下面附上的是我写的一个puppet模块,它将iptablesconfiguration推送到我们的负载均衡器。 它是有效的,除了这样的禁止应用脚本运行每个木偶运行,无论服务本身是否实际上有一个更新。 我的问题是,为什么执行者每次运行都会触发,我怎么才能在订阅的服务刷新时运行呢?
我曾经尝试删除Exec中的“onlyif”语句,认为可能是onlyif会触发一个无条件的执行,但即使没有“onlyif”,exec仍然会触发每一个puppet运行。
节点定义与此类似,没有指定任何参数:
node /or-rtlb\d{2}/ { include iptables } 这里是这个类的代码:
class iptables ($ApplyBans=true) { if $hostname =~ /(?i:or-rtlb\d{2})/ { $ip6tables_file="or-rtlbs.ip6tables" $iptables_file="or-rtlbs.iptables" } if $hostname =~ /(?i:or-puptest)/ { $ip6tables_file="or-rtlbs.ip6tables" $iptables_file="or-rtlbs.iptables" } case $::osfamily { RedHat: { file { "/etc/sysconfig": ensure => directory, owner => root, group => root, mode => 0755 } file { "ip6tables-file": path => "/etc/sysconfig/ip6tables", ensure => present, owner => root, group => root, mode => 0644, source => "puppet:///modules/iptables/$ip6tables_file", require => [File["/etc/sysconfig"], Package["iptables"]], notify => Service["ip6tables-service"] } file { "iptables-file": path => "/etc/sysconfig/iptables", ensure => present, owner => root, group => root, mode => 0644, source => "puppet:///modules/iptables/$iptables_file", require => [File["/etc/sysconfig"], Package["iptables"]], notify => Service["iptables-service"] } package { "iptables": ensure => installed } package { "iptables-ipv6": ensure => installed } service { "iptables-service": name => "iptables", ensure => running, hasstatus => true, hasrestart => true, enable => true, } service { "ip6tables-service": name => "ip6tables", ensure => running, hasstatus => true, hasrestart => true, enable => true, } if ($ApplyBans) { exec { "so-bans-apply" : command => "/root/bans/so-bans/force-ban-refresh", onlyif => "/usr/bin/test -f /root/bans/so-bans/force-ban-refresh", subscribe => [ Service["iptables-service"], Service["ip6tables-service"], ] } } } } }
向exec添加refreshonly => true ,并且只有在notify或subscribe关系触发它时才会运行。