Puppet users - Oct 2008 - Force backup of files modified outside of puppet's File Type

I''m using the SimpleText recipe and Augeas plugin to modify files in
place.  I''d like to notify the appropriate File resource that a
modification is about to take place so puppet can backup the file. Maybe
this is already possible but I haven''t found any examples or
documentation on how to accomplish this.  I think a natural way to do
this would be to use the subscribe or notify parameters, something like
this.

class sshd {
  package { "openssh-server": ensure => installed }

  file { "sshd_config":
    name => $operatingsystem ? {
      default => "/etc/ssh/sshd_config"
    },
  }

  service { "sshd":
    name => $operatingsystem ? {
      default => sshd
    },
    hasrestart => true,
    hasstatus => true,
    ensure    => running,
    subscribe => [Package["openssh-server"],
File["sshd_config"]]
  }

  augeas {
    "sshd_config_port" :
      notify => [ Service["sshd"], File["sshd_config"] ]
      context => "/files/etc/ssh/sshd_config",
      changes => "set Port 22",
      onlyif  => "get Port != 22",
  }
}

-- 
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
jnimety@perimeterusa.com
http://www.perimeterusa.com



--
 The sender of this email subscribes to Perimeter eSecurity''s email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Oct 11, 2008, at 11:46 AM, Joel Nimety wrote:
>
> I''m using the SimpleText recipe and Augeas plugin to modify files
in
> place.  I''d like to notify the appropriate File resource that a
> modification is about to take place so puppet can backup the file.  
> Maybe
> this is already possible but I haven''t found any examples or
> documentation on how to accomplish this.  I think a natural way to do
> this would be to use the subscribe or notify parameters, something  
> like
> this.
>
> class sshd {
>  package { "openssh-server": ensure => installed }
>
>  file { "sshd_config":
>    name => $operatingsystem ? {
>      default => "/etc/ssh/sshd_config"
>    },
>  }
>
>  service { "sshd":
>    name => $operatingsystem ? {
>      default => sshd
>    },
>    hasrestart => true,
>    hasstatus => true,
>    ensure    => running,
>    subscribe => [Package["openssh-server"],
File["sshd_config"]]
>  }
>
>  augeas {
>    "sshd_config_port" :
>      notify => [ Service["sshd"],
File["sshd_config"] ]
>      context => "/files/etc/ssh/sshd_config",
>      changes => "set Port 22",
>      onlyif  => "get Port != 22",
>  }
> }

The problem with this is that by the time the ''file'' resource
has
gotten the ''notify'' message, the file''s already been
changed so it''s
too late to back it up.

You''d either need your type to somehow track the files it''s
going to
change and back them up (which is what the ParsedFile types do), or  
you''d need Puppet, as a whole, to keep track of files that *might*  
change, back them up preemptively, and then remove any backups that  
aren''t needed.  Or something like that.

Either way, this isn''t easy.

-- 
I went to a restaurant that serves "breakfast at anytime". So I
ordered French Toast during the Renaissance. -- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Luke Kanies wrote:
> On Oct 11, 2008, at 11:46 AM, Joel Nimety wrote:
> 
> 
> 
> The problem with this is that by the time the ''file''
resource has
> gotten the ''notify'' message, the file''s already
been changed so it''s
> too late to back it up.
> 
> You''d either need your type to somehow track the files
it''s going to
> change and back them up (which is what the ParsedFile types do), or
> you''d need Puppet, as a whole, to keep track of files that *might*
> change, back them up preemptively, and then remove any backups that
> aren''t needed.  Or something like that.
> 
> Either way, this isn''t easy.
How about a pre-notify meta parameter?  Leave it to the external tool
(augeas, exec, whatever) to decide if a file is about to be changed and
notify the File resource beforehand.  The File type would backup the
file, no questions asked if notified to do so.

-- 
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
jnimety@perimeterusa.com
http://www.perimeterusa.com



--
 The sender of this email subscribes to Perimeter eSecurity''s email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Oct 13, 2008, at 10:24 AM, Joel Nimety wrote:
>
>
>
> Luke Kanies wrote:
>> On Oct 11, 2008, at 11:46 AM, Joel Nimety wrote:
>>
>>
>>
>> The problem with this is that by the time the ''file''
resource has
>> gotten the ''notify'' message, the file''s
already been changed so it''s
>> too late to back it up.
>>
>> You''d either need your type to somehow track the files
it''s going to
>> change and back them up (which is what the ParsedFile types do), or
>> you''d need Puppet, as a whole, to keep track of files that
*might*
>> change, back them up preemptively, and then remove any backups that
>> aren''t needed.  Or something like that.
>>
>> Either way, this isn''t easy.
>
> How about a pre-notify meta parameter?  Leave it to the external tool
> (augeas, exec, whatever) to decide if a file is about to be changed  
> and
> notify the File resource beforehand.  The File type would backup the
> file, no questions asked if notified to do so.
That would be a completely new subsystem to transactions -- instant  
action.  The ''notify'' and ''subscribe''
mechanisms all just involve
queues.

I''m not entirely convinced that''s the right solution, since
it''s not
come up before; I''d prefer to find a way to fit it into the current  
design, rather than adding new functionality.

The augeas type could do this itself, of course -- automatically back  
up any files it should be notifying -- without adding a new subsystem.

-- 
Now and then an innocent man is sent to the legislature.
     --Kin Hubbard
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Luke Kanies wrote:
> On Oct 13, 2008, at 10:24 AM, Joel Nimety wrote:
> 
> 
> That would be a completely new subsystem to transactions -- instant
> action.  The ''notify'' and ''subscribe''
mechanisms all just involve
> queues.
> 
> I''m not entirely convinced that''s the right solution,
since it''s not
> come up before; I''d prefer to find a way to fit it into the
current
> design, rather than adding new functionality.
I don''t know anything of the puppet internals so I can''t speak
to the
complexity of any internal solution. But, I do think a puppet specific
solution would be very useful and has some compelling advantages.

 * Allows for consistent and standardized backups via filebucket
 * Can be used by any custom type or exec, no duplication of code
> The augeas type could do this itself, of course -- automatically back
> up any files it should be notifying -- without adding a new subsystem.
Are you suggesting I can add a backup call in the augeas plugin?  I
hadn''t considered that.  What about "SimpleText" file edits?

-- 
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
jnimety@perimeterusa.com
http://www.perimeterusa.com



--
 The sender of this email subscribes to Perimeter eSecurity''s email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, 2008-10-13 at 12:19 -0400, Joel Nimety wrote:
> > The augeas type could do this itself, of course -- automatically back
> > up any files it should be notifying -- without adding a new subsystem.
> 
> Are you suggesting I can add a backup call in the augeas plugin?  I
> hadn''t considered that.  What about "SimpleText" file
edits?
I think the cleanest solution would be if the augeas plugin does the
backup. You can tell aug_init to either create new files with
extension .augnew or save the original file with extension .augsave -
either way, the plugin could detect the presence of those files and then
call into puppet''s backup internals to send the file to the filebucket.

David



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Oct 13, 2008, at 11:19 AM, Joel Nimety wrote:
>
>
>
> Luke Kanies wrote:
>> On Oct 13, 2008, at 10:24 AM, Joel Nimety wrote:
>>
>>
>> That would be a completely new subsystem to transactions -- instant
>> action.  The ''notify'' and
''subscribe'' mechanisms all just involve
>> queues.
>>
>> I''m not entirely convinced that''s the right solution,
since it''s not
>> come up before; I''d prefer to find a way to fit it into the
current
>> design, rather than adding new functionality.
>
> I don''t know anything of the puppet internals so I can''t
speak to the
> complexity of any internal solution. But, I do think a puppet specific
> solution would be very useful and has some compelling advantages.
>
> * Allows for consistent and standardized backups via filebucket
> * Can be used by any custom type or exec, no duplication of code
It''s just that the ordering you''re describing would be quite  
complicated, and I''m not sure it''s worth it.
>
>> The augeas type could do this itself, of course -- automatically back
>> up any files it should be notifying -- without adding a new  
>> subsystem.
>
> Are you suggesting I can add a backup call in the augeas plugin?  I
> hadn''t considered that.  What about "SimpleText" file
edits?

Yes, you can easily use a filebucket to do the backup yourself.  Look  
at the handlebackup method (which is certainly more complicated than  
it needs to be) in type/file.rb.

I don''t know what SimpleText file edits are, so I can''t hel
pyou there.

-- 
I respect faith, but doubt is what gets you an education.
     -- Wilson Mizner
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---