Puppet [SOLVED]: Puppet computing hash of (massive) unmanaged files

Puppet [SOLVED]: Puppet computing hash of (massive) unmanaged files

Home Forums Automation Tools Puppet Puppet [SOLVED]: Puppet computing hash of (massive) unmanaged files

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #241081

    Cloudy Point
    Keymaster

    QuestionQuestion

    I am managing users with puppet with managehome set to true. This home directory is then populated with a few files (2 dot files in my case).

    user { 'guillaume':
      ensure     => present,
      managehome => true,
    }
    
    file {'/home/guillaume':
      ensure  => present,
      purge   => false,
      recurse => true,
      source  => "puppet:///modules/${module_name}/home/${title}",
    }
    

    It is all fine and dandy, but I ended up putting a 25GB file in my home dir, which puppet was computing a hash of (at least it is my understanding. I could see from strace that the file was indeed fully read by puppet). It took about 20 minutes, for a full puppet run which should be done in less than a minute in theory. Removing the file made puppet run fast again, confirming my guess.

    Why would puppet compute a hash of an unmanaged file, and how can I prevent sabotaging puppet by just putting such a (legit) file in a managed directory?

    #241082

    Cloudy Point
    Keymaster

    Accepted AnswerAnswer

    The reason Puppet is computing the checksum of the file in the home directory is because you are managing the contents of an entire directory recursively and that file is part of the directory’s contents. There are a couple ways to improve your Puppet resources to avoid computing this checksum.

    The first is to just manage the two hidden files directly:

    user { 'guillaume':
      ensure     => present,
      managehome => true,
    }
    
    file {'/home/guillaume/.file_one':
      ensure  => file,
      source  => "puppet:///modules/${module_name}/home/.file_one",
      require => User['guillaume'],
    }
    file {'/home/guillaume/.file_two':
      ensure  => file,
      source  => "puppet:///modules/${module_name}/home/.file_two",
      require => User['guillaume'],
    }
    

    Note that above I also fixed the unspecified ensure value on the file resources and the missing dependency metaparameter of the file resources on the user resource.

    The second solution is to not recursively manage the contents of the directory and therefore ignore the files in the directory contents that are not being managed with the source attribute. You achieve this by setting the recurse attribute to remote:

    user { 'guillaume':
      ensure     => present,
      managehome => true,
    }
    
    file {'/home/guillaume':
      ensure  => directory,
      recurse => remote,
      source  => "puppet:///modules/${module_name}/home/guillaume",
      require => User['guillaume'],
    }
    

    Note that this makes the same fixes as the above solution.

    Some helpful documentation:
    https://puppet.com/docs/puppet/5.3/types/file.html
    https://puppet.com/docs/puppet/5.3/metaparameter.html#require

    Source: https://stackoverflow.com/questions/47808951/puppet-computing-hash-of-massive-unmanaged-files
    Author: Matt Schuchard
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.