Conditional actions based on result of other actions?

[buoyant_puppy]

How can I get the result of an action and use it conditionally in my code? As a very simple example:

package { "wget" : ensure => 'present' }
# if that failed, do X

To put this in context, some actual use cases I have:
- attempt to register an agent to a remote service and if that fails, open a ticket via an API so it can be manually resolved
- attempt to create an LV and if that fails, call another module that adds some new LUNs to my host, extend VG etc...
- ensure some critical service is running, but in case of any error raise an alert via the standard alert API
- when applying some security-related code, confirm success/failure to a compliance product API

[Peter Faller]

Puppet resources have metaparameters like 'notify', 'subscribe', 'before', 'require' that make it possible to make things happen in the desired sequence; so it is possible to have 'exec' resources that trigger on some conditions.

It might be going a bit beyond the intention of Puppet; but you could create a file if an error occurs, and then test using 'onlyif' in an 'exec' to create a ticket if the file exists.

Or you can create custom modules and implement the logic in Ruby code.

[John Gelnaw]

Most of your examples we handle through something like ossec and a monitoring package, but you could theoretically do something like:

require pkg::wget

if (! defined(Package['wget']))  {
  exec 'command':  {
  }
}

... which *should* require the resource 'pkg::wget' to be compiled first, and then test for the package to be defined.

Unfortunately, my personal experience is that while puppet is very good at using conditional logic to generate a catalog, it's not very good at generating a catalog that contains conditional logic.

However, the idea of an "onFailure" meta-parameter intrigues me-- similar to notify, but only triggers the target resource if the source resource fails.

[buoyant_puppy]

On Thursday, December 28, 2017 at 2:10:22 AM UTC+1, John Gelnaw wrote:

... which *should* require the resource 'pkg::wget' to be compiled first, and then test for the package to be defined.

Thanks, that may work in some cases. I'm still trying to find a more general approach, though.
 

Unfortunately, my personal experience is that while puppet is very good at using conditional logic to generate a catalog, it's not very good at generating a catalog that contains conditional logic.

However, the idea of an "onFailure" meta-parameter intrigues me-- similar to notify, but only triggers the target resource if the source resource fails.

That's exactly what I'm looking for. If I take my past experience with tools like cfengine and ansible, I use this constantly. The declarative approach works fine for most things but conditional logic is often needed for corrective actions. Another example, there's a product I install that has a certain common issue during install time. I just can't make it never have that install issue - it's a vendor product - but it's very easy for me (in a script, ansible, cfengine, etc) to catch that the install failed, attempt a corrective action that works 90% of the time, then check if that worked, and if not, send an alert.
At the moment it looks like the only easy general solution is to just run the whole thing through an exec script, which feels like a big step backwards.

I'm wondering if I can pull the failures out of puppetdb and use that somehow. I'm looking into that next.