Issue #13126 has been updated by Kelsey Hightower.
Got some good feedback from #puppet and most agree with Peter here; we should
not follow symlinks when it comes to the `creates` attribute. But there are
vaild use cases for and against.
### Feedback from the community ###
Valid use cases for following symlinks:
* People use exec for a2enmod which creates symlinks for apache modules and
vhosts entires
* Installing tarballs that produces symlinks: If the install fails part way
through it would be nice to have the exec run again because the symlink is
broken.
Reasons to change the behavior and not follow links:
* Using the state of a symlink should be considered bad pratice, non-root owned
files can effect the outcome of a Puppet run.
* All the issues around using symlinks: loops, security, etc
### Possible solution ###
Based on feedback I think we need to provide the user a way to be explict here.
I'm thinking we should provide a new attribute for the Exec resource, something
like `links` should work.
To prevent the Exec resouce from following symlinks the user could set the
`links` attribute to ignore:
exec { "/bin/ln -s /tmp/no.file.here /tmp/test.link":
creates => "/tmp/test.link",
links => ignore
}
For backwards compatibility we can set the `links` attribute to "follow" by
default:
exec { "/bin/ln -s /tmp/no.file.here /tmp/test.link":
creates => "/tmp/test.link",
links => follow
}
Then we polish this all off with updates to the docs.
----------------------------------------
Bug #13126: Exec's 'creates' attribute follows symlinks and treats broken links
as missing files
https://projects.puppetlabs.com/issues/13126#change-57863
Author: Peter Bukowinski
Status: In Topic Branch Pending Review
Priority: Normal
Assignee: Kelsey Hightower
Category: exec
Target version: 2.7.x
Affected Puppet version:
Keywords:
Branch: https://github.com/puppetlabs/puppet/pull/588
When an `exec` resource's `creates` attribute points to a broken symlink, the
target is treated as missing and does not prevent the exec block from running.
The following code will succeed on the first run, then fail on subsequent runs
because it's trying to recreate an existing symlink.
<pre>
puppet apply -e 'exec { "/bin/ln -s /tmp/no.file.here /tmp/test.link": creates
=> "/tmp/test.link" }'
</pre>
If this is the intended behavior, I'd like to understand the reasoning behind
it.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
