Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5054

puppet augeas fails to add user if tag supplied on creation

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: PUP 3.6.2
    • Fix Version/s: None
    • Component/s: Modules
    • Labels:
      None
    • Environment:

      Rhel 6 servers and puppet master.

    • Template:

      Description

      When using puppet augeas to insert a user into the sudoers file if you specify a tag such as NOPASSWD the system fails to evaluate past the command:

      CODE:

      augeas

      { "sudobase$name": context => "/files/etc/sudoers.base", changes => [ "set spec[user = '$name']/user $name", "set spec[user = '$name']/host_group/host ALL", "set spec[user = '$name']/host_group/command ALL", "set spec[user = '$name']/host_group/command/tag NOPASSWD", "set spec[user = '$name']/host_group/command/runas_user ALL", ], }

      If I add the user without the tag then the tag system will change the user to include the tag on a second run.

      This is the output running puppet agent if the user is not already there:

      Debug: Augeas[sudobaselcapss](provider=augeas): Opening augeas with root /, lens path /usr/share/augeas/lenses:var/lib/puppet/lib/augeas/lenses, flags 32
      Debug: Augeas[sudobaselcapss](provider=augeas): Augeas version 1.0.0 is installed
      Debug: Augeas[sudobaselcapss](provider=augeas): Will attempt to save and only run if files changed
      Debug: Augeas[sudobaselcapss](provider=augeas): sending command 'set' with params ["/files/etc/sudoers.base/spec[user = 'lcapss']/user", "lcapss"]
      Debug: Augeas[sudobaselcapss](provider=augeas): sending command 'set' with params ["/files/etc/sudoers.base/spec[user = 'lcapss']/host_group/host", "ALL"]
      Debug: Augeas[sudobaselcapss](provider=augeas): sending command 'set' with params ["/files/etc/sudoers.base/spec[user = 'lcapss']/host_group/command", "ALL"]
      Debug: Augeas[sudobaselcapss](provider=augeas): sending command 'set' with params ["/files/etc/sudoers.base/spec[user = 'lcapss']/host_group/command/tag", "NOPASSWD"]
      Debug: Augeas[sudobaselcapss](provider=augeas): sending command 'set' with params ["/files/etc/sudoers.base/spec[user = 'lcapss']/host_group/command/runas_user", "ALL"]
      Debug: Augeas[sudobaselcapss](provider=augeas): Put failed on one or more files, output from /augeas//error:
      Debug: Augeas[sudobaselcapss](provider=augeas): /augeas/files/etc/sudoers.base/error = put_failed
      Debug: Augeas[sudobaselcapss](provider=augeas): /augeas/files/etc/sudoers.base/error/path = /files/etc/sudoers.base/spec/host_group/command
      Debug: Augeas[sudobaselcapss](provider=augeas): /augeas/files/etc/sudoers.base/error/lens = /var/lib/puppet/lib/augeas/lenses/sudoers.aug:484.4-.64:
      Debug: Augeas[sudobaselcapss](provider=augeas): /augeas/files/etc/sudoers.base/error/message = Failed to match
      (

      { /runas_user/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      (

      { /runas_user/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      )* |

      { /runas_group/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      (

      { /runas_group/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      )* |

      { /runas_user/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      (

      { /runas_user/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      )*

      { /runas_group/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      (

      { /runas_group/ = /[^\001-\004\t\n #,:=\\][^\001-\004\n#,:=]*[^\001-\004\t\n #,:=\\]|[^\001-\004\t\n #,:=\\]/ }

      )*)?

      { /tag/ = /(NO)?(PASSWD|EXEC|SETENV)/ }

      *
      with tree

      { "tag" = "NOPASSWD" } { "runas_user" = "ALL" }

      Debug: Augeas[sudobaselcapss](provider=augeas): Closed the augeas connection
      Error: /Stage[main]/Lockss/Lockss::Sudoers[lcapss]/Augeas[sudobaselcapss]: Could not evaluate: Saving failed, see debug

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                thaylin Chris Bowen
                QA Contact:
                Eric Thompson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support