The Trifecta: correct?

155 views
Skip to first unread message

jimbob palmer

unread,
Mar 16, 2012, 10:21:56 AM3/16/12
to puppet...@googlegroups.com
The Core Types Cheat Sheet at http://projects.puppetlabs.com/projects/puppet/wiki/Core_Types_Cheat_Sheet/ says:


The Trifecta

Package/file/service: Learn it, live it, love it. If you can only do this, you can still do a lot.

package { 'openssh-server':
    ensure => installed,
}

file { '/etc/ssh/sshd_config':
    source  => 'puppet:///modules/sshd/sshd_config',
    owner   => 'root',
    group   => 'root',
    mode    => '640',
    notify  => Service['sshd'], # sshd will restart whenever you edit this file.
    require => Package['openssh-server'],
}

service { 'sshd':
    ensure => running,
    enable => true,
    hasstatus => true,
    hasrestart => true,
}


I can see two problems with this example, and rather than open a ticket I wanted to make sure I haven't overlooked something.

1. Is there any special magic requiring that the config file exist before Puppet starts the sshd service?
If not, shouldn't there be a requires in the service on the config file?

2. The sentence "sshd will restart whenever you edit this file." is a bit confusing, because it hints at puppet using some kind of inotify mechanism to restart sshd when the config file changes.
Would it be better to write that sshd will restart whenever puppet updates this file?

Nan Liu

unread,
Mar 16, 2012, 10:40:04 AM3/16/12
to puppet...@googlegroups.com
On Fri, Mar 16, 2012 at 9:21 AM, jimbob palmer <jimbob...@gmail.com> wrote:
> The Core Types Cheat Sheet at
> http://projects.puppetlabs.com/projects/puppet/wiki/Core_Types_Cheat_Sheet/
> says:
>
>
> The Trifecta
>
> Package/file/service: Learn it, live it, love it. If you can only do this,
> you can still do a lot.
>
> package { 'openssh-server':
> ensure => installed,
> }
>
> file { '/etc/ssh/sshd_config':
> source => 'puppet:///modules/sshd/sshd_config',
> owner => 'root',
> group => 'root',
> mode => '640',
> notify => Service['sshd'], # sshd will restart whenever you edit this
> file.

This ensures order and trigger service restart when the file resource changes.

> require => Package['openssh-server'],
> }
>
> service { 'sshd':
> ensure => running,
> enable => true,
> hasstatus => true,
> hasrestart => true,
> }
>
>
>
> I can see two problems with this example, and rather than open a ticket I
> wanted to make sure I haven't overlooked something.
>
> 1. Is there any special magic requiring that the config file exist before
> Puppet starts the sshd service?
> If not, shouldn't there be a requires in the service on the config file?

The notify implies the order and triggers refresh on changes.

> 2. The sentence "sshd will restart whenever you edit this file." is a bit
> confusing, because it hints at puppet using some kind of inotify mechanism
> to restart sshd when the config file changes.
> Would it be better to write that sshd will restart whenever puppet updates
> this file?

Yes, it would make mores precise to say when the user update the
config (in the module), and run puppet to update the file, it will
trigger a service restart as well.

Nan

Peter Bukowinski

unread,
Mar 16, 2012, 10:46:17 AM3/16/12
to puppet...@googlegroups.com
On Mar 16, 2012, at 10:21 AM, jimbob palmer wrote:

The Core Types Cheat Sheet at http://projects.puppetlabs.com/projects/puppet/wiki/Core_Types_Cheat_Sheet/ says:


The Trifecta

Package/file/service: Learn it, live it, love it. If you can only do this, you can still do a lot.

package { 'openssh-server':
    ensure => installed,
}

file { '/etc/ssh/sshd_config':
    source  => 'puppet:///modules/sshd/sshd_config',
    owner   => 'root',
    group   => 'root',
    mode    => '640',
    notify  => Service['sshd'], # sshd will restart whenever you edit this file.
    require => Package['openssh-server'],
}

service { 'sshd':
    ensure => running,
    enable => true,
    hasstatus => true,
    hasrestart => true,
}


I can see two problems with this example, and rather than open a ticket I wanted to make sure I haven't overlooked something.

1. Is there any special magic requiring that the config file exist before Puppet starts the sshd service?
If not, shouldn't there be a requires in the service on the config file?

A notify relationship sets up a resource chain, just as a requires does. A resource with a notify attribute will always be managed before its notify target and a resource with a requires attribute will always be managed after its require target.

2. The sentence "sshd will restart whenever you edit this file." is a bit confusing, because it hints at puppet using some kind of inotify mechanism to restart sshd when the config file changes.
Would it be better to write that sshd will restart whenever puppet updates this file?

Puppet will restart the sshd on its next run even if you've changed the config file locally. Prior to restarting the service, though, Puppet will have undone your local edits.

-- 
Peter M. Bukowinski
Sr. Systems Engineer
Janelia Farm Research Campus, HHMI

Markus Falb

unread,
Mar 16, 2012, 10:50:02 AM3/16/12
to puppet...@googlegroups.com

According to the
http://docs.puppetlabs.com/references/stable/metaparameter.html#notify
there is magic, namely the implicit 'before'.

...snip
References to one or more objects that depend on this object. This
parameter is the opposite of subscribe — it creates a dependency
relationship like before, and also causes the dependent object(s) to be
refreshed when this object is changed
snap...

but i remember vaguely that magic did not work for me not so long ago.
hmm.

--
Kind Regards, Markus Falb

signature.asc
Reply all
Reply to author
Forward
0 new messages