| There are various scenarios in which catalog and plugins may not match:
- plugins are sync-ed while new catalog cannot be retrieved and cached catalog is used instead
- plugins are partially sync-ed, using new or cached catalog may both lead to inconsistencies
To fix this plugins need to be downloaded in an atomic way. One option is to create a secure directory with the same parent as Puppet[:libdir] and use it to pluginsync. To avoid downloading files we already have, you'd have to copy everything from Puppet[:libdir] to libnew. So maybe something like: 1. create lib.new using ruby equivalent of mktemp -d lib.new and restrict permissions so only the current user can write
2. Pluginsync to lib.new
3. Rename Puppet[:libdir] to lib.old
4. Rename lib.new to Puppet[:libdir]
5. Delete lib.old recursively It's possible for puppet to crash/ctrl-c between any of those points. If it occurs between 3 and 4, then puppet will have lost all of its plugins. To account for that, if puppet starts and lib.old exists, but Puppet[:libdir] doesn't, then have recover its plugins by renaming lib.old to Puppet[:libdir]. If the crash occurs between 4 and 5, then the new plugins have been committed. So when puppet starts, if Puppet[:libdir] exists, have it delete the stale lib.old. |
