Hi,
I''d like to be able to use subscribe with exec to refresh when files
change,
but I''d like each refresh to be dependent on another exec--e.g., to
test
configuration syntax. The closest I''ve been able to come is what I
have
below (I''ve removed some of the rest of the detail), but the problem is
that
reload-squid will get triggered every time check-squid runs, regardless of
undesired return status. I''ve tried a few other variants, with similar
success. Any other ideas? The ideal option would be to restore from backup
if a particular exec fails. Is anything like that available or in the
roadmap?
Regards,
Casey
---------
class squid {
file { "squid.conf":
path => "/etc/squid/squid.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
source => [
"puppet://$server/squid/squid.conf"
],
}
exec { "check-squid":
command => "/usr/sbin/squid -k parse",
subscribe => File["squid.conf"],
refreshonly => true,
}
exec { "reload-squid":
command => "/etc/init.d/squid reload",
subscribe => Exec["check-squid"],
refreshonly => true,
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
2008/11/13 Casey Deccio <casey@deccio.net>> Hi, > > I''d like to be able to use subscribe with exec to refresh when files > change, but I''d like each refresh to be dependent on another exec--e.g., to > test configuration syntax. The closest I''ve been able to come is what I > have below (I''ve removed some of the rest of the detail), but the problem is > that reload-squid will get triggered every time check-squid runs, regardless > of undesired return status. I''ve tried a few other variants, with similar > success. Any other ideas? The ideal option would be to restore from backup > if a particular exec fails. Is anything like that available or in the > roadmap? > > Regards, > Casey > > --------- > > class squid { > file { "squid.conf": > path => "/etc/squid/squid.conf", > ensure => file, > owner => "root", > group => "squid", > mode => 0640, > source => [ > "puppet://$server/squid/squid.conf" > ], > } > exec { "check-squid": > command => "/usr/sbin/squid -k parse", > subscribe => File["squid.conf"], > refreshonly => true, > } > exec { "reload-squid": > command => "/etc/init.d/squid reload", > subscribe => Exec["check-squid"], > refreshonly => true, > } > } > >In this case you could be kinda sneaky and use the ''onlyif'' parameter: exec { "reload-squid": command => "/etc/init.d/squid reload", subscribe => Exec["check-squid"], refreshonly => true, onlyif => "/usr/sbin/squid -k parse", } Though in all honesty your init script should be doing that check (the one I just looked at for my setup does) so you could just you the service type. .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Fri, Nov 14, 2008 at 8:43 AM, RijilV <rijilv@riji.lv> wrote:> In this case you could be kinda sneaky and use the ''onlyif'' parameter: > > exec { "reload-squid": > command => "/etc/init.d/squid reload", > subscribe => Exec["check-squid"], > refreshonly => true, > onlyif => "/usr/sbin/squid -k parse", > } > > Though in all honesty your init script should be doing that check (the one > I just looked at for my setup does) so you could just you the service type. >Hi RijilV, Both points are true. I could use onlyif and/or depend on my init script. However, there may be other puppet dependencies that fail. For example, let''s assume the following: class squid::squidguard inherits squid { file { "squidguard.conf": path => "/etc/squid/squidguard.conf", ensure => file, owner => "root", group => "squid", mode => 0640, source => [ "puppet:///squid/squidguard/config/squidguard.conf" ], } exec { "rebuild-squidguard-db": command => "/usr/bin/squidGuard -C all", subscribe => File["squidguard.conf"], refreshonly => true, } Exec["reload-squid"] { subscribe +> Exec["rebuild-squidguard-db"], } } In this case, the squid -k parse would pass, and the squid init script would exit successfully, so squid would never detect a problem. However, squid would have problems functioning at run time (i.e., sending to the redirector) if the squidguard.conf file was invalid, or if the db files were built incorrectly. I could, of course, add this to squid''s onlyif statement as well, but it''s not as self-contained. Dependencies on other puppet type instances has great utility. On a semi-related note, transactional support is mentioned briefly on http://reductivelabs.com/trac/puppet/wiki/TypeReference . Does transactional support aim to solve what I''m trying to do (i.e., automatically prevent bad configurations from entering and/or restore previous configuration if something fails)? Regards, Casey --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Fri, Nov 14, 2008 at 9:11 AM, Casey Deccio <casey@deccio.net> wrote:> In this case, the squid -k parse would pass, and the squid init script would > exit successfully, so squid would never detect a problem. However, squid > would have problems functioning at run time (i.e., sending to the > redirector) if the squidguard.conf file was invalid, or if the db files were > built incorrectly. I could, of course, add this to squid''s onlyif statement > as well, but it''s not as self-contained. Dependencies on other puppet type > instances has great utility. > > On a semi-related note, transactional support is mentioned briefly on > http://reductivelabs.com/trac/puppet/wiki/TypeReference . Does > transactional support aim to solve what I''m trying to do (i.e., > automatically prevent bad configurations from entering and/or restore > previous configuration if something fails)?Well, here''s what I ended up with. It''s kind of hack, but I don''t see a better way at the moment to foolproof it. class squid { $bak_ext = ".puppet-bak" package { "squid": ensure => installed } file { "squid.conf": path => "/etc/squid/squid.conf", ensure => file, owner => "root", group => "squid", mode => 0640, backup => $bak_ext, source => [ "puppet:///squid/squid/config/squid.conf" ], } service { "squid": ensure => running, hasstatus => true, hasrestart => true, require => [ Package["squid"], File["squid.conf"] ] } exec { "reload-squid": command => "/usr/sbin/squid -k parse && /etc/init.d/squid reload || ( /bin/cp -pr /etc/squid/squid.conf{${bak_ext},} /usr/sbin/squid -k parse && /etc/init.d/squid reload && /bin/false )", subscribe => File["squid.conf"], refreshonly => true, } exec { "cleanup-squid": command => "/bin/rm -f /etc/squid/squid.conf${bak-ext}", subscribe => Exec["reload-squid"], refreshonly => true, } } class squid::squidguard inherits squid { package { "squidguard": ensure => installed } file { "squidguard.conf": path => "/etc/squid/squidguard.conf", ensure => file, owner => "root", group => "squid", mode => 0640, backup => $bak_ext, source => [ "puppet:///squid/squidguard/config/squidguard.conf" ], } file { "blacklists": path => "/var/lib/squidguard/blacklists", ensure => directory, owner => "root", group => "squid", mode => 0640, recurse => true, ignore => ".svn", backup => $bak_ext, source => [ "puppet:///squid/squidguard/blacklists" ], } exec { "rebuild-squidguard-db": command => "/usr/bin/squidGuard -C all || ( /bin/cp -pr /etc/squid/squidguard.conf{${bak_ext},} for i in `find /var/lib/squidguard/blacklists -name ''*${bak_ext}''`; do cp -pr \$i \${i%${bak_ext}} done /usr/bin/squidGuard -C all && /bin/false )", subscribe => [ File["squidguard.conf"], File["blacklists"] ], refreshonly => true, } exec { "apply-squidguard-diffs": command => "/usr/bin/squidGuard -u", subscribe => Exec["rebuild-squidguard-db"], refreshonly => true, } exec { "cleanup-squidguard": command => "/bin/rm -f /etc/squid/squidguard.conf${bak_ext} /bin/rm -f `find /var/lib/squidguard/blacklists -name ''*${bak_ext}''` || /bin/true", subscribe => Exec["reload-squid"], refreshonly => true, } Service["squid"] { require +> [ Package["squidguard"], File["squidguard.conf"], File["blacklists"] ] } Exec["reload-squid"] { subscribe +> [ Exec["rebuild-squidguard-db"], Exec["apply-squidguard-diffs"] ], } } --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---