Re: [Puppet Users] Config test when restarting a service

Mon, 06 Jul 2015 06:27:03 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Notify on its own is no good, since if the exec fails, the service
> gets restarted anyway.
> 
> Require on its own is no good, since the exec runs every time.
> 
> Is there some way to combine the two?

The problem is that a notify includes a before relationship, which
means that the service resource is always being managed *before* the
config test happens. What you want is the following:


file{'/etc/dhcpd/dhcpd.conf':
  notify => [Exec['dhcpd-config-test'],Service['dhcpd']],
  ....
}

# This exec tests the dhcpd config and fails if it's bad
# It isn't run every time puppet runs, but only when dhcpd is to be
# restarted
exec { 'dhcpd-config-test':
  command     => '/usr/sbin/dhcpd -t',
  refreshonly => true,
  before      =>  Service['dhcpd'],
}

service { 'dhcpd':
  ensure     => running,
  enable     => true,
}


This will not restart the dhcpd if the exec fails, as they have now a
relationship and if the exec fails the service is skipped. And the
exec is only being triggered when the file changes.

However, this has the drawback that you will only realize that within
the run where puppet changes the file. On the next run, though the
previous one failed, the file won't change anymore, the exec won't be
run and the service will already be running. So no change anymore.

I don't see a solution to that without having to constantly check the
config file and/or rechange the file, so it keeps chaning on the next
run, e.g. like:

exec { 'dhcpd-config-test':
  command     => '/usr/sbin/dhcpd -t || (echo "#failed" >>
/etc/dhcpd/dhcpd.conf && /usr/bin/false)',
  refreshonly => true,
  before      => Service['dhcpd'],
}

This will invalidate the target state of the configfile and so it will
be changed on the next run again, the validation fails again and you
keep having that node being reported as a failed node.
Otherwise, it will only fail once.

best

pete
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlWagfwACgkQbwltcAfKi39RtwCfcXp8wbJGntag04oiulW3qDHi
YiQAn0+Vk2p8QLAlf+A4dudpCeCUlYa/
=mSSL
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/559A8201.8030300%40immerda.ch.
For more options, visit https://groups.google.com/d/optout.

Reply via email to