Running an exec after another exec fails

[Jist Anidiot]

I'm using puppet to manage /etc/sysctl.conf on my RHEL 6 boxes.

I'm doing something very similar to http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas#/etc/sysctl.conf

The problem is sysctl -p on RHEL 6 gives:

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key

This is apparently not a bug according to RH since these values have to be there in case you load the bridge module.  

Now I could modify the exec that runs sysctl after updating the .conf file by adding -e however I'd still like to know if I have unknown keys.

I'm thinking I'd like to run the normal sysctl -p and if that has an error for puppet to give a notice not an error and then run sysctl -e -p.  If that gives an error then puppet should give an error message.   Is there any way to set something like this up?

Thanks in advance.

[jcbollinger]

Puppet does not provide a mechanism for falling back to a different resource or otherwise customizing the response to a resource failure.

I submit that pushing out a new sysctl configuration into production is not a good way to test it.  If you push it out to a test system instead then you don't need an automated fallback.  If the sysctls must not fail to apply on your production systems then you should always use -e for those systems.


John