Puppet：如何在重新启动服务之前运行配置测试

Question

您可以使用require => Exec[]菊花链来exec要求配置更改。

如果 Exec 失败（退出状态 != 0），则需要它的后续任务也应失败。我执行了类似 ssh-keygen 的操作，然后在创建新用户时对 .ssh 设置了特殊权限。

例子：

# Ensure the .ssh directory exists for each user
file { "${dot_ssh_dir}":
 ensure => directory,
 owner => $title,
 mode => 700,
 require => File["${home_dir}"],
}

# Run ssh-keygen (ONLY if id_rsa doesn't exist)
exec { "${title} ssh-keygen":
 command => "ssh-keygen -f ./id_rsa -q -N ''",
 cwd => $dot_ssh_dir,
 user => $title,
 creates => "${keyfile_private}",
 path => ['/usr/bin', '/usr/sbin/', '/usr/local/sbin'],
 require => File[$dot_ssh_dir],
}

# AuthorizedKeys should be 600
file { "${authorized_keys}": 
 source => "${keyfile_public}",
 ensure => present,
 mode => 600,
 owner => $title,
 group => 'sftpusers',
 require => Exec["${title} ssh-keygen"],
}

Answer 1

您可以使用require => Exec[]菊花链来exec要求配置更改。

如果 Exec 失败（退出状态 != 0），则需要它的后续任务也应失败。我执行了类似 ssh-keygen 的操作，然后在创建新用户时对 .ssh 设置了特殊权限。

例子：

# Ensure the .ssh directory exists for each user
file { "${dot_ssh_dir}":
 ensure => directory,
 owner => $title,
 mode => 700,
 require => File["${home_dir}"],
}

# Run ssh-keygen (ONLY if id_rsa doesn't exist)
exec { "${title} ssh-keygen":
 command => "ssh-keygen -f ./id_rsa -q -N ''",
 cwd => $dot_ssh_dir,
 user => $title,
 creates => "${keyfile_private}",
 path => ['/usr/bin', '/usr/sbin/', '/usr/local/sbin'],
 require => File[$dot_ssh_dir],
}

# AuthorizedKeys should be 600
file { "${authorized_keys}": 
 source => "${keyfile_public}",
 ensure => present,
 mode => 600,
 owner => $title,
 group => 'sftpusers',
 require => Exec["${title} ssh-keygen"],
}

Puppet：如何在重新启动服务之前运行配置测试

答案1

相关内容