Enabling syntax checking for puppet via a git update hook
Todd Zullinger
tmz at pobox.com
Thu Jun 25 13:44:01 UTC 2009
Mike McGrath wrote:
> I'll take a look at this tomorrow, we've got a git check in there
> now that does a syntax and notify. I think the only reason it
> prevents commits is because I didn't know how to do that :) so all
> it does is throw errors.
That's in syncPuppetMaster.sh, called from the post-update hook,
right? By then, there is no chance to deny the push, as the refs have
been updated by git. :)
> Here's the only got'cha. We mix a private and public repo together.
> IE: in our public repo we reference $someDbPassword, and then in the
> private repo we create that password. The only time they're
> together is after a push has happened. Does this account for that?
> Does that problem not even exist anymore?
Using the code for the update hook in my previous mail, I don't think
is should be a problem. That should only check the files that are
being modified by the push for syntax errors. Puppet is called with
--parseonly and --ignoreimport. That should prevent problems caused
by a manifest in puppet relying on something in private. Of course,
testing it on a manifest that uses a variable define in private would
be a good idea. :)
Keeping the syntax check in syncPuppetMaster.sh is probably a good
backup, as it might catch things that the check on individual .pp
files misses.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You're not drunk if you can lie on the floor without holding on.
-- Dean Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20090625/ce1118f4/attachment.bin
More information about the infrastructure
mailing list