Defined Type: kerberos::exec

Defined in:
modules/kerberos/manifests/exec.pp

Overview

SPDX-License-Identifier: Apache-2.0

Define kerberos::exec

In order to make puppet execs work with a Kerberized cluster we found out that the easiest solution is to execute a wrapper that just runs kinit before executing any command that needs authentication.

Parameters:

  • command (Any)
  • user (Any)
  • logoutput (Any) (defaults to: undef)
  • timeout (Any) (defaults to: undef)
  • unless (Any) (defaults to: undef)
  • creates (Any) (defaults to: undef)
  • refreshonly (Any) (defaults to: undef)
  • path (Any) (defaults to: undef) 


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'modules/kerberos/manifests/exec.pp', line 9

define kerberos::exec(
    $command,
    $user,
    $logoutput = undef,
    $timeout = undef,
    $unless = undef,
    $creates = undef,
    $refreshonly = undef,
    $path = undef,
) {

    require ::kerberos::wrapper

    # To ease testing in cloud/labs, there is a tunable that can be used
    # to skip the wrapper command and avoid the Kerberos authentication.
    if $::kerberos::wrapper::skip_wrapper {
        $wrapper = ''
    } else {
        $wrapper = "${kerberos::wrapper::kerberos_run_command_script} ${user} "
    }

    # 'unless' may contain a hdfs command that needs
    # authentication as well.
    if $unless {
        $unless_command = "${wrapper}${unless}"
    } else {
        $unless_command = $unless
    }

    exec { $title:
        command     => "${wrapper}${command}",
        unless      => $unless_command,
        creates     => $creates,
        refreshonly => $refreshonly,
        user        => $user,
        logoutput   => $logoutput,
        timeout     => $timeout,
        path        => $path,
    }
}