Using commit hooks
It would be nice if we knew there was a syntax error in the manifest before we even committed it. You can have Puppet check the manifest using the puppet parser validate command:
# puppet parser validate/etc/puppet/manifests/site.pp err: Could not parse for environment production: Syntax error at end of file at /etc/puppet/manifests/site.pp:3
This is especially useful because a mistake anywhere in the manifest will stop Puppet from running on any node, even on nodes that don't use that particular part of the manifest. So checking in a bad manifest can cause Puppet to stop applying updates to production for some time, until the problem is discovered, and this could potentially have serious consequences.
The best way to avoid this is to automate the syntax check by using a pre-commit hook in your version control repo.
How to do it…
If you are using Git for version control, you can add a script, .git/hooks/pre-commit that syntax checks all files about to be committed. This example is taken from the Puppet Labs wiki:
#!/bin/sh
syntax_errors=0
error_msg=$(mktemp /tmp/error_msg.XXXXXX)
if git rev-parse --quiet --verify HEAD > /dev/null
then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
# Get list of new/modified manifest and template files to check (in git index)
for indexfile in `git diff-index --diff-filter=AM --name-only --cached $against | egrep '\.(pp|erb)'`
do
# Don't check empty files
if [ `git cat-file -s :0:$indexfile` -gt 0 ]
then
case $indexfile in
*.pp )
# Check puppet manifest syntax
git cat-file blob :0:$indexfile | puppet parser validate --ignoreimport > $error_msg ;;
*.erb )
# Check ERB template syntax
git cat-file blob :0:$indexfile | erb -x -T - | ruby -c 2> $error_msg > /dev/null ;;
esac
if [ "$?" -ne 0 ]
then
echo -n "$indexfile: "
cat $error_msg
syntax_errors=`expr $syntax_errors + 1`
fi
fi
done
rm -f $error_msg
if [ "$syntax_errors" -ne 0 ]
then
echo "Error: $syntax_errors syntax errors found, aborting commit."
exit 1
fi
How it works…
The commit hook script will prevent you from committing any files with syntax errors:
# git commit -m "spot the deliberate mistake" manifests/site.pp err: Could not parse for environment production: Syntax error at end of file; expected '}' at /etc/puppet/manifests/site.pp:3 manifests/site.pp: Error: 1 syntax errors found, aborting commit.
There's more…
You can find this script, and more details about it, on the Puppet Labs wiki: http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
You can use a similar update hook to prevent broken manifests from being pushed to the Puppetmaster: see the wiki page for details.
See also
- Using version control in this chapter