-
-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add systemd-timesyncd support #43
Conversation
@@ -23,6 +23,14 @@ | |||
it { is_expected.to create_service('systemd-networkd').with_ensure('running') } | |||
it { is_expected.to create_service('systemd-networkd').with_enable(true) } | |||
end | |||
context 'when enabling timesyncd' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe extend the existing test where both resolved and networkd are enabled? Or at least add the is_expected.to_not
to the plain test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant to add is_expected.not_to
on line 13 as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ups. added that as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Have you considered also managing the config file?
Enum['stopped','running'] $networkd_ensure = 'running', | ||
Boolean $manage_timesyncd = false, | ||
Enum['stopped','running'] $timesyncd_ensure = 'running', | ||
Optional[String] $ntp_server = undef, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not an array?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thougt about it. Systemd expects a comma separated list. What do you think about an array which I join()?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, I think that's better. The API you expose through puppet should make sense in puppet land. Use join in the template or wherever.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that would be a cleaner interface, personally (having it be structured data in Puppet, and join it later). Not sure whether it should require an array for a single element list, or whether it should allow you to pass in a string and force to list context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you're being really friendly, I suppose you might also accept a string with no commas in instead of forcing people to use arrays of size 1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And if it's an array, the params should probably be ntp_servers
and fallback_ntp_server
?
This also makes it clear that the params can take multiple values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wyardley +1 Agreed. If you expect an array, pluralise the parameter name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to keep ntp_server and fallback_ntp_serve because those are the keys in the ini file. I updated the code to accept a single string or arrays. What do you think about that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally think it should be plural, will defer to @alexjfisher
Not all systems have The same goes for |
@trevor-vaughan it defaults to off/dont manage. Is that okay? Is there a way to check the presence without a fact? |
@bastelfreak I'm just worried that someone will turn it on without knowing that it's not present on their system and "bad things"(tm) will happen. For instance, my Fedora system has both of these, but my RHEL 7 system does not. If I have something in Hiera based on While, technically, this is the fault of the user, it would be best to fail safe and perhaps notify them that they're trying to do something that won't work. Unfortunately, you can't base it off of existing facts from what I can tell, you're going to have to actually query |
@trevor-vaughan uff. This needs a huge amount of code. I agree that it would be nice. I don't know a sane way to query systemd about it. One solution would be to check for /usr/lib/systemd/systemd-timesyncd, but the path isn't the same on all distributions. Should this improvement be moved into its own pull request? |
@bastelfreak It's a |
@bastelfreak Did a bit more poking and this seems to give a good list that would make a great |
oh right, I totally forgot that :D |
systemctl list-unit-files --no-pager | awk '!/static|@/ && $1 ~ /systemd-.*.service/ { print $1 " " $2}' I can wrap that up tomorrow in a fact (or do it in pure ruby) |
Pure ruby would probably be less fragile over time, but that would be ideal, thanks! |
Jo @trevor-vaughan! The awesome @jreinert and I added a ruby implementation of the structured fact. Output is:
What do you think about that? |
lib/facter/systemd.rb
Outdated
# Purpose: | ||
# Determine whether systemd is the init system on the node | ||
# Purpose: | ||
# Determine whether SystemD is the init system on the node |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's plain systemd, not SystemD according to https://www.freedesktop.org/wiki/Software/systemd/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh dang. I did some copy and paste issues. my patch for this file isn't based on master. I will fix that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
lib/facter/systemd.rb
Outdated
Facter.add(:systemd) do | ||
confine :kernel => :linux | ||
setcode do | ||
Facter.value(:service_provider) == 'systemd' | ||
Facter::Util::Resolution.exec('ps -p 1 -o comm=') == 'systemd' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't revert this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed.
enable => $_enable_timesyncd, | ||
} | ||
|
||
if $ntp_server { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it otherwise be ensured to be absent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the linux distribution may place default values in there. so IMO we should not touch it.
7e86ce5
to
3a69968
Compare
👍 |
3a69968
to
74cfb58
Compare
manifests/init.pp
Outdated
@@ -32,11 +50,15 @@ | |||
create_resources('systemd::service_limits', $service_limits) | |||
} | |||
|
|||
if $manage_resolved { | |||
if $manage_resolved and $facts['systemd_internal_services']['systemd-resolved.service'] { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is going to fail hard if the fact could not be populated for some reason.
Should probably be: if $mange_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service']
74cfb58
to
0d1b764
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👁️ 👍
@@ -32,11 +50,15 @@ | |||
create_resources('systemd::service_limits', $service_limits) | |||
} | |||
|
|||
if $manage_resolved { | |||
if $manage_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service'] { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a bit late to the party but if manage_resolved
is true and the system can't use it, should that be an error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would add another layer, not sure if this is actually needed. Is it safe to assume that only people that know their systems try to enable it? (Or at least know if they run systemd or not)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also using the module would be a bit more complicated/requires more logic. Currently I apply it to all servers in our org, no matter if its a freebsd, old centos or something with systemd. Fail safely vs fail hard
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the other hand, if you don't manage this you might silently not manage something when you expect it to. Makes me wonder if it should be a tristate: off, auto and on where on has checks if it's actually enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about this, but unsure of the needed complexity is worth it
The plugin class `yum::plugin::versionlock` should not be `contain`ed from every instance of the `yum::versionlock` defined type. Doing so makes it impossible to use the type in multiple dependent classes/profiles. `contain` implies that the resource 'owns' the plugin. Using `require` should be just as effective at solving voxpupuli#43 without introducing dependency cycles. With `contain`... ```puppet class profile::foo { yum::versionlock { '0:bash-4.1.2-9.el6_2.*':} } class profile::bar { yum::versionlock { '2:vim-enhanced-7.4.629-6.el7.x86_64':} } include profile::foo include profile::bar Class['profile::foo'] -> Class['profile::bar'] ``` fails with ``` Error: Found 1 dependency cycle: (Augeas[yum.conf_plugins] => Yum::Config[plugins] => Yum::Plugin[versionlock] => Class[Yum::Plugin::Versionlock] => Yum::Versionlock[0:bash-4.1.2-9.el6_2.*] => Class[Profile::Foo] => Class[Profile::Bar] => Yum::Versionlock[2:vim-enhanced-7.4.629-6.el7.x86_64] => Class[Yum::Plugin::Versionlock] => Yum::Plugin[versionlock] => Package[yum-plugin-versionlock] => Yum::Plugin[versionlock])\nTry the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz Error: Failed to apply catalog: One or more resource dependency cycles detected in graph ``` This commit also refactors the type with: * puppet-strings style docs. * A simple `unless` instead of a `case` for `ensure`. * `assert_type` instead of `is_a`. Fixes voxpupuli#43
No description provided.