Ask Your Question
0

How to ensure the file transferred is identical to the source?

asked 2015-08-11 08:09:30 -0600

dannythk gravatar image

If I use the "FILE" resource to stage a file from the puppet master to an agent node, does Puppet ensure that the file is transferred successfully? I noticed that puppet's report that the file checksum is changed to a new checksum value if it is replacing the existing file or it is a brand new file. I read it somewhere that puppet will transferred the file to a /tmp directory and replace the destination file if the two checksum values don't match. But does Puppet performs a checksum verification between the source and tmp files?
Essentially, I just want to see if we need to verify the file is actually transferred without any issue. And if the transferred wasn't successful, I would love to get an error from Puppet to let the user know that there was an issue transferring the file.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2015-08-12 04:10:36 -0600

when its doing a copy then puppet just ensures exit code is 0 - i.e. successful.

I guess there may be an edge case where operating system says copy ok - then box crashes and copy was in filesystem cache and not flushed to disk .. however this would be rare .. also I think on next puppet run file would be copied over.

If uber critical you could do an md5 check on file - e.g.:

file {'/dir/filename':
            owner      => 'fred',
            group       => 'blah',
            checksum => 1234,
            audit        => [owner,group,checksum]
    }
edit flag offensive delete link more

Comments

Thanks. Is there a resource that won't download the file at every run, we are staging GB files. I am looking at pe_staging or archive to achieve this. And if there is an update to the source zip files, it will run through the whole "unzipping" / "installation"

dannythk gravatar imagedannythk ( 2015-08-17 15:40:01 -0600 )edit
0

answered 2015-08-31 04:14:28 -0600

cbarbour gravatar image

When using a file resource, Puppet by default checksums the current file and compares that to a checksum of the file on the server. The file is transferred if these sums do not match.

Puppet does not to the best of my knowledge checksum the file after transferring it. However, the transfer does occur over a HTTP session. If the transfer is incomplete, the client will detect the early termination of the HTTP session and throw a failure. It will attempt to transfer the file again during the next run.

Puppet replaces the file using a simple move statement. The files content does not change during the move; only the name changes. The old file reference is removed, and is replaced with a reference to the new file.

Finally, if there is an issue with the copied file, it will be detected during the next run due to the checksum mismatch. Puppet will transfer a new copy of the file to correct the issue.

If you require more reliability, you can use an exec resource to md5sum the file based on a hash you specify. This will prevent a lot of attacks that the file resource's built in checks cannot prevent.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-08-11 08:09:30 -0600

Seen: 1,160 times

Last updated: Aug 31 '15