Ask Your Question
0

Is there a way to run an exec only when a file needs to be updated in puppet 3.x

asked 2017-04-24 16:04:33 -0500

lantzbr gravatar image

updated 2017-05-16 23:10:25 -0500

ramindk gravatar image

I have a file that I manage that requires the immutable bit set. Is there a way to only trigger the remove of the immutable bit if the file needs to be updated? To clarify a little, this is on a Red Hat Linux server. The file that I manage with puppet resource type file is /etc/resolv.conf. The immutable bit is set on that file, so if any changes need to occur to that file they end up failing until the immutable bit is removed. Once the file is updated the immutable bit can be set back. The current config looks like this:

file { $resolv_conf_file:
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => template("test/resolv.conf.erb"),
    require => Exec['remove_immutable_bit'],
  }

  exec { "chattr":
    command => "/bin/chattr +i $resolv_conf_file",
    subscribe => File[$resolv_conf_file],
  }

  exec { "remove_immutable_bit":
    command => "/bin/chattr -i $resolv_conf_file",
  }

This configuration works, but it removes and adds the bit every time puppet runs. It would be nice if the removeimmutablebit would only execute when necessary but I don't see a way to do this. My only thought is to have a file resource somewhere else and trigger the immutable part only if the file changes. Hopefully someone has a better idea than that.

Thanks

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2017-04-26 06:16:22 -0500

puser gravatar image

Use Refreshonly on your Exec that you use to set the immutable bit.

https://docs.puppet.com/puppet/latest...

Then use a notify when puppet runs to the Exec. refreshonly will only fire when notified.

edit flag offensive delete link more
0

answered 2017-04-25 07:15:21 -0500

DarylW gravatar image

updated 2017-04-25 07:15:49 -0500

What do you mean by 'update'? Do you mean 'ensure that the immutable bit is set' or do you mean 'change the file contents'? Are you talking about linux or *BSD?

I did find a module on the forge, but it is fundamentally just an exec that can loop through an array of files listed, and run the chattrcommand against them.

https://forge.puppet.com/lambchop/chattr

There is some discussion about how to find and detect immutable files given at https://unix.stackexchange.com/questi..., but it seems like there are a lot of pitfalls if you simply 'grep' the output of the file attributes. You either would need to make a really good regex that will check the output of your file(matching up against the start of string and whtespace chars to ensure you are evaluating the list of attributes) or if you really wanted to address this, you should look to creating a custom type and provider, which will verify values as stated in the above link. They mention the following.

I recommend using a less cranky language such as Perl, Python or Ruby and doing the work of lsattr by yourself. lsattr operates by issuing a FS_IOC_GETFLAGS ioctl syscall and retrieving the file's inode flags.

They go on to give a python proof of concept.

Sorry that I haven't been able to find you a better answer. It seems like your only option is to write it yourself... either by an 'exec' which contains an appropriate unless/onlyif condition which checks that the immutable bit is set, or delving in deeper with a custom type and provider.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-04-24 16:04:33 -0500

Seen: 79 times

Last updated: May 16