Puppet: Recovering from failed run
Consider the following code:
file { '/etc/systemd/system/docker.service.d/http-proxy.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '644',
content => '[Service]
Environment="HTTP_PROXY=http://10.0.2.2:3128"
Environment="HTTPS_PROXY=http://10.0.2.2:3128"
',
notify => Exec['daemon-reload'],
require => Package['docker-ce'],
}
exec { 'daemon-reload':
command => 'systemctl daemon-reload',
path => '/sbin',
refreshonly => true,
}
service { 'docker':
ensure => 'running',
subscribe => File['/etc/systemd/system/docker.service.d/http-proxy.conf'],
require => Exec['daemon-reload'],
}
I would like to edit some systemd service. In this instance, it is the environment for docker, but it could be any other need.
Since a systemd unit file has been changed, systemctl daemon-reload must be run for the new configuration to be picked up.
Running puppet apply fails:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[/etc/systemd/system/docker.service.d/http-proxy.conf]/ensure: defined content as '{md5}dace796a9904d2c5e2c438e6faba2332'
Error: /Stage[main]/Main/Exec[daemon-reload]: Failed to call refresh: Could not find command 'systemctl'
Error: /Stage[main]/Main/Exec[daemon-reload]: Could not find command 'systemctl'
Notice: /Stage[main]/Main/Service[docker]: Dependency Exec[daemon-reload] has failures: false
Warning: /Stage[main]/Main/Service[docker]: Skipping because of failed dependencies
Notice: Applied catalog in 0.15 seconds
The cause is immediately obvious: systemctl lives in /bin, not /sbin, as configured. However, fixing this, then running puppet apply again will neither cause the service to be restarted nor systemctl daemon-reload to be run:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.19 seconds
Notice: Applied catalog in 0.16 seconds
Apparently, this happens because there were no changes to the file resource (since it was applied on the failed run), which would have refreshed the daemon-reload and then triggered the service to restart.
In order to force puppet to reload the service and restart it, I could change the contents of the file on disk, I could change the contents on the puppet code, but it feels like I'm missing some better way of doing this.
How to better recover from such scenario? Or, how to write puppet code that doesn't have this issue?
puppet systemd
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
add a comment |
Consider the following code:
file { '/etc/systemd/system/docker.service.d/http-proxy.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '644',
content => '[Service]
Environment="HTTP_PROXY=http://10.0.2.2:3128"
Environment="HTTPS_PROXY=http://10.0.2.2:3128"
',
notify => Exec['daemon-reload'],
require => Package['docker-ce'],
}
exec { 'daemon-reload':
command => 'systemctl daemon-reload',
path => '/sbin',
refreshonly => true,
}
service { 'docker':
ensure => 'running',
subscribe => File['/etc/systemd/system/docker.service.d/http-proxy.conf'],
require => Exec['daemon-reload'],
}
I would like to edit some systemd service. In this instance, it is the environment for docker, but it could be any other need.
Since a systemd unit file has been changed, systemctl daemon-reload must be run for the new configuration to be picked up.
Running puppet apply fails:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[/etc/systemd/system/docker.service.d/http-proxy.conf]/ensure: defined content as '{md5}dace796a9904d2c5e2c438e6faba2332'
Error: /Stage[main]/Main/Exec[daemon-reload]: Failed to call refresh: Could not find command 'systemctl'
Error: /Stage[main]/Main/Exec[daemon-reload]: Could not find command 'systemctl'
Notice: /Stage[main]/Main/Service[docker]: Dependency Exec[daemon-reload] has failures: false
Warning: /Stage[main]/Main/Service[docker]: Skipping because of failed dependencies
Notice: Applied catalog in 0.15 seconds
The cause is immediately obvious: systemctl lives in /bin, not /sbin, as configured. However, fixing this, then running puppet apply again will neither cause the service to be restarted nor systemctl daemon-reload to be run:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.19 seconds
Notice: Applied catalog in 0.16 seconds
Apparently, this happens because there were no changes to the file resource (since it was applied on the failed run), which would have refreshed the daemon-reload and then triggered the service to restart.
In order to force puppet to reload the service and restart it, I could change the contents of the file on disk, I could change the contents on the puppet code, but it feels like I'm missing some better way of doing this.
How to better recover from such scenario? Or, how to write puppet code that doesn't have this issue?
puppet systemd
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
add a comment |
Consider the following code:
file { '/etc/systemd/system/docker.service.d/http-proxy.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '644',
content => '[Service]
Environment="HTTP_PROXY=http://10.0.2.2:3128"
Environment="HTTPS_PROXY=http://10.0.2.2:3128"
',
notify => Exec['daemon-reload'],
require => Package['docker-ce'],
}
exec { 'daemon-reload':
command => 'systemctl daemon-reload',
path => '/sbin',
refreshonly => true,
}
service { 'docker':
ensure => 'running',
subscribe => File['/etc/systemd/system/docker.service.d/http-proxy.conf'],
require => Exec['daemon-reload'],
}
I would like to edit some systemd service. In this instance, it is the environment for docker, but it could be any other need.
Since a systemd unit file has been changed, systemctl daemon-reload must be run for the new configuration to be picked up.
Running puppet apply fails:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[/etc/systemd/system/docker.service.d/http-proxy.conf]/ensure: defined content as '{md5}dace796a9904d2c5e2c438e6faba2332'
Error: /Stage[main]/Main/Exec[daemon-reload]: Failed to call refresh: Could not find command 'systemctl'
Error: /Stage[main]/Main/Exec[daemon-reload]: Could not find command 'systemctl'
Notice: /Stage[main]/Main/Service[docker]: Dependency Exec[daemon-reload] has failures: false
Warning: /Stage[main]/Main/Service[docker]: Skipping because of failed dependencies
Notice: Applied catalog in 0.15 seconds
The cause is immediately obvious: systemctl lives in /bin, not /sbin, as configured. However, fixing this, then running puppet apply again will neither cause the service to be restarted nor systemctl daemon-reload to be run:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.19 seconds
Notice: Applied catalog in 0.16 seconds
Apparently, this happens because there were no changes to the file resource (since it was applied on the failed run), which would have refreshed the daemon-reload and then triggered the service to restart.
In order to force puppet to reload the service and restart it, I could change the contents of the file on disk, I could change the contents on the puppet code, but it feels like I'm missing some better way of doing this.
How to better recover from such scenario? Or, how to write puppet code that doesn't have this issue?
puppet systemd
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
Consider the following code:
file { '/etc/systemd/system/docker.service.d/http-proxy.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '644',
content => '[Service]
Environment="HTTP_PROXY=http://10.0.2.2:3128"
Environment="HTTPS_PROXY=http://10.0.2.2:3128"
',
notify => Exec['daemon-reload'],
require => Package['docker-ce'],
}
exec { 'daemon-reload':
command => 'systemctl daemon-reload',
path => '/sbin',
refreshonly => true,
}
service { 'docker':
ensure => 'running',
subscribe => File['/etc/systemd/system/docker.service.d/http-proxy.conf'],
require => Exec['daemon-reload'],
}
I would like to edit some systemd service. In this instance, it is the environment for docker, but it could be any other need.
Since a systemd unit file has been changed, systemctl daemon-reload must be run for the new configuration to be picked up.
Running puppet apply fails:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[/etc/systemd/system/docker.service.d/http-proxy.conf]/ensure: defined content as '{md5}dace796a9904d2c5e2c438e6faba2332'
Error: /Stage[main]/Main/Exec[daemon-reload]: Failed to call refresh: Could not find command 'systemctl'
Error: /Stage[main]/Main/Exec[daemon-reload]: Could not find command 'systemctl'
Notice: /Stage[main]/Main/Service[docker]: Dependency Exec[daemon-reload] has failures: false
Warning: /Stage[main]/Main/Service[docker]: Skipping because of failed dependencies
Notice: Applied catalog in 0.15 seconds
The cause is immediately obvious: systemctl lives in /bin, not /sbin, as configured. However, fixing this, then running puppet apply again will neither cause the service to be restarted nor systemctl daemon-reload to be run:
Notice: Compiled catalog for puppet-docker-test.<redacted> in environment production in 0.19 seconds
Notice: Applied catalog in 0.16 seconds
Apparently, this happens because there were no changes to the file resource (since it was applied on the failed run), which would have refreshed the daemon-reload and then triggered the service to restart.
In order to force puppet to reload the service and restart it, I could change the contents of the file on disk, I could change the contents on the puppet code, but it feels like I'm missing some better way of doing this.
How to better recover from such scenario? Or, how to write puppet code that doesn't have this issue?
puppet systemd
puppet systemd
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
asked Nov 19 '18 at 21:15
Thiago ViniciusThiago Vinicius
11
11
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Puppet does not provide a mechanism for resuming a failed run. Doing so would not make much sense to me, since one would expect that for a resumption to have a different result would depend on the machine state being changed since the failure, and a machine-state change outside Puppet potentially invalidates the catalog that was being applied.
The agent does, by default, send run reports to the master, so in the event of a failed run, you should be able to determine from that what went wrong. Supposing that you don't want to scour reports to figure out how to recover from a failed run, however, you could consider compiling a recovery script.
For example, you know that any failure may have caused a daemon-reload to be missed, and it's harmless to perform one when it isn't required, so just put that in your script. You might also put in a restart of each service under management. Basically, you're looking for anything that has non-trivial refresh behavior (Execs and Services are the main ones that come to my mind).
It occurs to me that if you're extra clever then it might be possible to put that in the form of one or more Puppet classes, and to determine on the master whether the last run for the target node failed, so as to apply the recovery.
As for avoiding the problem in the first place, I can only suggest testing, testing, and more testing. To that end, if you don't have dedicated machines on which to test Puppet updates, then at least select a small number of normal machines that get updates first, so that any problems that arise are closely contained.
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
add a comment |
As your http-haproxy.conf has already been updated on 1st execution of puppet, so next time this will not get updated again and notify to systemctl daemon-reload will not be done
In case you need to run systemctl daemon-reload all the time if any notify there or not then you need to more refreshonly => true from exec 'daemon-reload'
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53382754%2fpuppet-recovering-from-failed-run%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Puppet does not provide a mechanism for resuming a failed run. Doing so would not make much sense to me, since one would expect that for a resumption to have a different result would depend on the machine state being changed since the failure, and a machine-state change outside Puppet potentially invalidates the catalog that was being applied.
The agent does, by default, send run reports to the master, so in the event of a failed run, you should be able to determine from that what went wrong. Supposing that you don't want to scour reports to figure out how to recover from a failed run, however, you could consider compiling a recovery script.
For example, you know that any failure may have caused a daemon-reload to be missed, and it's harmless to perform one when it isn't required, so just put that in your script. You might also put in a restart of each service under management. Basically, you're looking for anything that has non-trivial refresh behavior (Execs and Services are the main ones that come to my mind).
It occurs to me that if you're extra clever then it might be possible to put that in the form of one or more Puppet classes, and to determine on the master whether the last run for the target node failed, so as to apply the recovery.
As for avoiding the problem in the first place, I can only suggest testing, testing, and more testing. To that end, if you don't have dedicated machines on which to test Puppet updates, then at least select a small number of normal machines that get updates first, so that any problems that arise are closely contained.
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
add a comment |
Puppet does not provide a mechanism for resuming a failed run. Doing so would not make much sense to me, since one would expect that for a resumption to have a different result would depend on the machine state being changed since the failure, and a machine-state change outside Puppet potentially invalidates the catalog that was being applied.
The agent does, by default, send run reports to the master, so in the event of a failed run, you should be able to determine from that what went wrong. Supposing that you don't want to scour reports to figure out how to recover from a failed run, however, you could consider compiling a recovery script.
For example, you know that any failure may have caused a daemon-reload to be missed, and it's harmless to perform one when it isn't required, so just put that in your script. You might also put in a restart of each service under management. Basically, you're looking for anything that has non-trivial refresh behavior (Execs and Services are the main ones that come to my mind).
It occurs to me that if you're extra clever then it might be possible to put that in the form of one or more Puppet classes, and to determine on the master whether the last run for the target node failed, so as to apply the recovery.
As for avoiding the problem in the first place, I can only suggest testing, testing, and more testing. To that end, if you don't have dedicated machines on which to test Puppet updates, then at least select a small number of normal machines that get updates first, so that any problems that arise are closely contained.
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
add a comment |
Puppet does not provide a mechanism for resuming a failed run. Doing so would not make much sense to me, since one would expect that for a resumption to have a different result would depend on the machine state being changed since the failure, and a machine-state change outside Puppet potentially invalidates the catalog that was being applied.
The agent does, by default, send run reports to the master, so in the event of a failed run, you should be able to determine from that what went wrong. Supposing that you don't want to scour reports to figure out how to recover from a failed run, however, you could consider compiling a recovery script.
For example, you know that any failure may have caused a daemon-reload to be missed, and it's harmless to perform one when it isn't required, so just put that in your script. You might also put in a restart of each service under management. Basically, you're looking for anything that has non-trivial refresh behavior (Execs and Services are the main ones that come to my mind).
It occurs to me that if you're extra clever then it might be possible to put that in the form of one or more Puppet classes, and to determine on the master whether the last run for the target node failed, so as to apply the recovery.
As for avoiding the problem in the first place, I can only suggest testing, testing, and more testing. To that end, if you don't have dedicated machines on which to test Puppet updates, then at least select a small number of normal machines that get updates first, so that any problems that arise are closely contained.
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
Puppet does not provide a mechanism for resuming a failed run. Doing so would not make much sense to me, since one would expect that for a resumption to have a different result would depend on the machine state being changed since the failure, and a machine-state change outside Puppet potentially invalidates the catalog that was being applied.
The agent does, by default, send run reports to the master, so in the event of a failed run, you should be able to determine from that what went wrong. Supposing that you don't want to scour reports to figure out how to recover from a failed run, however, you could consider compiling a recovery script.
For example, you know that any failure may have caused a daemon-reload to be missed, and it's harmless to perform one when it isn't required, so just put that in your script. You might also put in a restart of each service under management. Basically, you're looking for anything that has non-trivial refresh behavior (Execs and Services are the main ones that come to my mind).
It occurs to me that if you're extra clever then it might be possible to put that in the form of one or more Puppet classes, and to determine on the master whether the last run for the target node failed, so as to apply the recovery.
As for avoiding the problem in the first place, I can only suggest testing, testing, and more testing. To that end, if you don't have dedicated machines on which to test Puppet updates, then at least select a small number of normal machines that get updates first, so that any problems that arise are closely contained.
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
answered Nov 19 '18 at 23:07
John BollingerJohn Bollinger
80.7k74275
80.7k74275
add a comment |
add a comment |
As your http-haproxy.conf has already been updated on 1st execution of puppet, so next time this will not get updated again and notify to systemctl daemon-reload will not be done
In case you need to run systemctl daemon-reload all the time if any notify there or not then you need to more refreshonly => true from exec 'daemon-reload'
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
add a comment |
As your http-haproxy.conf has already been updated on 1st execution of puppet, so next time this will not get updated again and notify to systemctl daemon-reload will not be done
In case you need to run systemctl daemon-reload all the time if any notify there or not then you need to more refreshonly => true from exec 'daemon-reload'
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
add a comment |
As your http-haproxy.conf has already been updated on 1st execution of puppet, so next time this will not get updated again and notify to systemctl daemon-reload will not be done
In case you need to run systemctl daemon-reload all the time if any notify there or not then you need to more refreshonly => true from exec 'daemon-reload'
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
As your http-haproxy.conf has already been updated on 1st execution of puppet, so next time this will not get updated again and notify to systemctl daemon-reload will not be done
In case you need to run systemctl daemon-reload all the time if any notify there or not then you need to more refreshonly => true from exec 'daemon-reload'
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
answered Dec 3 '18 at 10:05
Manoj K SamtaniManoj K Samtani
12
12
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53382754%2fpuppet-recovering-from-failed-run%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
