Force backup of files modified outside of puppet's File Type
Joel Nimety
place. I'd like to notify the appropriate File resource that a
modification is about to take place so puppet can backup the file. Maybe
this is already possible but I haven't found any examples or
documentation on how to accomplish this. I think a natural way to do
this would be to use the subscribe or notify parameters, something like
this.
class sshd {
package { "openssh-server": ensure => installed }
file { "sshd_config":
name => $operatingsystem ? {
default => "/etc/ssh/sshd_config"
},
}
service { "sshd":
name => $operatingsystem ? {
default => sshd
},
hasrestart => true,
hasstatus => true,
ensure => running,
subscribe => [Package["openssh-server"], File["sshd_config"]]
}
augeas {
"sshd_config_port" :
notify => [ Service["sshd"], File["sshd_config"] ]
context => "/files/etc/ssh/sshd_config",
changes => "set Port 22",
onlyif => "get Port != 22",
}
}
--
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
jni...@perimeterusa.com
http://www.perimeterusa.com
--
The sender of this email subscribes to Perimeter eSecurity's email
anti-virus service. This email has been scanned for malicious code and is
believed to be virus free. For more information on email security please
visit: http://www.perimeterusa.com/email-defense-content.html
This communication is confidential, intended only for the named recipient(s)
above and may contain trade secrets or other information that is exempt from
disclosure under applicable law. Any use, dissemination, distribution or
copying of this communication by anyone other than the named recipient(s) is
strictly prohibited. If you have received this communication in error, please
delete the email and immediately notify our Command Center at 203-541-3444.
Thanks
Luke Kanies
The problem with this is that by the time the 'file' resource has
gotten the 'notify' message, the file's already been changed so it's
too late to back it up.
You'd either need your type to somehow track the files it's going to
change and back them up (which is what the ParsedFile types do), or
you'd need Puppet, as a whole, to keep track of files that *might*
change, back them up preemptively, and then remove any backups that
aren't needed. Or something like that.
Either way, this isn't easy.
--
I went to a restaurant that serves "breakfast at anytime". So I
ordered French Toast during the Renaissance. -- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
Joel Nimety
Luke Kanies wrote:
> On Oct 11, 2008, at 11:46 AM, Joel Nimety wrote:
>
>
>
> The problem with this is that by the time the 'file' resource has
> gotten the 'notify' message, the file's already been changed so it's
> too late to back it up.
>
> You'd either need your type to somehow track the files it's going to
> change and back them up (which is what the ParsedFile types do), or
> you'd need Puppet, as a whole, to keep track of files that *might*
> change, back them up preemptively, and then remove any backups that
> aren't needed. Or something like that.
>
> Either way, this isn't easy.
How about a pre-notify meta parameter? Leave it to the external tool
(augeas, exec, whatever) to decide if a file is about to be changed and
notify the File resource beforehand. The File type would backup the
file, no questions asked if notified to do so.
Luke Kanies
>
>
>
> Luke Kanies wrote:
>> On Oct 11, 2008, at 11:46 AM, Joel Nimety wrote:
>>
>>
>>
>> The problem with this is that by the time the 'file' resource has
>> gotten the 'notify' message, the file's already been changed so it's
>> too late to back it up.
>>
>> You'd either need your type to somehow track the files it's going to
>> change and back them up (which is what the ParsedFile types do), or
>> you'd need Puppet, as a whole, to keep track of files that *might*
>> change, back them up preemptively, and then remove any backups that
>> aren't needed. Or something like that.
>>
>> Either way, this isn't easy.
>
> How about a pre-notify meta parameter? Leave it to the external tool
> (augeas, exec, whatever) to decide if a file is about to be changed
> and
> notify the File resource beforehand. The File type would backup the
> file, no questions asked if notified to do so.
That would be a completely new subsystem to transactions -- instant
action. The 'notify' and 'subscribe' mechanisms all just involve
queues.
I'm not entirely convinced that's the right solution, since it's not
come up before; I'd prefer to find a way to fit it into the current
design, rather than adding new functionality.
The augeas type could do this itself, of course -- automatically back
up any files it should be notifying -- without adding a new subsystem.
--
Now and then an innocent man is sent to the legislature.
--Kin Hubbard
Joel Nimety
Luke Kanies wrote:
> On Oct 13, 2008, at 10:24 AM, Joel Nimety wrote:
>
>
> That would be a completely new subsystem to transactions -- instant
> action. The 'notify' and 'subscribe' mechanisms all just involve
> queues.
>
> I'm not entirely convinced that's the right solution, since it's not
> come up before; I'd prefer to find a way to fit it into the current
> design, rather than adding new functionality.
I don't know anything of the puppet internals so I can't speak to the
complexity of any internal solution. But, I do think a puppet specific
solution would be very useful and has some compelling advantages.
* Allows for consistent and standardized backups via filebucket
* Can be used by any custom type or exec, no duplication of code
> The augeas type could do this itself, of course -- automatically back
> up any files it should be notifying -- without adding a new subsystem.
Are you suggesting I can add a backup call in the augeas plugin? I
hadn't considered that. What about "SimpleText" file edits?
David Lutterkort
> > The augeas type could do this itself, of course -- automatically back
> > up any files it should be notifying -- without adding a new subsystem.
>
> Are you suggesting I can add a backup call in the augeas plugin? I
> hadn't considered that. What about "SimpleText" file edits?
I think the cleanest solution would be if the augeas plugin does the
backup. You can tell aug_init to either create new files with
extension .augnew or save the original file with extension .augsave -
either way, the plugin could detect the presence of those files and then
call into puppet's backup internals to send the file to the filebucket.
David
Luke Kanies
>
>
>
> Luke Kanies wrote:
>> On Oct 13, 2008, at 10:24 AM, Joel Nimety wrote:
>>
>>
>> That would be a completely new subsystem to transactions -- instant
>> action. The 'notify' and 'subscribe' mechanisms all just involve
>> queues.
>>
>> I'm not entirely convinced that's the right solution, since it's not
>> come up before; I'd prefer to find a way to fit it into the current
>> design, rather than adding new functionality.
>
> I don't know anything of the puppet internals so I can't speak to the
> complexity of any internal solution. But, I do think a puppet specific
> solution would be very useful and has some compelling advantages.
>
> * Allows for consistent and standardized backups via filebucket
> * Can be used by any custom type or exec, no duplication of code
It's just that the ordering you're describing would be quite
complicated, and I'm not sure it's worth it.
>
>> The augeas type could do this itself, of course -- automatically back
>> up any files it should be notifying -- without adding a new
>> subsystem.
>
> Are you suggesting I can add a backup call in the augeas plugin? I
> hadn't considered that. What about "SimpleText" file edits?
Yes, you can easily use a filebucket to do the backup yourself. Look
at the handlebackup method (which is certainly more complicated than
it needs to be) in type/file.rb.
I don't know what SimpleText file edits are, so I can't hel pyou there.
--
I respect faith, but doubt is what gets you an education.
-- Wilson Mizner