Ask Your Question

Check file existance and ONLY change attributes if needed

asked 2016-07-22 13:37:50 -0500

bits45 gravatar image

I'm still learning Puppet for Linux.

I currently changing owner, group, and permissions on /etc/my.cnf only if the file exists. And this works great, but the agent ALWAYS runs it even if the attributes don't need changing (naturally the code below is not testing for those). It seems like "file { }" should have an option of onlyif just like "exec { }" does so the attributes would change only when needed.

I'm just trying to make it more effeciant and learn.

Again, this works, but every time the agent checks in. I'd like to change an attribute only when necessary and ONLY if the file exists. Maybe I could change it to check for the mysql server package, which I've only read about.

exec { "chmod 0440 /etc/my.cnf ; chown mysql:mysql /etc/my.cnf ; chcon -t mysqld_etc_t /etc/my.cnf":
    path    => "/usr/bin:bin",
    onlyif  => "test -f /etc/my.cnf"

Thanks Gurus.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2016-07-22 15:05:14 -0500

DarylW gravatar image

You should be using a 'file' resource instead of an exec to manage the attributes of your file. An exec should be looked at as a 'last resort' if there doesn't exist another way to manage something.

About exec / onlyif / unless / creates.

You should aim to make your execs (if you have to use them) idempotent, which is what you appear to be trying to do.
One part of your problem is that puppet is declarative. If you have code that does some things in once case, and other things in other cases, doesn't apply a consistent set of configuration to different machines.

Your puppet code should be saying 'the system looks like this', not 'if it looks like this, do this thing'. That is the job of the types/providers to figure out if things should change. You should be using a different puppet configuration for machines that need to have their /etc/my.cnf file managed, and ones that don't. For the ones that need it managed, you specify all of the explicit parameters for that file resource with the appropriate resource. For ones that don't, you don't manage the file.

If you are dead-set on conditionally managing the file, you should write a custom fact to check if the file exists, and use that information to conditionally apply puppet resources based on that fact.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-07-22 13:37:50 -0500

Seen: 58 times

Last updated: Jul 22 '16