghislain.

05/14/06 12:25:57 changed by anonymous

in fact multiple hours/minutes etc... are also rejected:

cron { test:
ensure => present,
hour => "2,3,4",
command => "ls"
}

warning: cron=test: State hour failed: 2,3,4 is not a valid hour in file /etc/puppet/manifests/site.pp at line 62 

cron { test:
ensure => present,
hour => "2-4",
command => "ls"
}

warning: cron=test: State hour failed: 2-4 is not a valid hour in file /etc/puppet/manifests/site.pp at line 62

from man 5 crontab:

       A field may be an asterisk (*), which always stands for ``first-last''.

       Ranges of numbers are allowed.  Ranges are two numbers separated with a hyphen.  The specified range is inclu-
       sive.  For example, 8-11 for an ``hours'' entry specifies execution at hours 8, 9, 10 and 11.

       Lists  are  allowed.   A  list  is  a  set of numbers (or ranges) separated by commas.  Examples: ``1,2,5,9'',
       ``0-4,8-12''.

       Step values can be used in conjunction with ranges.  Following a range with ``/<number>'' specifies  skips  of
       the  number's value through the range.  For example, ``0-23/2'' can be used in the hours field to specify com-
       mand execution every other hour (the alternative in the V7  standard  is  ``0,2,4,6,8,10,12,14,16,18,20,22'').
       Steps are also permitted after an asterisk, so if you want to say ``every two hours'', just use ``*/2''.

05/19/06 02:03:38 changed by luke

This is two bugs. The easier bug is one of validation: What are legal values for attributes? The validation system for cron just needs to be updated to handle these new types of value. Modifying the "munge" code in lib/puppet/type/cron.rb to accept these values and validate them accordingly. I expect you'd need to create a method for validating each type of value, e.g., one for the "*/5" type, and one for the "2-4" type, but you could reuse the existing limit information.

The second and much harder bug is the environment setting bug. It's quite straightforward to modify Puppet to accept this as a valid line, but it's much harder to model it well. These settings are ordered in the file and they affect any cron job later than them but are not specifically associated with a given job. This makes discovering these settings abysmally complicated -- if I find an environment setting at the beginning of a file, should I assume it's only associated with the next job, or with all of them?

I think the right solution is to add an "environment setting" parameter of some kind, and print them between the header of each job and the job itself. I don't know what the right syntax is, but something like this: 

cron { mystuff:
   hour => 2,
   minute => 0,
   command => "/bin/do --stuff",
   environment => ["HOME=/my/home", "SH=/bin/bash"]
}

I think the hardest part about fixing this bug is deciding how to handle environment settings that you encounter in an existing file.

05/19/06 21:19:36 changed by luke

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in [1217].

05/29/06 07:25:28 changed by kkkkoaaa

  • milestone set to pilot.

Keep a good job up! http://quick-adult-links.com

05/31/06 12:00:00 changed by Main

  • type deleted.

06/02/06 18:18:26 changed by Go

  • type set to defect.

06/06/06 22:46:10 changed by Link

06/18/06 20:35:56 changed by Link

06/20/06 04:57:43 changed by anonymous

World of Warcraft gold(wow gold)--buy cheap,sell wow gold.welcome to buy cheap --cheap, easy, purchasing.World of Warcraft,Super fastdelivery of gold, items,and accounts

膜结构

06/25/06 15:24:16 changed by Link

10/05/06 23:42:26 changed by root

  • milestone deleted.

Milestone pilot deleted