subscribe and require with exec
Casey Deccio
I'd like to be able to use subscribe with exec to refresh when files change, but I'd like each refresh to be dependent on another exec--e.g., to test configuration syntax. The closest I've been able to come is what I have below (I've removed some of the rest of the detail), but the problem is that reload-squid will get triggered every time check-squid runs, regardless of undesired return status. I've tried a few other variants, with similar success. Any other ideas? The ideal option would be to restore from backup if a particular exec fails. Is anything like that available or in the roadmap?
Regards,
Casey
---------
class squid {
file { "squid.conf":
path => "/etc/squid/squid.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
source => [
"puppet://$server/squid/squid.conf"
],
}
exec { "check-squid":
command => "/usr/sbin/squid -k parse",
subscribe => File["squid.conf"],
refreshonly => true,
}
exec { "reload-squid":
command => "/etc/init.d/squid reload",
subscribe => Exec["check-squid"],
refreshonly => true,
}
}
RijilV
In this case you could be kinda sneaky and use the 'onlyif' parameter:
exec { "reload-squid":
command => "/etc/init.d/squid reload",
subscribe => Exec["check-squid"],
refreshonly => true,
}
Though in all honesty your init script should be doing that check (the one I just looked at for my setup does) so you could just you the service type.
.r'
Casey Deccio
In this case you could be kinda sneaky and use the 'onlyif' parameter:onlyif => "/usr/sbin/squid -k parse",
exec { "reload-squid":
command => "/etc/init.d/squid reload",
subscribe => Exec["check-squid"],
refreshonly => true,
}
Though in all honesty your init script should be doing that check (the one I just looked at for my setup does) so you could just you the service type.
Hi RijilV,
Both points are true. I could use onlyif and/or depend on my init script. However, there may be other puppet dependencies that fail. For example, let's assume the following:
class squid::squidguard inherits squid {
file { "squidguard.conf":
path => "/etc/squid/squidguard.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
source => [
],
}
exec { "rebuild-squidguard-db":
command => "/usr/bin/squidGuard -C all",
subscribe => File["squidguard.conf"],
refreshonly => true,
}
Exec["reload-squid"] {
subscribe +> Exec["rebuild-squidguard-db"],
}
}
In this case, the squid -k parse would pass, and the squid init script would exit successfully, so squid would never detect a problem. However, squid would have problems functioning at run time (i.e., sending to the redirector) if the squidguard.conf file was invalid, or if the db files were built incorrectly. I could, of course, add this to squid's onlyif statement as well, but it's not as self-contained. Dependencies on other puppet type instances has great utility.
On a semi-related note, transactional support is mentioned briefly on http://reductivelabs.com/trac/puppet/wiki/TypeReference . Does transactional support aim to solve what I'm trying to do (i.e., automatically prevent bad configurations from entering and/or restore previous configuration if something fails)?
Regards,
Casey
Casey Deccio
> In this case, the squid -k parse would pass, and the squid init script would
> exit successfully, so squid would never detect a problem. However, squid
> would have problems functioning at run time (i.e., sending to the
> redirector) if the squidguard.conf file was invalid, or if the db files were
> built incorrectly. I could, of course, add this to squid's onlyif statement
> as well, but it's not as self-contained. Dependencies on other puppet type
> instances has great utility.
>
> On a semi-related note, transactional support is mentioned briefly on
> http://reductivelabs.com/trac/puppet/wiki/TypeReference . Does
> transactional support aim to solve what I'm trying to do (i.e.,
> automatically prevent bad configurations from entering and/or restore
> previous configuration if something fails)?
Well, here's what I ended up with. It's kind of hack, but I don't see
a better way at the moment to foolproof it.
class squid {
$bak_ext = ".puppet-bak"
package { "squid":
ensure => installed
}
file { "squid.conf":
path => "/etc/squid/squid.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
backup => $bak_ext,
source => [
"puppet:///squid/squid/config/squid.conf"
],
}
service { "squid":
ensure => running,
hasstatus => true,
hasrestart => true,
require => [ Package["squid"], File["squid.conf"] ]
}
exec { "reload-squid":
command =>
"/usr/sbin/squid -k parse && /etc/init.d/squid reload ||
( /bin/cp -pr /etc/squid/squid.conf{${bak_ext},}
/usr/sbin/squid -k parse && /etc/init.d/squid
reload && /bin/false )",
subscribe => File["squid.conf"],
refreshonly => true,
}
exec { "cleanup-squid":
command => "/bin/rm -f /etc/squid/squid.conf${bak-ext}",
subscribe => Exec["reload-squid"],
refreshonly => true,
}
}
class squid::squidguard inherits squid {
package { "squidguard":
ensure => installed
}
file { "squidguard.conf":
path => "/etc/squid/squidguard.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
backup => $bak_ext,
source => [
"puppet:///squid/squidguard/config/squidguard.conf"
],
}
file { "blacklists":
path => "/var/lib/squidguard/blacklists",
ensure => directory,
owner => "root",
group => "squid",
mode => 0640,
recurse => true,
ignore => ".svn",
backup => $bak_ext,
source => [
"puppet:///squid/squidguard/blacklists"
],
}
exec { "rebuild-squidguard-db":
command =>
"/usr/bin/squidGuard -C all ||
( /bin/cp -pr /etc/squid/squidguard.conf{${bak_ext},}
for i in `find /var/lib/squidguard/blacklists
-name '*${bak_ext}'`; do
cp -pr \$i \${i%${bak_ext}}
done
/usr/bin/squidGuard -C all && /bin/false )",
subscribe => [ File["squidguard.conf"], File["blacklists"] ],
refreshonly => true,
}
exec { "apply-squidguard-diffs":
command => "/usr/bin/squidGuard -u",
subscribe => Exec["rebuild-squidguard-db"],
refreshonly => true,
}
exec { "cleanup-squidguard":
command => "/bin/rm -f /etc/squid/squidguard.conf${bak_ext}
/bin/rm -f `find
/var/lib/squidguard/blacklists -name '*${bak_ext}'` || /bin/true",
subscribe => Exec["reload-squid"],
refreshonly => true,
}
Service["squid"] {
require +> [ Package["squidguard"], File["squidguard.conf"],
File["blacklists"] ]
}
Exec["reload-squid"] {
subscribe +> [ Exec["rebuild-squidguard-db"],
Exec["apply-squidguard-diffs"] ],
}
}