salt stack - deploy multiple file through saltstack only if all files are valid -
we managing web sites saltstack. these sites run on php-fpm, , have several fpm pools. each pool configured dedicated file in php-fpm.d/ directory.
current, have file.managed state check_cmd: php-fpm -ty check if configuration valid.
fpm-conf: file.managed: - name: /etc/php-fpm.conf - source: salt://php/template/fpm.jinja - user: someuser - group: somegroup - mode: 644 - template: jinja - check_cmd: /usr/sbin/php-fpm -ty - require: - pkg: php-package fpm-pool-a: file.managed: - name: /etc/php-fpm.d/a.conf - source: salt://php/template/fpm-a.jinja - user: someuser - group: somegroup - file_mode: 644 - template: jinja - require: - pkg: php-package - require_in: - file: fpm-conf fpm-pool-b: file.managed: - name: /etc/php-fpm.d/b.conf - source: salt://php/template/fpm-b.jinja - user: someuser - group: somegroup - file_mode: 644 - template: jinja - require: - pkg: php-package - require_in: - file: fpm-conf it works fine, until mistake made pool file (say, fpm-pool-a). though fpm-conf state blocks update main fpm config file, a.conf has been contaminated erroneous configuration.
is there way prevent happening? seems check_cmd can't used in case.
how guarantee series of files valid before updating?
one workaround recovering original pool files if mistakes made. here example, i'd suggest start using jinja if state start larger.
fpm-conf: file.managed: - name: /etc/php-fpm.conf - source: salt://php/template/fpm.jinja - user: someuser - group: somegroup - mode: 644 - template: jinja - check_cmd: /usr/sbin/php-fpm -ty - require: - pkg: php-package fpm-pool-a: file.managed: - name: /etc/php-fpm.d/a.conf - source: salt://php/template/fpm-a.jinja - user: someuser - group: somegroup - file_mode: 644 - template: jinja - require: - pkg: php-package - require_in: - file: fpm-conf - backup: minion fpm-pool-b: file.managed: - name: /etc/php-fpm.d/b.conf - source: salt://php/template/fpm-b.jinja - user: someuser - group: somegroup - file_mode: 644 - template: jinja - require: - pkg: php-package - require_in: - file: fpm-conf - backup: minion fpm-pool-a-recover: module.run: - name: file.restore_backup - path: /etc/php-fpm.d/a.conf - backup_id: 0 - onfail: - file: fpm-conf fpm-pool-a-recover: module.run: - name: file.restore_backup - path: /etc/php-fpm.d/b.conf - backup_id: 0 - onfail: - file: fpm-conf notice - backup: minion addition, backup file locally /var/cache/salt/minion/file_backup/...
so in case main config fails, fpm-pool-a-recover , fpm-pool-b-recover fire , recover recent backup of original file.
Comments
Post a Comment