Feeding errors back from custom ENC scripts

[David Gordon]

Hi All,

I'm looking at integrating our Puppet 2.7.21 setup with an internal change management system.  Essentially I need the master to check there is an open change window for a given node, and fail the run if not.

I don't want to have to have a custom configuration on all the nodes (and this probably wouldn't be secure anyway), so plugging this check in during the ENC stage seemed to make sense to me.

I'd like to be able to fail the run with a message back to the agent e.g. 'no valid change window open'.  The problem is, as far as I can see, it is not possible to propagate any custom errors back to the master.  It looks like the only error is e.g. 'could not find node xxx' or similar.  Even replacing the terminus with a custom one doesn't appear to help as this cover-all error looks to be generated in the catalogue compiler.

Does this sound right? Anyone got an ideas if it would be possible to fail runs with a custom error from within the puppet master?  Failing from within the manifests themselves wouldn't be an option as they are under the control of the users, and so the check could be circumvented.

Dave

[jcbollinger]

Do you need a bona fide error to be generated, or would it be sufficient to deliver a catalog containing only a notification message?  For example, given the following class available on your master,

class site::no_window {
  notify { 'no valid change window open': }
}

, if the ENC determines that it is outside any change window for the target node then its output can be simply

classes:
  - site::no_window

.  Supposing that you have neither any global declarations nor a node block for the target node, that will result in no changes to the target, except possibly Puppet plugin synchronization.  The notify message will appear in Puppet's output.


John