Add systemd-timesyncd support #43
Conversation
| @@ -23,6 +23,14 @@ | |||
| it { is_expected.to create_service('systemd-networkd').with_ensure('running') } | |||
| it { is_expected.to create_service('systemd-networkd').with_enable(true) } | |||
| end | |||
| context 'when enabling timesyncd' do | |||
There was a problem hiding this comment.
Maybe extend the existing test where both resolved and networkd are enabled? Or at least add the is_expected.to_not to the plain test?
There was a problem hiding this comment.
I meant to add is_expected.not_to on line 13 as well.
There was a problem hiding this comment.
ups. added that as well
| Enum['stopped','running'] $networkd_ensure = 'running', | ||
| Boolean $manage_timesyncd = false, | ||
| Enum['stopped','running'] $timesyncd_ensure = 'running', | ||
| Optional[String] $ntp_server = undef, |
There was a problem hiding this comment.
I thougt about it. Systemd expects a comma separated list. What do you think about an array which I join()?
There was a problem hiding this comment.
yep, I think that's better. The API you expose through puppet should make sense in puppet land. Use join in the template or wherever.
There was a problem hiding this comment.
I think that would be a cleaner interface, personally (having it be structured data in Puppet, and join it later). Not sure whether it should require an array for a single element list, or whether it should allow you to pass in a string and force to list context.
There was a problem hiding this comment.
If you're being really friendly, I suppose you might also accept a string with no commas in instead of forcing people to use arrays of size 1.
There was a problem hiding this comment.
And if it's an array, the params should probably be ntp_servers and fallback_ntp_server?
This also makes it clear that the params can take multiple values
There was a problem hiding this comment.
@wyardley +1 Agreed. If you expect an array, pluralise the parameter name.
There was a problem hiding this comment.
I would like to keep ntp_server and fallback_ntp_serve because those are the keys in the ini file. I updated the code to accept a single string or arrays. What do you think about that?
There was a problem hiding this comment.
I personally think it should be plural, will defer to @alexjfisher
|
Not all systems have The same goes for |
|
@trevor-vaughan it defaults to off/dont manage. Is that okay? Is there a way to check the presence without a fact? |
|
@bastelfreak I'm just worried that someone will turn it on without knowing that it's not present on their system and "bad things"(tm) will happen. For instance, my Fedora system has both of these, but my RHEL 7 system does not. If I have something in Hiera based on While, technically, this is the fault of the user, it would be best to fail safe and perhaps notify them that they're trying to do something that won't work. Unfortunately, you can't base it off of existing facts from what I can tell, you're going to have to actually query |
|
@trevor-vaughan uff. This needs a huge amount of code. I agree that it would be nice. I don't know a sane way to query systemd about it. One solution would be to check for /usr/lib/systemd/systemd-timesyncd, but the path isn't the same on all distributions. Should this improvement be moved into its own pull request? |
|
@bastelfreak It's a |
|
@bastelfreak Did a bit more poking and this seems to give a good list that would make a great |
|
oh right, I totally forgot that :D |
systemctl list-unit-files --no-pager | awk '!/static|@/ && $1 ~ /systemd-.*.service/ { print $1 " " $2}'I can wrap that up tomorrow in a fact (or do it in pure ruby) |
|
Pure ruby would probably be less fragile over time, but that would be ideal, thanks! |
|
Jo @trevor-vaughan! The awesome @jreinert and I added a ruby implementation of the structured fact. Output is: What do you think about that? |
lib/facter/systemd.rb
Outdated
| # Purpose: | ||
| # Determine whether systemd is the init system on the node | ||
| # Purpose: | ||
| # Determine whether SystemD is the init system on the node |
There was a problem hiding this comment.
it's plain systemd, not SystemD according to https://www.freedesktop.org/wiki/Software/systemd/
There was a problem hiding this comment.
oh dang. I did some copy and paste issues. my patch for this file isn't based on master. I will fix that
lib/facter/systemd.rb
Outdated
| Facter.add(:systemd) do | ||
| confine :kernel => :linux | ||
| setcode do | ||
| Facter.value(:service_provider) == 'systemd' | ||
| Facter::Util::Resolution.exec('ps -p 1 -o comm=') == 'systemd' |
| enable => $_enable_timesyncd, | ||
| } | ||
|
|
||
| if $ntp_server { |
There was a problem hiding this comment.
Should it otherwise be ensured to be absent?
There was a problem hiding this comment.
the linux distribution may place default values in there. so IMO we should not touch it.
bastelfreak
force-pushed
the
timesyncd
branch
3 times, most recently
from
7e86ce5
to
3a69968
Compare
|
👍 |
bastelfreak
force-pushed
the
timesyncd
branch
from
3a69968
to
74cfb58
Compare
manifests/init.pp
Outdated
| @@ -32,11 +50,15 @@ | |||
| create_resources('systemd::service_limits', $service_limits) | |||
| } | |||
|
|
|||
| if $manage_resolved { | |||
| if $manage_resolved and $facts['systemd_internal_services']['systemd-resolved.service'] { | |||
There was a problem hiding this comment.
This is going to fail hard if the fact could not be populated for some reason.
Should probably be: if $mange_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service']
bastelfreak
force-pushed
the
timesyncd
branch
from
74cfb58
to
0d1b764
Compare
| @@ -32,11 +50,15 @@ | |||
| create_resources('systemd::service_limits', $service_limits) | |||
| } | |||
|
|
|||
| if $manage_resolved { | |||
| if $manage_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service'] { | |||
There was a problem hiding this comment.
Maybe a bit late to the party but if manage_resolved is true and the system can't use it, should that be an error?
There was a problem hiding this comment.
this would add another layer, not sure if this is actually needed. Is it safe to assume that only people that know their systems try to enable it? (Or at least know if they run systemd or not)
There was a problem hiding this comment.
Also using the module would be a bit more complicated/requires more logic. Currently I apply it to all servers in our org, no matter if its a freebsd, old centos or something with systemd. Fail safely vs fail hard
There was a problem hiding this comment.
On the other hand, if you don't manage this you might silently not manage something when you expect it to. Makes me wonder if it should be a tristate: off, auto and on where on has checks if it's actually enabled.
There was a problem hiding this comment.
I thought about this, but unsure of the needed complexity is worth it
The plugin class `yum::plugin::versionlock` should not be `contain`ed from every instance of the `yum::versionlock` defined type. Doing so makes it impossible to use the type in multiple dependent classes/profiles. `contain` implies that the resource 'owns' the plugin. Using `require` should be just as effective at solving voxpupuli#43 without introducing dependency cycles. With `contain`... ```puppet class profile::foo { yum::versionlock { '0:bash-4.1.2-9.el6_2.*':} } class profile::bar { yum::versionlock { '2:vim-enhanced-7.4.629-6.el7.x86_64':} } include profile::foo include profile::bar Class['profile::foo'] -> Class['profile::bar'] ``` fails with ``` Error: Found 1 dependency cycle: (Augeas[yum.conf_plugins] => Yum::Config[plugins] => Yum::Plugin[versionlock] => Class[Yum::Plugin::Versionlock] => Yum::Versionlock[0:bash-4.1.2-9.el6_2.*] => Class[Profile::Foo] => Class[Profile::Bar] => Yum::Versionlock[2:vim-enhanced-7.4.629-6.el7.x86_64] => Class[Yum::Plugin::Versionlock] => Yum::Plugin[versionlock] => Package[yum-plugin-versionlock] => Yum::Plugin[versionlock])\nTry the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz Error: Failed to apply catalog: One or more resource dependency cycles detected in graph ``` This commit also refactors the type with: * puppet-strings style docs. * A simple `unless` instead of a `case` for `ensure`. * `assert_type` instead of `is_a`. Fixes voxpupuli#43
No description provided.