I use Puppet to generate /etc/exim4.conf
and I want to make sure that the configuration is valid before I install the file on production systems.
I've considered—
using a git hook to call
exim4 -bV -C filename
... but this won't work because I use an ERB template to generate the file, so the end result isn't actually generated until the Puppet agent runs. I already have a git hook to test ERB syntax.letting the init script check the config file... but this isn't good enough because, while the script will refuse to reload Exim if the configuration is invalid, the file will have already been installed and direct calls to Exim (to send mail from applications, for example) will fail.
Ideally what I want is some kind of Puppet directive that looks like
file { '/etc/exim4/exim4.conf':
content => template("exim/etc/exim4/exim4.conf.erb"),
notify => Service[exim4],
but_before_we_install_check_syntax_with => '/usr/bin/exim4 -bV -C',
}
How can I check the syntax of the config file after it's been generated by Puppet but before it gets installed?
I'm using Exim 4.80 and Puppet 2.7.26 on Debian Wheezy systems.
It sounds like you are describing the
validate_cmd
parameter exactly. From the Puppet type reference forfile
:In your example, I think you would do this:
You could test the resulting configuration by using a git hook to fire up a virtual machine / container (Docker would be ideal for this) and apply the manifest in that environment.
If you're doing this regularly you might consider implementing a CI system (like Jenkins) which you push your changes to, have the CI run a suite of tests and on success push the changes to production.
I'd probably just create three tasks which just depend on each other:-
Is there a reason that this wouldn't work in this case?