Hi,
this is me assuming the role of the weird secluded neighbor who
sometimes yells incoherent ramblings over the fence. Although this is
pertinent:
For onlyif and friends, there is already
https://tickets.puppetlabs.com/browse/PUP-1125, where John and I have
already done some thoughtwork.
Now two years have passed, and I'm a little overwhelmed by the prospect
of building yet another complex feature (intense fretting going on over
here). Don't hold your breath I guess? But if anyone wants to grab it,
I'll be glad to offer whatever limited guidance I can muster.
Cheers,
Felix
On 03/03/2016 02:24 PM, Trevor Vaughan wrote:
It really seems like we want the logical extension of the Exec checks
on all resources with additional validation.
service { 'httpd':
ensure => 'running',
onlyif => '/usr/bin/probe_remote_mysql', # or 'unless'
validate => "curl -k http://${::fqdn}/service_check.html",
# Ok, magical asynchronous fact update here with an ACL (ponies and
unicorns area....)
fact_update => {
'my_unique_name' => 'w00t',
# ACLs would need to be processed server side. Let's not give the
nodes too much power here...
# This could, perhaps, be a server setting.
'acl' => {
'allow' => $::domain,
'deny' => 'ALL'
}
}
class { 'thing_that_needs_apache':
onlyif => fact_fetch('my_unique_name', 'w00t') #
fact_fetch(<name>, <expected value/regex/math/whatever>)
}
With the async updating of facts, and individual ACL restrictions, you
get some really neat capabilities in terms of fine grained process
control.
Thinking about this further, you'll probably need caching proxies for
the fact updates though.
Maybe Puppet 8 :-D.
Thanks,
Trevor
<snip>
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/5771B7F0.4050409%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.