0

I have some config files to transfer from the master to the agent.How can I ensure that the file is transferred done successfully? I wonder when transferring file the network is closed , a half config file may be very harmful to the service before the puppet agent's next running. I can compute the md5 of file on the master and transfer the md5 to agent by transferring the md5 file.And on the agent I will compare the md5 to the file which transferred done.So I know the file is completely transferred and move it to the config file path. But if the config file's content is written in a template.I do not know the way to checksum its md5 val. Can anyone help me? thanks

zengxiaobai2
  • 101
  • 2
  • 4
  • You need server configuration validation/acceptance testing. The two most popular tools in this space are Serverspec and Goss. Check those out. – Matthew Schuchard Oct 19 '17 at 14:52

1 Answers1

1

I have some config files to transfer from the master to the agent.How can I ensure that the file is transferred done successfully?

That's a fair question, but ultimately, you don't need to do anything special here. Puppet agents communicate with the master via HTTPS for all purposes. In addition to authentication of both ends and confidentiality of the data transferred, this ensures the integrity of the data transferred, to a very high level of confidence. This applies equally to files embedded in the catalog and to files downloaded separately from the master's file server.

I wonder when transferring file the network is closed , a half config file may be very harmful to the service before the puppet agent's next running.

True, but you don't have to worry about this. When Puppet downloads files from the master's file server, or when it copies them out of the catalog, it does not directly overwrite the target. Instead, it writes them into a temporary file, and only after the transfer is complete does it move them into place. I assure you that it can tell if the connection drops mid-transfer, and as I already described, the transfer protocol used has integrity assurance built in.

I can compute the md5 of file on the master and transfer the md5 to agent by transferring the md5 file.And on the agent I will compare the md5 to the file which transferred done.So I know the file is completely transferred and move it to the config file path.

Yes, you could do that. I'd account it a waste of effort, but that's your business.

But if the config file's content is written in a template.I do not know the way to checksum its md5 val.

If the file's content is generated via a template then that content is embedded in the catalog, and it is also stored in PuppetDB if you have that installed and enabled. You could, in principle, hash the content from there, but again, I think that would be wasted effort. It's tremendously more likely that the file content is just wrong in the first place than that it gets corrupted between master and agent.

And if you're going to worry about that then you should not neglect the possibility that some other part of the catalog is corrupted during transfer, with who knows what unwanted effect. That'll keep you up at night if you let it, but as I said, Puppet has built-in safeguards against that sort of thing.

John Bollinger
  • 160,171
  • 8
  • 81
  • 157