On Wednesday, November 6, 2013 12:49:27 PM UTC-6, David Gordon wrote:
>
> Hi All,
>
> I'm looking at integrating our Puppet 2.7.21 setup with an internal change
> management system. Essentially I need the master to check there is an open
> change window for a given node, and fail the run if not.
>
> I don't want to have to have a custom configuration on all the nodes (and
> this probably wouldn't be secure anyway), so plugging this check in during
> the ENC stage seemed to make sense to me.
>
> I'd like to be able to fail the run with a message back to the agent e.g.
> 'no valid change window open'. The problem is, as far as I can see, it is
> not possible to propagate any custom errors back to the master. It looks
> like the only error is e.g. 'could not find node xxx' or similar. Even
> replacing the terminus with a custom one doesn't appear to help as this
> cover-all error looks to be generated in the catalogue compiler.
>
> Does this sound right? Anyone got an ideas if it would be possible to fail
> runs with a custom error from within the puppet master? Failing from
> within the manifests themselves wouldn't be an option as they are under the
> control of the users, and so the check could be circumvented.
>
>
Do you need a bona fide error to be generated, or would it be sufficient to
deliver a catalog containing only a notification message? For example,
given the following class available on your master,
class site::no_window {
notify { 'no valid change window open': }
}
, if the ENC determines that it is outside any change window for the target
node then its output can be simply
classes:
- site::no_window
. Supposing that you have neither any global declarations nor a node block
for the target node, that will result in no changes to the target, except
possibly Puppet plugin synchronization. The notify message will appear in
Puppet's output.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d09362d2-088f-4bdf-856d-96433fab3a9d%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
