Enabling syntax checking for puppet via a git update hook
Mike McGrath
mmcgrath at redhat.com
Thu Jun 25 15:56:30 UTC 2009
On Thu, 25 Jun 2009, Todd Zullinger wrote:
> Mike McGrath wrote:
> > I'll take a look at this tomorrow, we've got a git check in there
> > now that does a syntax and notify. I think the only reason it
> > prevents commits is because I didn't know how to do that :) so all
> > it does is throw errors.
>
> That's in syncPuppetMaster.sh, called from the post-update hook,
> right? By then, there is no chance to deny the push, as the refs have
> been updated by git. :)
>
> > Here's the only got'cha. We mix a private and public repo together.
> > IE: in our public repo we reference $someDbPassword, and then in the
> > private repo we create that password. The only time they're
> > together is after a push has happened. Does this account for that?
> > Does that problem not even exist anymore?
>
> Using the code for the update hook in my previous mail, I don't think
> is should be a problem. That should only check the files that are
> being modified by the push for syntax errors. Puppet is called with
> --parseonly and --ignoreimport. That should prevent problems caused
> by a manifest in puppet relying on something in private. Of course,
> testing it on a manifest that uses a variable define in private would
> be a good idea. :)
>
> Keeping the syntax check in syncPuppetMaster.sh is probably a good
> backup, as it might catch things that the check on individual .pp
> files misses.
>
Works for me, patch seems resonable (if it does work like it seems it
should :)
Ping me on irc and we'll get this in and ready and tested.
-Mike
More information about the Fedora-infrastructure-list
mailing list