Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 3 users
Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment
sshd_config / shadow_config content being modified on every puppet run
Project Member Reported by akes...@chromium.org, Oct 6 Back to list
This was from a sync_and_run_puppet -f on chromeos-server120

Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}840e2e7e3416d932c673dbaad2e34f84' to '{md5}bd910de2c6b94c9f50c0cff641a2ce15'
Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/mode: mode changed '0644' to '0600'
Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Triggered 'refresh' from 1 events


Is this an indication that https://chrome-internal-review.googlesource.com/355304 did not work as intended?

P1 as it is a possible contributor or root cause to  Issue 771879
 
Actually, not sure if it's really on *every* run.
I'm seeing the same message about content of shadow_config.ini , but when I do the md5sum of the actual shadow_config on disk, it is always at the "from" value indicated in that content changed message.

I think puppet is doing something strange. Some googling indicates a few threads where people have had similar confusion about puppet treating unchanged files as though changed.

https://groups.google.com/forum/#!topic/puppet-users/Gly9jw9K3m8
https://tickets.puppetlabs.com/browse/PUP-5283

shadow_config.ini change is expected due to some ugly hacks.

sshd_config change may be due to Goobuntu Puppet deploying its own sshd_config.  We have had that duel for a long time.  I vaguely recall fixing it half a year ago though.
> shadow_config.ini change is expected due to some ugly hacks.

Can you elaborate on that? Seems like this is triggering an apache restart. And I don't understand why the "change" is expected. When I ran puppet manually, despite logging that shadow_config.ini, I diffed before and after and it not in fact change.
Summary: sshd_config / shadow_config content being modified on every puppet run (was: sshd_config content being modified on every puppet run)
shadow_config.ini change should not be restarting apache.

We deploy a static version of shadow_config.ini and then append dynamic content to it.  Thus, when deploying the initial static version, Puppet always detects that the file is out of date, deploys the initial static version, and the appends the dynamic content.

Thus, the end result may be the same, but Puppet will refresh it every time.  It is an ugly hack.
Labels: -Pri-1 Pri-3
This is not the reason for apache restarts. Downgrading to P3
Sign in to add a comment