Page MenuHomePhabricator

role::simplelamp takes ownership of all content in /etc/apache2/sites-enabled
Closed, ResolvedPublic


While working with @Freddy2001 on some issues in the getstarted project we found that changes to /etc/apache2/sites-enabled were being mysteriously un-done. It eventually dawned on my to look at what Puppet roles were applied on the host. This led me to the realization that our role::simplelamp Puppet module is pretty useless for any project that is not using a local puppet master.

Here's what happens:

  • role::simplelamp applies ::apache
  • ::apache has a set of File resource that control the contents of:
    • /etc/apache2/conf-enabled
    • /etc/apache2/env-enabled
    • /etc/apache2/sites-enabled
  • These File resources include recurse => true and purge => true settings which means that any files under the directory that do not also have Puppet File resources will be removed when Puppet runs.

Effectively this means that unless you apply another Puppet class that declares apache::conf, apache::env, and apache::site resources each Puppet run will undo all changes to the Apache config.

This is pretty annoying behavior for a typical volunteer Labs user. What is happening is non-obvious and non-intuitive. The applied the Puppet role to bootstrap their VM, but very likely are not expecting any manual config changes that they make to disappear twice an hour. We should find a way to make this easier to work with.

NOTE: The short term hack solution is to remove the role::simplelamp from the VM once the basic software has been provisioned. So apply the role from Horizon, force a Puppet run on the instance with sudo puppet agent --test --verbose, make sure that Apache and MySQL are installed and running, and then remove the role using Horizon.

Event Timeline

Change 597052 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] simplelamp2: do not purge unmanaged config files

Change 597052 merged by Dzahn:
[operations/puppet@production] httpd/simplelamp2: add parameter to not purge manual config

@bd808 @Freddy2001 I finally merged the proposed fix above.

Now the httpd class has a new parameter that lets you toggle the purge behaviour.

And in the "simplelamp2" class which replaced simplelamp I already disabled it. Other roles could also set it now as they prefer.

Would you agree this resolves the issue? Goal is to make it easier for volunteer cloud VPS users but also encourage use of puppet.

Dzahn claimed this task.

claiming it's resolved .. per IRC chat