|
|
Re: verify before deploy: msg#00200
sysutils.puppet.user
|
Subject: |
Re: verify before deploy |
I wrote a little test to make sure that the sudoers file was syntactically valid. Here's the bit that does the work. class SudoersFile def initialize(sudoers_file) sudo='/usr/sbin/visudo'
command="#{sudo} -c -f #{sudoers_file}" end def validate system(command) end end J. On 18/10/2007, Chris MacLeod
<stickm@xxxxxxxxx> wrote:ahh... that's very helpful. I'm not sure though how you could use a validate function with a source file rather than a content file.
On 10/18/07,
Derek.Whayman@xxxxxxxxxxxxxxxxxxx <
Derek.Whayman@xxxxxxxxxxxxxxxxxxx> wrote:
This worked for me:
http://reductivelabs.com/trac/puppet/wiki/TemplateValidationFunction for
the validation. It's actually more like a general case with an example
for sudo... should be good for you!
You'll barf on a parse error if the syntax was invalid according to
visudo. You could plug in another script other than visudo if you
wanted additional validation.
Derek
________________________________
From: puppet-users-bounces@xxxxxxxxxxx
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Chris MacLeod
Sent: 18 October 2007 05:27
To: Puppet User Discussion
Subject: [Puppet-users] verify before deploy
so I have this sudo module that I've been working on:
class auth::sudo {
package { sudo: ensure => installed }
file { sudo_config:
name => "/tmp/sudoers",
owner => "root",
group => "root",
mode => 0440,
notify => Exec["sudoers-syntax"],
source => [
"puppet:///auth/sudo/${fqdn}/sudoers",
"puppet:///auth/sudo/sudoers"
]
}
exec { "sudoers-syntax":
command => "/bin/cp /tmp/sudoers /etc/sudoers",
onlyif => "/usr/sbin/visudo -c /tmp/sudoers",
refreshonly => true,
}
}
it works very well but I'm wondering if there is another way (cleaner
perhaps) to use an external command to verfiy a file prior to
deployment. Is there way to access a potential file before it's
deployed? Or get at the previous version if something doesn't pass a
sniff test.
C
--
stickm@xxxxxxxxx
-==< Stick >==-
------------------------------------------------------------------------
For important statutory and regulatory disclosures and more information about Barclays Capital, please visit our web site at
http://www.barcap.com.
Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group.
------------------------------------------------------------------------
_______________________________________________
Puppet-users mailing list
Puppet-users@xxxxxxxxxxx
https://mail.madstop.com/mailman/listinfo/puppet-users
stickm@xxxxxxxxx
-==< Stick >==-
_______________________________________________
Puppet-users mailing list
Puppet-users@xxxxxxxxxxx
https://mail.madstop.com/mailman/listinfo/puppet-users
-- Julian Simpson Build and Deploy Guy http://www.juliansimpson.org
_______________________________________________
Puppet-users mailing list
Puppet-users@xxxxxxxxxxx
https://mail.madstop.com/mailman/listinfo/puppet-users
|
|
