It really seems like we want the logical extension of the Exec checks on
all resources with additional validation.
service { 'httpd':
ensure => 'running',
onlyif => '/usr/bin/probe_remote_mysql', # or 'unless'
validate => "curl -k http://${::fqdn}/service_check.html";,
# Ok, magical asynchronous fact update here with an ACL (ponies and
unicorns area....)
fact_update => {
'my_unique_name' => 'w00t',
# ACLs would need to be processed server side. Let's not give the nodes
too much power here...
# This could, perhaps, be a server setting.
'acl' => {
'allow' => $::domain,
'deny' => 'ALL'
}
}
class { 'thing_that_needs_apache':
onlyif => fact_fetch('my_unique_name', 'w00t') # fact_fetch(<name>,
<expected value/regex/math/whatever>)
}
With the async updating of facts, and individual ACL restrictions, you get
some really neat capabilities in terms of fine grained process control.
Thinking about this further, you'll probably need caching proxies for the
fact updates though.
Maybe Puppet 8 :-D.
Thanks,
Trevor
On Thu, Mar 3, 2016 at 3:58 AM, R.I.Pienaar <r...@devco.net> wrote:
>
>
> ----- Original Message -----
> > From: "Erik Dalén" <erik.gustav.da...@gmail.com>
> > To: "puppet-dev" <puppet-dev@googlegroups.com>
> > Sent: Thursday, 3 March, 2016 09:43:30
> > Subject: Re: [Puppet-dev] metaparam question
>
> > On Fri, 5 Feb 2016 at 00:35 Kylo Ginsberg <k...@puppetlabs.com> wrote:
> >
> >> On Wed, Feb 3, 2016 at 7:47 AM, R.I.Pienaar <r...@devco.net> wrote:
> >>
> >>> hello,
> >>>
> >>> I would like to add a metaparameter - which I think is easy now via
> >>> Type.newmetaparam.
> >>>
> >>
> >> We haven't been thinking of metaparameters as a general purpose
> extension
> >> point. This came up once before that I know of, about a year ago, and
> >> there's a little discussion of this in
> >> https://tickets.puppetlabs.com/browse/PUP-4281. The conclusion we
> reached
> >> at the time was, more or less, to explore whether the desired change
> could
> >> be accomplished with a puppet function and/or a change to core puppet.
> >>
> >>
> >>>
> >>> The thing that I can't seem to find any example of though is how to
> >>> make this metaparameter do something on the nodes for all providers
> >>> or all types.
> >>
> >>
> >>> Imagine there's a metaparam that might describe how to test a resource
> >>> works, something like:
> >>>
> >>> service{"httpd": validate => "check_http --port 80 -H localhost"}
> >>>
> >>> I'd then want to have some code that would be run on the agent nodes
> >>> for any resource that has this param set.
> >>>
> >>
> >> I don't think something like this exists per se, but 'validate' might be
> >> one such example of something worth adding to core puppet. Fwiw, one
> >> resource-specific example added not too long ago is the file type's
> >> validate_cmd:
> >>
> >>
> >>
> https://docs.puppetlabs.com/puppet/latest/reference/type.html#file-attribute-validate_cmd
> >> .
> >>
> >>
> > Just to clarify, validate_cmd works differently in that it validates the
> > new contents before replacing the file.
> > I guess the generic validate metaparameter would validate the resource
> > after it has been synced.
>
> yes indeed, subtle but important. thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-dev/1062762368.96001.1456995522124.JavaMail.zimbra%40devco.net
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
-- This account not approved for unencrypted proprietary information --
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoVDQ4YYkG1Gz1YxO92amk4vyN%2BWVa%3D9%2BE-psKjx9Nrykg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
