add path attribtues to exec resources in several places

c69f4739 · Adam Lewenberg · e03c5185 · c69f4739 · c69f4739 · c69f4739
Commit c69f4739 authored Dec 07, 2016 by Adam Lewenberg
--- a/NEWS
+++ b/NEWS
+release/005.001 (2016-12-07)
+
+    Add "path" attributes to several exec resources. This will be required
+    in the next version of Puppet [adamhl].
+
 release/005.000 (2016-11-21)

    This release has a number of breaking changes.

-    [duo] base::duo has been completely reworked into a type plus a common 
-    class.  Clients which use Duo for their own purposes should create an 
-    instance of base::duo::config, which will create a Duo PAM config file for 
+    [duo] base::duo has been completely reworked into a type plus a common
+    class.  Clients which use Duo for their own purposes should create an
+    instance of base::duo::config, which will create a Duo PAM config file for
    them to use.  See README.duo for more information.

-    [ipmi] A complete rework of base::ipmi.      The base::noipmi class no 
-    longer exists.  Instead, IPMI support should be disabled by setting 
-    base::ipmi::ensure to "absent".  IPMI kernel modules, and ipmievd, should 
+    [ipmi] A complete rework of base::ipmi.      The base::noipmi class no
+    longer exists.  Instead, IPMI support should be disabled by setting
+    base::ipmi::ensure to "absent".  IPMI kernel modules, and ipmievd, should
    still be automatically disabled on virtual systems, even when
-    "ensure => present"; in those cases, the IPMI client tools will still be 
+    "ensure => present"; in those cases, the IPMI client tools will still be
    installed.  Code has been updated for Debian 8 and Ubuntu 16.04.

-    [os/debian] All aptitude operations are now performed in a new phase, 
-    called "aptitude".  The "aptitude" phase is configured to run before 
+    [os/debian] All aptitude operations are now performed in a new phase,
+    called "aptitude".  The "aptitude" phase is configured to run before
    "main".

    Clients which rely on aptitude being up-to-date must no longer
-    "require => Exec['aptitude update']".  The nature of Puppet phases will 
+    "require => Exec['aptitude update']".  The nature of Puppet phases will
    ensure that aptitude is already updated.

-    Clients installing their own custom sources are advised to move all of that 
-    into separate classes, and to put those classes into a new phase of their 
+    Clients installing their own custom sources are advised to move all of that
+    into separate classes, and to put those classes into a new phase of their
    own.  This new phase should "require => Phase['aptitude']" and
    "before => Phase['main']", to ensure proper execution sequencing.

    [os/debian] Add two Hiera-configurable parameters to base::os::debian::apt:

-    * apt_cache_notin_tmp.  If true, use a different directory to store package 
+    * apt_cache_notin_tmp.  If true, use a different directory to store package
    scripts that need to be run during package install/upgrade.

-    * apt_cache_tmp_dir.  When apt_cache_notin_tmp is true, this is the 
+    * apt_cache_tmp_dir.  When apt_cache_notin_tmp is true, this is the
    directory to use for package scripts.

    [postfix/sender] A new type: base::postfix::sender.  This is similar to
-    base::postfix::recipient, except it is used to rewrite sender addresses 
+    base::postfix::recipient, except it is used to rewrite sender addresses
    instead of recipient addresses.

-    It is suggested that clients use base::postfix::sender to ensure that 
-    emails sent 'from' "root@stanford.edu" or "root@hostname.stanford.edu" are 
-    instead being sent 'from' either "noreply@stanford.edu" or 
+    It is suggested that clients use base::postfix::sender to ensure that
+    emails sent 'from' "root@stanford.edu" or "root@hostname.stanford.edu" are
+    instead being sent 'from' either "noreply@stanford.edu" or
    "shared-mailbox@stanford.edu".

-    [ssh] A fairly large rework of SSH code.  Support has been added for 
-    treating "alternate accounts" (.root, .admin, root., and admin.) the same 
-    as root.  Code has also been updated to account for changes to base::duo.  
-    Support has also been added to completely disable password authentication.  
-    Support for Ed25519 keys is also included (though disabled by default).  
-    Finally, pam_afs is now configurable: It can be disabled on systems that do 
+    [ssh] A fairly large rework of SSH code.  Support has been added for
+    treating "alternate accounts" (.root, .admin, root., and admin.) the same
+    as root.  Code has also been updated to account for changes to base::duo.
+    Support has also been added to completely disable password authentication.
+    Support for Ed25519 keys is also included (though disabled by default).
+    Finally, pam_afs is now configurable: It can be disabled on systems that do
    not use AFS.

    See README.ssh for more information on how to use the code.

-    [sudo] Complete rework of base::sudo, including configurable support for 
-    Duo.  Anyone in the "sudo" or "wheel" group gets sudo access.  If Duo is 
-    enabled, anyone on a specified list is able to sudo without a password, but 
-    with a two-step run.  Fail-secure is supported, as is using the GECOS field 
+    [sudo] Complete rework of base::sudo, including configurable support for
+    Duo.  Anyone in the "sudo" or "wheel" group gets sudo access.  If Duo is
+    enabled, anyone on a specified list is able to sudo without a password, but
+    with a two-step run.  Fail-secure is supported, as is using the GECOS field
    to specify the username that Puppet should actually use.

    See README.sudo for more information on how to use the code.
@@ -71,20 +76,20 @@ release/005.000 (2016-11-21)
 release/004.063 (2016-10-17)

    [ipmi] EL package requires (like EL6, EL7 only has available OpenIPMI,
-    and not OpenIPMI-tools. (jlent)  Fix ipmievd configuration for Ubuntu. 
+    and not OpenIPMI-tools. (jlent)  Fix ipmievd configuration for Ubuntu.
    (akkornel)

-    [os] Update the Ubuntu-to-Debian mapping. (akkornel)  Enable the 
-    debian-stanford backports for Unbuntu distros based on Wheezy and Jessie.  
+    [os] Update the Ubuntu-to-Debian mapping. (akkornel)  Enable the
+    debian-stanford backports for Unbuntu distros based on Wheezy and Jessie.
    (akkornel)  Also add additional Ubuntu-specific backports. (akkornel)
    Also remove daemontools as a default install on systemd Ubuntu. (akkornel)

-    [ntp] Add the SRCF time server, make sure NTP is installed, and disable 
+    [ntp] Add the SRCF time server, make sure NTP is installed, and disable
    systemd-timesyncd on RHEL 8.

    [xinetd] Make sure inetd is removed before xinetd is installed. (akkornel)

-    [wallet] Make sure the base::wallet::client class is included when 
+    [wallet] Make sure the base::wallet::client class is included when
    required. (akkornel)

 release/004.062 (2016-06-03)

--- a/manifests/postfix/map.pp
+++ b/manifests/postfix/map.pp
@@ -50,6 +50,7 @@ define base::postfix::map(
    # both because a command with a creates stanza won't run even if notified
    # if that file already exists.
    exec { "${command} ${type}:${name} initial":
+      path    => '/bin:/usr/sbin:/usr/bin',
      command => "${command} ${type}:${name}",
      creates => "${name}.db",
      require => [ File[$name], File['/etc/postfix/main.cf'],
@@ -57,6 +58,7 @@ define base::postfix::map(
    }
    exec { "${command} ${type}:${name}":
      refreshonly => true,
+      path        => '/bin:/usr/sbin:/usr/bin',
      command     => "${command} ${type}:${name}",
      require     => [ File['/etc/postfix/main.cf'], Package['postfix'] ],
    }

--- a/manifests/postfix/recipient.pp
+++ b/manifests/postfix/recipient.pp
@@ -25,6 +25,7 @@ define base::postfix::recipient(
  case $ensure {
    'absent': {
      exec { "rm-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
        command => "sed -i -e '/^${name}/d' ${file}",
        onlyif  => "grep ${pattern} ${file}",
        notify  => Exec["postmap hash:${file}"]
@@ -33,12 +34,14 @@ define base::postfix::recipient(
    default: {
      $line = "${name} ${ensure}"
      exec { "add-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
        command => "echo '${line}' >> ${file}",
        unless  => "grep ${pattern} ${file}",
        require => Package['postfix'],
        notify  => Exec["postmap hash:${file}"],
      }
      exec { "fix-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
        command => "sed -i -e 's/^${name}..*\$/${line}/' ${file}",
        unless  => "grep '^${line}\$' ${file}",
        require => Exec["add-recipient-${name}"],

--- a/manifests/sysctl.pp
+++ b/manifests/sysctl.pp
@@ -19,6 +19,7 @@ define base::sysctl($ensure) {
    case $ensure {
        absent: {
            exec { "rm-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                command => "sed -i -e '/^$name/d' $filename",
                onlyif  => "grep '^[^#]' $filename | grep ^$name"
            }
@@ -26,11 +27,13 @@ define base::sysctl($ensure) {
        default: {
            $line = "$name = $ensure"
            exec { "add-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                command => "echo '$line' >> $filename",
                unless  => "grep '^$name' $filename",
                notify  => Exec["reload sysctl.conf"]
            }
            exec { "fix-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                command => "sed -i -e '/^$name/d' $filename; echo '$line' >> $filename",
                unless  => "grep '^$name[[:space:]]*=[[:space:]]*$ensure' $filename",
                require => Exec["add-sysctl-$name"],
@@ -63,4 +66,4 @@ class base::sysctl::tcp_keepalive {
        "net.ipv4.tcp_keepalive_probes": ensure => 20;
        "net.ipv4.tcp_keepalive_time":   ensure => 600;
    }
-}
\ No newline at end of file
+}