Ask Your Question

Check fact (version) after package upgrade

asked 2016-09-13 14:31:24 -0600

rjhornsby gravatar image

updated 2016-09-13 14:34:27 -0600

We have syslog-ng running on our systems. Most have 3.x, but many have 2.x and the configuration files are not compatible. We don't want to stay on 2.x (features like @include are missing). If for some reason the Package[] resource is unable to ensure syslog-ng is at least 3.x, I need Puppet to bail out. I think. I'm open to suggestions of how to do this better.

Otherwise overwriting the config at that point will break a system running syslog-ng 2.x. We're trying to deploy Puppet to existing systems, so leaving them be until we can figure it out rather than breaking the system is preferred. The class I have looks like this:

class syslog_ng::package {
  package { 'syslog-ng':
    ensure  => latest,

  $minimum_version = '3.0.0'

  unless versioncmp($::syslog_ng_version, $minimum_version) >= 0 {
    fail("syslog_ng version (${::syslog_ng_version}) requirement not met. Must be at least this tall to ride: ${minimum_version}")

Is it possible to have the unless ... fail happen after the package[]? Otherwise, it bails early - the installed version is too old. The second half of the question is that I think the custom fact syslog_ng_version is computed at the start of the agent run. Obviously, if the package were upgraded, we can't compare the old value.

I know that the package[] ensure can be set to a specific value, but I can't do that because the packages we have for RHEL are 3.5.x but the packages I had to pull for SLES 11 (...) are 3.6.x, etc. I don't want to ensure a specific version, just a minimum version somewhat similar to PUP-1519[1].


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2016-09-14 07:20:59 -0600

domcleal gravatar image

The file resource has a validate_cmd parameter that can execute a command on the agent to check a config file is valid before deploying it. You could use this to validate that the config file is usable by that version of syslog-ng - either using a command provided by syslog-ng, or a script that you deploy (via another file resource or package) that checks the package version.

See for details.

edit flag offensive delete link more


Thanks! Somehow I missed the `validate_cmd` parameter. Was looking over the doc, and don't see anything that suggests it won't work with a template as content, but `validate_cmd` seems to be getting ignored. Even setting it to`/usr/bin/false` doesn't cause run to fail.

rjhornsby gravatar imagerjhornsby ( 2016-09-14 09:05:36 -0600 )edit

I retract my previous comment ... validate_cmd works now ... ?

rjhornsby gravatar imagerjhornsby ( 2016-09-14 15:27:56 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-09-13 14:31:24 -0600

Seen: 284 times

Last updated: Sep 14 '16