Ben wrote:
> Bryan Kearney wrote:
>> David Lutterkort wrote:
>>
>>> On Mon, 2008-09-08 at 10:49 -0400, Bryan Kearney wrote:
>>>
>>>> David Lutterkort wrote:
>>>>
>>>>> Yeah, Augeas should be able to tell the caller whether changes were made
>>>>> or not, so that the plugin can suppress spurious reports. This could be
>>>>> done in a number of ways:
>>>>>
>>>>> 1. Indicated through the return value of individual calls like
>>>>> aug_set, aug_insert etc.
>>>>> 2. Through the return value of aug_save
>>>>> 3. Through some metadata entries underneath /augeas
>>>>>
>>>>> Bryan, what would be the easiest for you to integrate into the plugin ?
>>>>> Actually, option (1) won't really help you in the scenario of 'rm /path;
>>>>> set /path value' since it will always look like a change, even if there
>>>>> is none in the end.
>>>>>
>>>> I almost need a "dry run" model. Currently, puppet seems to follow a
>>>> model for each property of "Get the current value, if different, execute
>>>> the code to sync it up". So, (I think) I would need to be able to
>>>> execute the code to see if I need to execute it :(
>>>>
>>> True .. unless you want to implement the logic to see if a change to the
>>> tree actually changes the underlying file yourself ;)
>>>
>>> If you want to know at the tree-level if anything changed, you can query
>>> that with aug_get beforehand, but that's not really what the user is
>>> interested in. If they give you the commands
>>>
>>> rm /foo
>>> set /foo/bar 1
>>> set /foo/JarJar Binks
>>>
>>> each of the commands will make a change to the tree, even if the net
>>> result is no change to the underlying file. That's the situation I was
>>> wondering about with the 3 options above; you'd really want to report a
>>> change only when the underlying file is actually changed. And there's no
>>> way to know that until you actually go to save the file.
>>>
>>
>> I will keep digging, but I think the model now is the "Do you need
>> tochange it, ok change it". I do not think the puppet model supports: "
>> Do you need to change it, Change it, Did you change it?". To fit in into
>> the former, I would need to be able to open up augeas during the "Do you
>> need to change it" step, and then query augeas prior to save to see if
>> it has resulted in a change. So.. I think I would need item 3.
>>
>> -- bk
>>
>>
> I have just started using the augeas module with puppet and i am happy
> so far but was hit with this issue.
>
> Has there been any resolution to this?
>
> This example demonstrates this issue well I think;
>
> I started with this:
>
> augeas { "sshd_HostbasedAuthentication":
> context => "/files/etc/ssh/sshd_config",
> changes => [ "set HostbasedAuthentication yes",
> "set IgnoreUserKnownHosts yes",
> "set IgnoreRhosts yes"
> ],
> require => Package["openssh-server"],
> notify => Service["sshd"]
> }
>
> I ended up having to do it this way because the sshd was restart each
> and every run with the previous example:
>
> augeas { "sshd_HostbasedAuthentication":
> context => "/files/etc/ssh/sshd_config",
> changes => "set HostbasedAuthentication yes",
> onlyif => "get HostbasedAuthentication != yes",
> require => Package["openssh-server"],
> notify => Service["sshd"];
>
> "sshd_IgnoreUserKnownHosts":
> context => "/files/etc/ssh/sshd_config",
> changes => "set IgnoreUserKnownHosts yes",
> onlyif => "get IgnoreUserKnownHosts != yes",
> require => Package["openssh-server"],
> notify => Service["sshd"];
>
> "sshd_IgnoreRhosts":
> context => "/files/etc/ssh/sshd_config",
> changes => "set IgnoreRhosts yes",
> onlyif => "get IgnoreRhosts != yes",
> require => Package["openssh-server"],
> notify => Service["sshd"];
> }
>
> Ben
I believe the only way for me to stop this is to actually run the
commands once to see if there would be changes, and then run them again
at execution time. I am sure that there would be a race condition
between the collection and execution stage.
James / Luke.. is there a way to communicate to puppet that I actually
did not run.. or to disable the notify?
-- bk
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
