Re: [Puppet-dev] File type: external checks as well as internal?

Sun, 30 May 2010 09:57:45 -0700 

On Sat, May 29, 2010 at 6:57 PM, Daniel Pittman <[email protected]> wrote:

> G'day.
>
> One of the use cases for the File type I have been considering recently is
> how
> to verify file content is correct before installing it.  In many places
> this
> doesn't matter too much, but *sometimes* it surely does.
>
> Two of the specific examples that spring to mind are managing /etc/sudoers,
> and /etc/{passwd,shadow}, where getting it wrong can make it hard to go
> back
> and get it right later.
>
>
> At the moment the File type internally supports a "post-create check"
> operation on the file it is replacing.  Would there be a reasonable degree
> of
> acceptance of adding the ability to run an external check tool?
>
> My thought is something like this:
>
>    file { "/etc/whatever":
>      source => "whatever",
>      check  => "/usr/local/bin/syntax-check-whatever"
>    }
>
> When puppet wanted to replace /etc/whatever it would execute the check
> command, passing the path to the temporary file to the script, and would
> abort
> the update if the script returned a failure.
>
> This would fit right in next to fail_if_checksum_is_wrong inside
> lib/type/file.rb, I think.
>
> Thoughts?
>

I think this is very close to the same functionality as the request to make
the onlyif/unless exec parameters true metaparameters for all resource types
isn't it?

I guess it's going to fail in slightly different ways, but if we had that
functionality we could do it all in a defined type?




>        Daniel
> --
> ✣ Daniel Pittman            ✉ [email protected]            ☎ +61 401 155
> 707
>               ♽ made with 100 percent post-consumer electrons
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Developers" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<puppet-dev%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-dev?hl=en.
>
>


-- 
nigel

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en.

Reply via email to