validation

Overview

This type allows you to validate settings on your system. Here is an example on how you can use this:

validation { "Validate root user is uid 0":
  check           => '/usr/bin/grep -e "^root" /etc/passwd',
  expected_output => /root:x:0:0:root:/root:/bin/bash/,
  report_as       => 'command',
  fail_message    => "User root not defined with uid 1 valdation output is: '%<output>s'",
  fail_command    => "/bin/send_to_montoring --node ${::fqdn} %<output>s",
}

This Puppet code executes the check /bin/grep... on your system and validates that the output equals the regular expression /root..../. If it passes, Puppet does nothing. Because report_as is set to command, when the check fails, Puppet will execute the fail_command and pass in the fail_message text.

Attributes

Attribute Name	Short Description
check	The command to execute as a validation check.
control	Internal use only.
cwd	The directory from which to run the command.
disable_corrective_change	Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure	Disable the creation or removal of a resource when Puppet decides is a corrective change.
environment	command, such as `[ 'HOME=/root', 'MAIL=root@example.com']`.
expected_output	The expected output of the command.
expected_value	besides string compares, `validation` can also do numeric comparisons.
fail_command	The message to display when the validation fails.
fail_message	The message to display when the validation fails.
group	The group the check will run in.
logoutput	exit code.
name	The name of the validation.
not_allowed_output	The text that is not allowed in the output.
parse_value	This parameters specifies the way to convert the check output to a number

path	The search path used for command execution.
provider	resource.
refreshonly	do the check only when notfied.
report_as	This resource allows you to specify which type of alert(warning or error) you want when the check fails .
skip	Determine if you want to skip the validation.
timeout	Timeout for applying a resource in seconds.
umask	Sets the umask to be used while executing this command

user	The user the check will run in.

check

The command to execute as a validation check.

Back to overview of validation

control

Internal use only. The control the validation belongs to.

Back to overview of validation

cwd

The directory from which to run the command. If this directory does not exist, the command will fail.

Back to overview of validation

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of validation

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of validation

environment

An array of any additional environment variables you want to set for a command, such as [ 'HOME=/root', 'MAIL=root@example.com']. Note that if you use this to set PATH, it will override the path attribute. Multiple environment variables should be specified as an array.

Back to overview of validation

expected_output

The expected output of the command. You can use either a string or a regular expression to fill this parameter. If you have multiple strings you want to compare against, you can also specify an array of strings or an array of regular expressions.

Back to overview of validation

expected_value

besides string compares, validation can also do numeric comparisons. The expected_value can contain a comparision like this:

expected_value => '>10',

You can also use multiple comparisons like this:

expected_value => ['>10','<100']

When using the == operator, beware trhat all values are converted to real values. So use

expected_value => '==10.0'

When you use this comparison.

To convert the output of the check to a number, use the parse_value parameter.

Back to overview of validation

fail_command

The message to display when the validation fails. The output of the check is passed as arguments to the formatter.

Back to overview of validation

fail_message

The message to display when the validation fails. The output of the check is passed as arguments to the formatter.

Back to overview of validation

group

The group the check will run in.

If none is specified, it will run as root.

validation { ...:
  ...
  user => 'scott',
}

Back to overview of validation

logoutput

Whether to log check output in addition to logging the exit code. Defaults to on_failure, which only logs the output when the check has an exit code that does not match any value specified by the returns attribute. As with any resource type, the log level can be controlled with the loglevel metaparameter.

Valid values are true, false, on_failure.

Back to overview of validation

name

The name of the validation.

Back to overview of validation

not_allowed_output

The text that is not allowed in the output. You can use either a string or a regular expression to fill this parameter. If you have multiple strings you want to compare against, you can also specify an array of strings or an array of regular expressions.

Back to overview of validation

parse_value

This parameters specifies the way to convert the check output to a number

Back to overview of validation

path

The search path used for command execution. Commands must be fully qualified if no path is specified. Paths can be specified as an array or as a ‘:’ separated list.

Back to overview of validation

provider

The specific backend to use for this validation resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

posix

Execute a validation on the current settings

Default for feature == posix.

Back to overview of validation

refreshonly

do the check only when notfied.

The validation should only be run as a refresh mechanism for when a dependent object is changed. It only makes sense to use this option when this command depends on some other object; it is useful for triggering an action:

Note that only subscribe and notify can trigger actions, not require, so it only makes sense to use refreshonly with subscribe or notify.

validation {...:
  ...
  refreshonly => true,
}

The default value is false, meaning the validation is executed as a normal part of the Puppet catalog.

Valid values are true, false.

Back to overview of validation

report_as

This resource allows you to specify which type of alert(warning or error) you want when the check fails .

validate { 'validate something':
  ...
  report_as => 'warning|error|command',
  ...
}

When you specify command as value, a failed check will execute the fail_command commands and pass the fail_message as a message. This can be useful if you want to report validation errors to your monitoring.

The value of none is usefull when using consolidating reporting with the puppet type validation_reports

Valid values are none, NONE, warning, WARNING, error, ERROR, command, COMMAND.

Back to overview of validation

skip

Determine if you want to skip the validation.

Back to overview of validation

timeout

Timeout for applying a resource in seconds.

To be sure no Puppet operation, hangs a Puppet run, all operations have a timeout. When this timeout expires, Puppet will abort the current operation and signal an error in the Puppet run.

With this parameter, you can specify the length of the timeout. The value is specified in seconds. In this example, the timeout is set to 600 seconds.

validation { ...:
  ...
  timeout => 600,
}

The default value for timeout is 300 seconds.

Back to overview of validation

umask

Sets the umask to be used while executing this command

Back to overview of validation

user

The user the check will run in.

If none is specified, it will run as root.

validation { ...:
  ...
  user => 'scott',
}

Back to overview of validation

<< Back to main overview