New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Dec 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

sshd_config / shadow_config content being modified on every puppet run

Project Member Reported by akes...@chromium.org, Oct 6 2017

Issue description

This was from a sync_and_run_puppet -f on chromeos-server120

Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}840e2e7e3416d932c673dbaad2e34f84' to '{md5}bd910de2c6b94c9f50c0cff641a2ce15'
Notice: /Stage[main]/Ssh::Server::Config/File[/etc/ssh/sshd_config]/mode: mode changed '0644' to '0600'
Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Triggered 'refresh' from 1 events


Is this an indication that https://chrome-internal-review.googlesource.com/355304 did not work as intended?

P1 as it is a possible contributor or root cause to  Issue 771879
 
Actually, not sure if it's really on *every* run.
I'm seeing the same message about content of shadow_config.ini , but when I do the md5sum of the actual shadow_config on disk, it is always at the "from" value indicated in that content changed message.

I think puppet is doing something strange. Some googling indicates a few threads where people have had similar confusion about puppet treating unchanged files as though changed.

https://groups.google.com/forum/#!topic/puppet-users/Gly9jw9K3m8
https://tickets.puppetlabs.com/browse/PUP-5283

shadow_config.ini change is expected due to some ugly hacks.

sshd_config change may be due to Goobuntu Puppet deploying its own sshd_config.  We have had that duel for a long time.  I vaguely recall fixing it half a year ago though.
> shadow_config.ini change is expected due to some ugly hacks.

Can you elaborate on that? Seems like this is triggering an apache restart. And I don't understand why the "change" is expected. When I ran puppet manually, despite logging that shadow_config.ini, I diffed before and after and it not in fact change.
Summary: sshd_config / shadow_config content being modified on every puppet run (was: sshd_config content being modified on every puppet run)
shadow_config.ini change should not be restarting apache.

We deploy a static version of shadow_config.ini and then append dynamic content to it.  Thus, when deploying the initial static version, Puppet always detects that the file is out of date, deploys the initial static version, and the appends the dynamic content.

Thus, the end result may be the same, but Puppet will refresh it every time.  It is an ugly hack.
Labels: -Pri-1 Pri-3
This is not the reason for apache restarts. Downgrading to P3
Status: Fixed (was: Assigned)
shadow_config side is fixed

Sign in to add a comment