I want to manage the mounted partitions from puppet which includes both modifying /etc/fstab and creating the directories used as mount points. The mount resource type updates fstab just fine, but using file for creating the mount points is a bit tricky.
For example, by default the owner of the directory is root and if the root (/) of the mounted partition has another owner, puppet will try to change it and I don't want this. I know that I can set the owner of that directory, but why should I care what's on the mounted partition? All I want to do is mount it. Is there a way to make puppet not to care about the permissions of the directory used as the mount point?
This is what I'm using right now:
define extra_mount_point(
$device,
$location = "/mnt",
$fstype = "xfs",
$owner = "root",
$group = "root",
$mode = 0755,
$seltype = "public_content_t"
$options = "ro,relatime,nosuid,nodev,noexec",
) {
file { "${location}/${name}":
ensure => directory,
owner => "${owner}",
group => "${group}",
mode => $mode,
seltype => "${seltype}",
}
mount { "${location}/${name}":
atboot => true,
ensure => mounted,
device => "${device}",
fstype => "${fstype}",
options => "${options}",
dump => 0,
pass => 2,
require => File["${location}/${name}"],
}
}
extra_mount_point { "sda3":
device => "/dev/sda3",
fstype => "xfs",
owner => "ciupicri",
group => "ciupicri",
$options => "relatime,nosuid,nodev,noexec",
}
In case it matters, I'm using puppet-0.25.4-1.fc13.noarch.rpm and puppet-server-0.25.4-1.fc13.noarch.rpm.
P.S. undef works fine for owner, group and permissions, but not for SELinux. If the partitions are already mounted, puppet complains:
puppetd[18052]: Failed to set SELinux context system_u:object_r:public_content_t:s0 on /mnt/sda3
puppetd[18052]: (/File[/mnt/sda3]/seluser) seluser changed 'unconfined_u' to 'system_u'
puppetd[18052]: Failed to set SELinux context unconfined_u:object_r:mnt_t:s0 on /mnt/sda3
puppetd[18052]: (/File[/mnt/sda3]/seltype) seltype changed 'public_content_t' to 'mnt_t'
The permissions of the mounted partition are:
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 /mnt/sda3/
while the permissions of mount point created by puppet are:
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 /mnt/sda3/
P.P.S. I have reported a bug for this strange behavior.
You can tell Puppet not to manage a given metaparameter by setting it to
undef.In this event, if the directory doesn't exist before mounting, it will be created as the user and group which
puppetdwas started as (presumably root:wheel) and with a default umask. Puppet won't care about what these are set to at the time of creation or on any subsequent runs.Alternatively, if you wanted to trade a little complexity for assurance, you could use a custom fact to determine what the active mounts are and a switch statement to set the directory permissions depending on whether it is pre- or post- mounted.
Not really an answer but this has been fixed in puppet 2.6.7: http://projects.puppetlabs.com/issues/3999
I have a custom fact (works with Linux only ATM) that will return all the currently mounted local mounts on a system. It's horribly simple, but works for me -- looks like you might find some use for it as well. Anyway, I threw it up on github: https://github.com/justintime/puppet/tree/master/justintime-localmounts