New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 772582 link

Starred by 3 users
Status: Fixed
Owner:
ayatane@chromium.org
Closed: Dec 2017
Cc:
pho...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

sshd_config / shadow_config content being modified on every puppet run

Project Member Reported by akes...@chromium.org, Oct 6 2017 
This was from a sync_and_run_puppet -f on chromeos-server120

Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}840e2e7e3416d932c673dbaad2e34f84' to '{md5}bd910de2c6b94c9f50c0cff641a2ce15'
Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/mode: mode changed '0644' to '0600'
Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Triggered 'refresh' from 1 events


Is this an indication that https://chrome-internal-review.googlesource.com/355304 did not work as intended?

P1 as it is a possible contributor or root cause to  Issue 771879

Comment 1 by akes...@chromium.org, Oct 6 2017 

Actually, not sure if it's really on *every* run.

Comment 2 by akes...@chromium.org, Oct 7 2017 

I'm seeing the same message about content of shadow_config.ini , but when I do the md5sum of the actual shadow_config on disk, it is always at the "from" value indicated in that content changed message.

I think puppet is doing something strange. Some googling indicates a few threads where people have had similar confusion about puppet treating unchanged files as though changed.

https://groups.google.com/forum/#!topic/puppet-users/Gly9jw9K3m8
https://tickets.puppetlabs.com/browse/PUP-5283

Comment 3 by ayatane@chromium.org, Oct 7 2017 

shadow_config.ini change is expected due to some ugly hacks.

sshd_config change may be due to Goobuntu Puppet deploying its own sshd_config.  We have had that duel for a long time.  I vaguely recall fixing it half a year ago though.

Comment 4 by akes...@chromium.org, Oct 7 2017 

> shadow_config.ini change is expected due to some ugly hacks.

Can you elaborate on that? Seems like this is triggering an apache restart. And I don't understand why the "change" is expected. When I ran puppet manually, despite logging that shadow_config.ini, I diffed before and after and it not in fact change.

Comment 5 by akes...@chromium.org, Oct 7 2017

Summary: sshd_config / shadow_config content being modified on every puppet run (was: sshd_config content being modified on every puppet run)

Comment 6 by ayatane@chromium.org, Oct 9 2017 

shadow_config.ini change should not be restarting apache.

We deploy a static version of shadow_config.ini and then append dynamic content to it.  Thus, when deploying the initial static version, Puppet always detects that the file is out of date, deploys the initial static version, and the appends the dynamic content.

Thus, the end result may be the same, but Puppet will refresh it every time.  It is an ugly hack.

Comment 7 by akes...@chromium.org, Oct 11 2017

Labels: -Pri-1 Pri-3
This is not the reason for apache restarts. Downgrading to P3

Comment 8 by ayatane@chromium.org, Dec 28 2017

Status: Fixed (was: Assigned)
shadow_config side is fixed

Sign in to add a comment