Update to support Puppet 4 #18
Conversation
trevor-vaughan
force-pushed
the
puppet4-update
branch
from
0ea30e4 to
0b13016
Compare
|
Any chance for merging it? |
Gemfile
Outdated
| @@ -25,7 +25,8 @@ group :development, :unit_tests do | |||
| end | |||
|
|
|||
| group :system_tests do | |||
| gem 'beaker', :require => false | |||
| gem 'beaker', :git => 'https://github.com/trevor-vaughan/beaker.git', :branch => 'BKR-978-2.51.0' | |||
There was a problem hiding this comment.
We're managing this with modulesync, so we might need to use this in all of our modules...
There was a problem hiding this comment.
@raphink This is now fixed in Beaker. I'll put in the correct updates.
|
That's quite a PR. I'll have to take time to review it. |
|
I took a look, and did not find anything objectionable. Perhaps define types for the patterns used for limits? those seem like they might be generally useful when dealing with systemd. Also, don't some values accept 'infinity' as well? Something like Systemd::Interval and Systemd::Size? |
|
That LGTM too, I'll just have to resolve that modulesync bit. @trevor-vaughan could you rebase please? |
|
@oranenj You are correct about the 'infinity' option. I'll double check those. The systemd documentation is...fragmented at best. I hope to have this done by the end of the week. |
trevor-vaughan
force-pushed
the
puppet4-update
branch
from
0b13016 to
a95438d
Compare
| @@ -24,15 +24,16 @@ Let this module handle file creation and systemd reloading. | |||
| Or handle file creation yourself and trigger systemd. | |||
|
|
|||
| ```puppet | |||
| include ::systemd | |||
| include ::systemd::systemctl::daemon_reload | |||
There was a problem hiding this comment.
I think I'd rather keep the interface in the systemd class and contain the subclasses (systemd::systemctl::daemon_reload and systemd::tmpfiles) for dependencies instead. Is there something that prevents from doing that?
There was a problem hiding this comment.
We can contain daemon_reload but we can't contain tmpfiles since tmpfiles is triggered from the use of the tmpfile defined type.
A notify to Class[systemd] makes sense for reloading the whole thing though so I'll switch that one to a contain and hope that we don't get more creative in the future.
There was a problem hiding this comment.
I see you contained the class in init.pp, so I'm guessing the README is not up-to-date?
manifests/init.pp
Outdated
| class systemd ( | ||
| $service_limits = {} | ||
| Optional[Hash] $service_limits = undef |
There was a problem hiding this comment.
Why not make the default {} and check for the size of the hash? I find this a bit more logical than allowing for undef as a default value.
There was a problem hiding this comment.
I'd like to leave this one if possible. The compiler is so bloated already that everything we can bind to a single symbol helps.
Also, the code is easier to read and not confusing if, for some reason, we decide to include data in modules later.
There was a problem hiding this comment.
I'm 👍 for this. We use the same style in the Vox Pupuli modules.
| } | ||
|
|
||
| if $limits and !empty($limits) { | ||
| $_content = template("${module_name}/limits.erb") |
There was a problem hiding this comment.
I don't see a $content variable. What is the need for $_content?
There was a problem hiding this comment.
It denotes it as a private variable that should not be used outside of the class. It's been convention for a while but hasn't made it into the style guide yet.
When actual private variables become a thing, this will be easier.
manifests/service_limits.pp
Outdated
| mode => '0644', | ||
| seltype => 'systemd_unit_file_t', | ||
| } | ||
| ) |
There was a problem hiding this comment.
I'm not a big fan of using ensure_resource. I'd rather put this in a separate class and include it.
There was a problem hiding this comment.
I can't. The name is dynamic based on the path and title parameters. It must be created for each call to the define but there can be multiple calls to the define that target the same location.
If we break it out into another define, we'll still have to use ensure_resource
There was a problem hiding this comment.
OK, but then that means that file is unique, so what's the point of using ensure_resource?
manifests/service_limits.pp
Outdated
| } | ||
|
|
||
| File["${path}/${title}.d/90-limits.conf"] ~> Class['systemd::systemctl::daemon_reload'] |
There was a problem hiding this comment.
Why not specify this directly above in the file declaration?
There was a problem hiding this comment.
I find it easier to read, but I've switched it.
manifests/service_limits.pp
Outdated
| } | ||
|
|
||
| File["${path}/${title}.d/90-limits.conf"] ~> Exec["restart ${title} because limits"] | ||
| Class['systemd::systemctl::daemon_reload'] -> Exec["restart ${title} because limits"] |
There was a problem hiding this comment.
This could also be specified in the exec declaration.
manifests/tmpfile.pp
Outdated
| file { "${path}/${title}": | ||
| ensure => $ensure, | ||
| content => $content, | ||
| source => $source, | ||
| owner => 'root', | ||
| group => 'root', | ||
| mode => '0444', | ||
| notify => Exec['systemd-tmpfiles-create'], | ||
| mode => '0644', |
There was a problem hiding this comment.
I'm not sure why this was 0444 and why this needs to be 0644 now.
manifests/unit_file.pp
Outdated
| ) { | ||
| include ::systemd | ||
|
|
||
| if $title !~ Pattern['^.+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$'] { | ||
| fail('$name must match Pattern["^.+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$"]') |
There was a problem hiding this comment.
Or maybe ship a data type for this and use assert_type?
manifests/unit_file.pp
Outdated
| if $target { | ||
| $_ensure = 'link' | ||
| } | ||
| else { |
There was a problem hiding this comment.
style nitpick: I'd rather not have a NL here
There was a problem hiding this comment.
It makes my C soul hurt, but OK.
manifests/unit_file.pp
Outdated
| content => $content, | ||
| source => $source, | ||
| target => $target, | ||
| owner => 'root', | ||
| group => 'root', | ||
| mode => '0444', | ||
| notify => Exec['systemctl-daemon-reload'], | ||
| mode => '0644', |
|
@raphink Code updated per the discussion above |
* Optimized the limits files * Added a custom data type for service limits * Created a class for restarting the daemon so that other modules can use it cleanly * Updated tests Closes voxpupuli#17
trevor-vaughan
force-pushed
the
puppet4-update
branch
from
7168bb0 to
333a362
Compare
Fixes the issue that if, for some reason, someone would need to trigger either networkd, or resolved independently, they would need to break the class abstration and call the Service resources directly.
|
@bastelfreak Would you mind looking this over one last time. I made a few additional changes and would like some feedback. I've pinged @raphink to see if he has any objections to the latest batch of updates and will push this tomorrow evening if I haven't heard anything by then. We can then rebase and work on #32 |
trevor-vaughan
force-pushed
the
puppet4-update
branch
from
48c7908 to
1acb7bf
Compare
manifests/init.pp
Outdated
| Boolean $manage_resolved = false, | ||
| Variant[Enum['stopped','running'],Boolean] $resolved_ensure = 'running', | ||
| Boolean $manage_networkd = false, | ||
| Variant[Enum['stopped','running'],Boolean] $networkd_ensure = 'running', |
There was a problem hiding this comment.
on the vox pupuli modules we agreed to only allow 'stopped' and 'running'. we dropped the boolean during the migration from puppet3 to puppet4/5.
manifests/unit_file.pp
Outdated
| $content = undef, | ||
| $source = undef, | ||
| $target = undef, | ||
| Enum['file', 'absent'] $ensure = 'file', |
There was a problem hiding this comment.
compared to the service ensure above, we don't allow true/false here, which is good in my opinion.
There was a problem hiding this comment.
same comment on file/present though
README.md
Outdated
| file { '/usr/lib/systemd/system/foo.service': | ||
| ensure => file, | ||
| owner => 'root', | ||
| group => 'root', | ||
| mode => '0644', | ||
| source => "puppet:///modules/${module_name}/foo.service", | ||
| } ~> | ||
| Exec['systemctl-daemon-reload'] | ||
| Class['systemd::systemctl::daemon_reload'] |
There was a problem hiding this comment.
the ~> needs to be in front of Class[]
There was a problem hiding this comment.
I honestly like to break these out explicitly, but I've been trying to follow the class.
README.md
Outdated
| file { '/etc/tmpfiles.d/foo.conf': | ||
| ensure => file, | ||
| owner => 'root', | ||
| group => 'root', | ||
| mode => '0644', | ||
| source => "puppet:///modules/${module_name}/foo.conf", | ||
| } ~> | ||
| Exec['systemd-tmpfiles-create'] | ||
| Class['systemd::tmpfiles'] |
There was a problem hiding this comment.
the ~> needs to be in front of Class[]
There was a problem hiding this comment.
Fixed these and the one missing trailing comma (which I also don't agree with) :-D
|
@trevor-vaughan done |
|
@bastelfreak Mischief Managed. @raphink indicated that he could review this week, but not this weekend. Will pester mercilessly until we get things through ;-). |
| @@ -24,15 +24,16 @@ Let this module handle file creation and systemd reloading. | |||
| Or handle file creation yourself and trigger systemd. | |||
|
|
|||
| ```puppet | |||
| include ::systemd | |||
| include ::systemd::systemctl::daemon_reload | |||
There was a problem hiding this comment.
I see you contained the class in init.pp, so I'm guessing the README is not up-to-date?
manifests/init.pp
Outdated
| $service_limits = {}, | ||
| Boolean $manage_resolved = true, | ||
| Boolean $manage_networkd = true, | ||
| Optional[Hash] $service_limits = undef, |
There was a problem hiding this comment.
We might want to create a Data Type for this eventually to have finer validation.
There was a problem hiding this comment.
@raphink To the first comment: No, this is correct. You can do either of those cases in a valid manner.
systemd::unit_file`` includes systemd` so that it is independently feature complete and since this is the 90% use case of this module.
There was a problem hiding this comment.
@raphink To the second comment....I already made one of those :-|
manifests/networkd.pp
Outdated
| # The state that the ``networkd`` service should be in | ||
| # | ||
| class systemd::networkd ( | ||
| Variant[Enum['stopped','running'],Boolean] $ensure = 'running', |
There was a problem hiding this comment.
If it's a private class and the values are limited to Enum['stopped','running'] in init.pp, I'm not sure how it could ever be a Boolean?
manifests/resolved.pp
Outdated
| # The state that the ``resolved`` service should be in | ||
| # | ||
| class systemd::resolved ( | ||
| Variant[Enum['stopped','running'],Boolean] $ensure = $::systemd::resolved_ensure, |
manifests/networkd.pp
Outdated
| assert_private() | ||
|
|
||
| $_enable_networkd = $ensure ? { | ||
| /stopped/ => false, |
| } | ||
|
|
||
| if $limits and !empty($limits) { | ||
| $_content = template("${module_name}/limits.erb") |
manifests/service_limits.pp
Outdated
| mode => '0644', | ||
| seltype => 'systemd_unit_file_t', | ||
| } | ||
| ) |
There was a problem hiding this comment.
OK, but then that means that file is unique, so what's the point of using ensure_resource?
manifests/tmpfile.pp
Outdated
| $path = '/etc/tmpfiles.d', | ||
| $content = undef, | ||
| $source = undef, | ||
| Enum['file','absent'] $ensure = 'file', |
manifests/unit_file.pp
Outdated
| $content = undef, | ||
| $source = undef, | ||
| $target = undef, | ||
| Enum['file', 'absent'] $ensure = 'file', |
There was a problem hiding this comment.
same comment on file/present though
manifests/unit_file.pp
Outdated
| ) { | ||
| include ::systemd | ||
|
|
||
| assert_type(Systemd::Unit, $title) |
There was a problem hiding this comment.
I would rather assert $name and use a path attribute in the file below, to allow users to choose their resource title as they want.
|
OK for me. @trevor-vaughan @bastelfreak I'll let you squash and merge. |
trevor-vaughan
dismissed
raphink’s stale review
Dismissing based on #18 (comment)
| Optional['LimitMSGQUEUE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'], | ||
| Optional['LimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$']], | ||
| Optional['LimitRTPRIO'] => Integer[0], | ||
| Optional['LimitRTTIME'] => Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'] |
There was a problem hiding this comment.
FYI this is MemoryLimit so this broke us
There was a problem hiding this comment.
@mwhahaha It would be lovely if the systemd man pages weren't a rats nest of crazy.
Would it make sense to add all of the things in this section to the Systemd::ServiceLimits type?
http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemd.resource-control&sect=5
There was a problem hiding this comment.
Yes if you're going to validate them, then you need to support all of them. IMHO i wouldn't validate the keys/values because it'll be a constant battle to keep the module to supporting all the things added to systemd over time. It would be better to do simple validation to just ensure that the key is a valid string (no special chars) and just accept whatever values.
There was a problem hiding this comment.
@mwhahaha At that point, you might as well just drop your own file in place. That's all this does anyway after some validation. Really, the only thing it adds is validation.
There was a problem hiding this comment.
Well we were using this to trigger the required restarts and systemd actions. So dropping the file is not the only thing that is needed.
There was a problem hiding this comment.
I was just saying that trying to validate via puppet the underlying (and changing) systemd config file requirements in this puppet module seems to add more work than it's worth.
There was a problem hiding this comment.
@mwhahaha Quite possibly, yes. We'll see as time goes on. In theory, as people automate more around systemd, they'll need to get their act together and stop changing everything regularly.
Then again, when you want systemd to be the automation tool, I guess that can get difficult.
use it cleanly
Closes #17