On Fri, Nov 14, 2008 at 9:11 AM, Casey Deccio <[EMAIL PROTECTED]> wrote:
> In this case, the squid -k parse would pass, and the squid init script would
> exit successfully, so squid would never detect a problem. However, squid
> would have problems functioning at run time (i.e., sending to the
> redirector) if the squidguard.conf file was invalid, or if the db files were
> built incorrectly. I could, of course, add this to squid's onlyif statement
> as well, but it's not as self-contained. Dependencies on other puppet type
> instances has great utility.
>
> On a semi-related note, transactional support is mentioned briefly on
> http://reductivelabs.com/trac/puppet/wiki/TypeReference . Does
> transactional support aim to solve what I'm trying to do (i.e.,
> automatically prevent bad configurations from entering and/or restore
> previous configuration if something fails)?
Well, here's what I ended up with. It's kind of hack, but I don't see
a better way at the moment to foolproof it.
class squid {
$bak_ext = ".puppet-bak"
package { "squid":
ensure => installed
}
file { "squid.conf":
path => "/etc/squid/squid.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
backup => $bak_ext,
source => [
"puppet:///squid/squid/config/squid.conf"
],
}
service { "squid":
ensure => running,
hasstatus => true,
hasrestart => true,
require => [ Package["squid"], File["squid.conf"] ]
}
exec { "reload-squid":
command =>
"/usr/sbin/squid -k parse && /etc/init.d/squid reload ||
( /bin/cp -pr /etc/squid/squid.conf{${bak_ext},}
/usr/sbin/squid -k parse && /etc/init.d/squid
reload && /bin/false )",
subscribe => File["squid.conf"],
refreshonly => true,
}
exec { "cleanup-squid":
command => "/bin/rm -f /etc/squid/squid.conf${bak-ext}",
subscribe => Exec["reload-squid"],
refreshonly => true,
}
}
class squid::squidguard inherits squid {
package { "squidguard":
ensure => installed
}
file { "squidguard.conf":
path => "/etc/squid/squidguard.conf",
ensure => file,
owner => "root",
group => "squid",
mode => 0640,
backup => $bak_ext,
source => [
"puppet:///squid/squidguard/config/squidguard.conf"
],
}
file { "blacklists":
path => "/var/lib/squidguard/blacklists",
ensure => directory,
owner => "root",
group => "squid",
mode => 0640,
recurse => true,
ignore => ".svn",
backup => $bak_ext,
source => [
"puppet:///squid/squidguard/blacklists"
],
}
exec { "rebuild-squidguard-db":
command =>
"/usr/bin/squidGuard -C all ||
( /bin/cp -pr /etc/squid/squidguard.conf{${bak_ext},}
for i in `find /var/lib/squidguard/blacklists
-name '*${bak_ext}'`; do
cp -pr \$i \${i%${bak_ext}}
done
/usr/bin/squidGuard -C all && /bin/false )",
subscribe => [ File["squidguard.conf"], File["blacklists"] ],
refreshonly => true,
}
exec { "apply-squidguard-diffs":
command => "/usr/bin/squidGuard -u",
subscribe => Exec["rebuild-squidguard-db"],
refreshonly => true,
}
exec { "cleanup-squidguard":
command => "/bin/rm -f /etc/squid/squidguard.conf${bak_ext}
/bin/rm -f `find
/var/lib/squidguard/blacklists -name '*${bak_ext}'` || /bin/true",
subscribe => Exec["reload-squid"],
refreshonly => true,
}
Service["squid"] {
require +> [ Package["squidguard"], File["squidguard.conf"],
File["blacklists"] ]
}
Exec["reload-squid"] {
subscribe +> [ Exec["rebuild-squidguard-db"],
Exec["apply-squidguard-diffs"] ],
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
