One of the first things I wanted to accomplish with puppet is to track down rogue cron jobs under accounts of people that are no longer here. The broader objective is to delete old/un-used accounts.
Problem
But there was some evidence that a few of these old accounts still had cron jobs running. So, we couldn't just delete the old accounts, but needed to proceed cautiously to insure we didn't stomp on some cron job that was actually needed!
I was looking for puppet to tell me which systems had cron jobs under this old account. Now, puppet is a declarative language, so something like:
if /var/spool/cron/userfoo exists, notify me, so I can take a look and see what I need to fix/replacedoesn't exist! In puppet, you have to declare whether something should or should not exist and then puppet will take the corresponding action. I just wanted puppet to tell me about something on my system. I didn't want puppet to take an action!
Solution
It's up to the puppetlabs provided facter to help out here. Puppet ships with a bundle called facter that collects a lot of bits of information about systems, like their OS, RAM, kernel version, etc. The code to gather these facts is written in ruby and is extensible. I needed a custom fact that would indicate whether or not /var/spool/cron/userfoo or (on solaris) /var/spool/cron/crontabs/userfoo exists. Writing that code is actually straight forward (my first ruby code ever! yay!). Getting that code onto my agents had an obstacle to overcome.
Problem #2
Puppet does not deliver custom facts to agents by default. Agents and the puppetmaster need this set in /etc/puppet.conf
pluginsync = trueThis required using puppet to update the puppet.conf and restart puppet. That's what I built. Getting puppet to allow delivery of custom facts by default is a listed feature request: http://projects.puppetlabs.com/issues/5454
The only gotcha here is to make sure you include:
hasrestart => true,in your init.pp for the puppet service. Otherwise puppet will send a stop, but not a start since it can't send a start since it is no longer running!
Resources
http://conshell.net/wiki/index.php/Puppet
grabbed this:
kill -USR1 `cat /var/run/puppet/puppetd.pid`; tail -f /var/log/syslogfrom the above link. Which I shortened to:
kill -USR1 `pgrep puppet`; tail -f /var/log/syslog
Config details after the jump
init.pp
## update puppet config file and restart puppet#class puppetagent { service { 'puppet': name => $operatingsystem ? { CentOS => $service_name, Solaris => cswpuppetd, default => undef, }, ensure => running, hasrestart => true, enable => true, subscribe => File['puppet.conf'], } file { 'puppet.conf': path => '/etc/puppet/puppet.conf', ensure => file, source => $operatingsystem ? { Solaris => "puppet://puppet.idge.int/files/site/etc/puppet.conf.solaris", CentOS => "puppet://puppet.idge.int/files/site/etc/puppet.conf.centos", default => undef, }, }}
cron_userfoo.rb
# cron_userfoo.rb
Facter.add("cron_userfoo") do setcode do if File.exist? "/var/spool/cron/userfoo" "cron_userfoo-yes" elsif File.exist? "/var/spool/cron/crontabs/userfoo" "cron_userfoo-yes"
else "cron_userfoo-no" end endend
No comments:
Post a Comment