Re: [Puppet Users] Re: Puppet recipe to copy and execute a shell file

Fri, 17 Jun 2011 07:50:08 -0700 

Here is site.pp

==============================

file {"/tmp/QoS/QoS.sh":
ensure =>present,
owner=>'root',
group=>'root',
mode=>'777',
source=>'puppet://puppet/files/QoS.sh',
}

exec {"/tmp/QoS/QoS.sh":
require=>File['/tmp/QoS/QoS.sh'],
}

================================

Here is the QoS.sh Script:

================================

            #!/bin/bash
#create alias for interfaces to avoid confusion

export LAN=eth1
export WAN=eth0

#----------------------------------------------------------------------QoS
Settings----------------------------------------------------------#
#Rules for engress queue
#----------------------------------start--------------------------
#create priority queue
tc qdisc add dev ${WAN} root handle 1: htb default 13

tc class add dev ${WAN} parent 1: classid 1:1 htb rate 50kbps ceil 50kbps

# voip class
tc class add dev ${WAN} parent 1:1 classid 1:10 htb rate 30kbps ceil 50kbps
prio 1

#stream class
tc class add dev ${WAN} parent 1:1 classid 1:11 htb rate 30kbps ceil 30kbps
prio 2

#http, https, ssh, telnet class
tc class add dev ${WAN} parent 1:1 classid 1:12 htb rate 20kbps ceil 30kbps
prio 3

#ftp class
tc class add dev ${WAN} parent 1:1 classid 1:13 htb rate 20kbps ceil 20kbps
prio 4

#attach sfq on every class
tc qdisc add dev ${WAN} parent 1:10 handle 20: sfq perturb 10
tc qdisc add dev ${WAN} parent 1:11 handle 30: sfq perturb 10
tc qdisc add dev ${WAN} parent 1:12 handle 40: sfq perturb 10
tc qdisc add dev ${WAN} parent 1:13 handle 60: sfq perturb 10

#define class filters
tc filter add dev ${WAN} parent 1:0 prio 1 protocol ip u32 match ip tos 0x28
0xff classid 1:10
tc filter add dev ${WAN} parent 1:0 prio 2 protocol ip u32 match ip tos 0x48
0xff classid 1:11
tc filter add dev ${WAN} parent 1:0 prio 3 protocol ip u32 match ip tos 0x68
0xff classid 1:12
tc filter add dev ${WAN} parent 1:0 prio 4 protocol ip u32 match ip tos 0x88
0xff classid 1:12

#-------------------------------------end----------------------------------------

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 2345 -j TOS
--set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 2345 -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 2345 -j TOS
--set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 2345 -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport telnet -j
TOS --set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport telnet -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport telnet -j
TOS --set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport telnet -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ssh -j TOS
--set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ssh -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ssh -j TOS
--set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ssh -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j TOS --set-tos 0x28
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j RETURN

iptables -t mangle -I FORWARD -i ${LAN} -o ${WAN} -p udp --sport sip -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport sip -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport sip -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport sip -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 5060 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 5060 -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 5060 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 5060 -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 4569 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 4569 -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 4569 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 4569 -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 5036 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 5036 -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 5036 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 5036 -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 10000:20000
-j TOS --set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 10000:20000
-j RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 10000:20000
-j TOS --set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 10000:20000
-j RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 2727 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --sport 2727 -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 2727 -j TOS
--set-tos 0x48
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p udp --dport 2727 -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport http -j TOS
--set-tos 0x68
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport http -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport http -j TOS
--set-tos 0x68
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport http -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport https -j
TOS --set-tos 0x68
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport https -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport https -j
TOS --set-tos 0x68
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport https -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ftp -j TOS
--set-tos 0x88
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ftp -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ftp -j TOS
--set-tos 0x88
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ftp -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ftp-data -j
TOS --set-tos 0x88
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --dport ftp-data -j
RETURN
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ftp-data -j
TOS --set-tos 0x88
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -p tcp --sport ftp-data -j
RETURN

iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -j TOS --set-tos 0x88
iptables -t mangle -A FORWARD -i ${LAN} -o ${WAN} -j RETURN

#save iptables rules

iptables-save

================================================================

On Fri, Jun 17, 2011 at 3:44 PM, Annie Rana <annier...@gmail.com> wrote:

> Hi Luke,
> What's your shell script expected to
> do?
> The shell script would generate Iptables rules
>
> How do you know it didn't work?
> I can check using ipatbles -L or iptables -t mangle -L commands
>
>
> If you run it by hand in a root shell, does it work then?
> Yes
>
> If so,
> there might be an environment problem when running from Puppet, like
> $PATH or something. Try set the parameter "logoutput => true" in the
> exec resource.
> I did but no affect.
>
> Thanks again, much appreciated your help and time.
>
> On Fri, Jun 17, 2011 at 3:26 PM, Luke Bigum <luke.bi...@lmax.com> wrote:
>
>> How do you know it didn't work? What's your shell script expected to
>> do? If you run it by hand in a root shell, does it work then? If so,
>> there might be an environment problem when running from Puppet, like
>> $PATH or something. Try set the parameter "logoutput => true" in the
>> exec resource.
>>
>> On Jun 17, 3:18 pm, Annie Rana <annier...@gmail.com> wrote:
>> > Thanks but it couldn't work though i got the message that shell script
>> is
>> > successfully executed.
>> >
>> > On Fri, Jun 17, 2011 at 2:44 PM, Luke Bigum <luke.bi...@lmax.com>
>> wrote:
>> > > Annie,
>> >
>> > >http://docs.puppetlabs.com/references/stable/type.html#exec
>> >
>> > > By default the expected return code is probably zero, your script is
>> > > returning 1. Whether this is correct or not I don't know, but you can
>> > > tell puppet to expect a different return code:
>> >
>> > > exec { '/etc/shell_file':
>> > >  require => File['/etc/shell_file'],
>> > >  returns => 1,
>> > > }
>> >
>> > > On Jun 17, 2:36 pm, Annie Rana <annier...@gmail.com> wrote:
>> > > > I apologize for posting wrong log messages, here is the correct log:
>> >
>> > > > notice: Starting catalog run
>> > > > notice: //File[/tmp/QoS/QoS.sh]/ensure: created
>> > > > err: //Exec[/tmp/QoS/QoS.sh]/returns: change from notrun to 0
>> failed:
>> > > > /tmp/QoS/QoS.sh returned 1 instead of 0 at
>> > > /etc/puppet/manifests/site.pp:10
>> > > > notice: Finished catalog run in 0.46 seconds
>> >
>> > > > Any help please?
>> >
>> > > > On Fri, Jun 17, 2011 at 2:09 PM, Annie Rana <annier...@gmail.com>
>> wrote:
>> > > > > Hi Peter, thanks for your reply. I managed to copy the shell file
>> > > puppet
>> > > > > client using the file resource recipe you specified but exec is
>> > > throwing an
>> > > > > error, which is as follows:
>> >
>> > > > > info: No classes to store
>> > > > > info: Caching catalog at /var/lib/puppet/state/localconfig.yaml
>> > > > > notice: Starting catalog run
>> > > > > err: //File[/tmp/QoS/QoS.sh]/ensure: change from absent to file
>> failed:
>> > > > > Could not set file on ensure: No such file or directory -
>> > > > > /tmp/QoS/QoS.sh.puppettmp at /etc/puppet/manifests/site.pp:7
>> > > > > notice: //Exec[/tmp/QoS/QoS.sh]: Dependency file[/tmp/QoS/QoS.sh]
>> has 1
>> > > > > failures
>> > > > > warning: //Exec[/tmp/QoS/QoS.sh]: Skipping because of failed
>> > > dependencies
>> > > > > notice: Finished catalog run in 0.38 seconds
>> >
>> > > > > When I tried running the shell script manually using the following
>> > > command
>> >
>> > > > > '/tmp/QoS/QoS.sh; echo $?'
>> >
>> > > > > , it worked fine printing 0 at the end. Any help what is wrong
>> with
>> > > exec
>> > > > > resource recipe?
>> >
>> > > > > Thanks in advance for your time.
>> >
>> > > > > Regards,
>> >
>> > > > > A.
>> >
>> > > > > On Thu, Jun 16, 2011 at 8:42 PM, Peter Bukowinski <
>> pmb...@gmail.com
>> > > >wrote:
>> >
>> > > > >> It sounds like you haven't set up the puppet fileserver yet.
>> Choose a
>> > > > >> directory that will hold files you want to copy to clients. I use
>> > > > >> /opt/files, so that's what is in my example. Create
>> fileserver.conf in
>> > > the
>> > > > >> same directory as puppet.conf and add these lines:
>> >
>> > > > >> [files]
>> > > > >> path /opt/files
>> > > > >> allow *.client.domain
>> >
>> > > > >> Put your shell file in the path you specified. Now you just need
>> to
>> > > set up
>> > > > >> a file and exec resource. Note the source item in the file
>> resource
>> > > and the
>> > > > >> require item in exec.
>> >
>> > > > >> file { '/etc/shell_file':
>> > > > >> ensure => present,
>> > > > >> owner => 'root',
>> > > > >> group => 'root',
>> > > > >> mode => '0755',
>> > > > >> source => 'puppet://puppet/files/shell_file',
>> > > > >> }
>> >
>> > > > >> exec { '/etc/shell_file': require => File['/etc/shell_file'] }
>> >
>> > > > >> --
>> > > > >> Peter M. Bukowinski
>> > > > >> Systems Engineer
>> > > > >> Janelia Farm Research Campus, HHMI
>> >
>> > > > >> On Thursday, June 16, 2011 at 3:17 PM, annierana wrote:
>> >
>> > > > >> > Hi all, I am new to puppet. I need a sample recipe to
>> write/copy a
>> > > > >> > shell file on puppet client. The shell file exists on puppet
>> server.
>> > > > >> > Once the file is written, I also want to execute it. I have
>> tried
>> > > > >> > using file resource with ensure command to copy at /etc but
>> > > permission
>> > > > >> > was denied and moreover with a different directory path (\tmp)
>> it
>> > > just
>> > > > >> > created an empty file. Can anyone please help?
>> >
>> > > > >> > Regards,
>> >
>> > > > >> > A.
>> >
>> > > > >> > --
>> > > > >> > You received this message because you are subscribed to the
>> Google
>> > > > >> Groups "Puppet Users" group.
>> > > > >> > To post to this group, send email to
>> puppet-users@googlegroups.com
>> > > (mailto:
>> > > > >> puppet-users@googlegroups.com).
>> > > > >> > To unsubscribe from this group, send email to
>> > > > >> puppet-users+unsubscr...@googlegroups.com (mailto:
>> > > > >> puppet-users+unsubscr...@googlegroups.com).
>> > > > >> > For more options, visit this group at
>> > > > >>http://groups.google.com/group/puppet-users?hl=en.
>> >
>> > > > >> --
>> > > > >> You received this message because you are subscribed to the
>> Google
>> > > Groups
>> > > > >> "Puppet Users" group.
>> > > > >> To post to this group, send email to
>> puppet-users@googlegroups.com.
>> > > > >> To unsubscribe from this group, send email to
>> > > > >> puppet-users+unsubscr...@googlegroups.com.
>> > > > >> For more options, visit this group at
>> > > > >>http://groups.google.com/group/puppet-users?hl=en.
>> >
>> > > --
>> > > You received this message because you are subscribed to the Google
>> Groups
>> > > "Puppet Users" group.
>> > > To post to this group, send email to puppet-users@googlegroups.com.
>> > > To unsubscribe from this group, send email to
>> > > puppet-users+unsubscr...@googlegroups.com.
>> > > For more options, visit this group at
>> > >http://groups.google.com/group/puppet-users?hl=en.
>> >
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to