Gena Makhomed
2017-10-15 13:01:39 UTC
Hello, All!
I am try to use Fabric 1.13.2 / 1.14.0
for Configuration Management and Server provisioning.
But as I can see, put() operation is non-atomic,
so configuration files on remote server can be corrupted.
Non-atomic put() operation - this is a bug in Fabric code?
Should I report this bug via https://github.com/fabric/fabric/issues ?
Or this is not bug, but "feature",
and I should create workaround for this "feature" in my own code?
Something like this: put(..., atomic=True, ...)
- if destination file has multiple hard links:
abort execution with fatal error,
because we can't atomically replace such file
else:
- upload new file to file with temporary name on remote server
- run( chown new file using old file as --reference= )
- run( chmod new file using old file as --reference= )
- if linux extended attributes is supported:
getfacl oldfile > tmpfile.facl ; setfacl --restore=tmpfile.facl
- if selinux enabled, run:
chcon --reference=/path/to/oldfile /path/to/a/newfile
- and finally, run( mv /path/to/newfile /path/to/oldfile )
In such way I can atomically replace edited file at remote host.
P.S.
Both, Ansible and CFEngine make atomic file updates on remote servers:
http://docs.ansible.com/ansible/latest/replace_module.html
https://docs.cfengine.com/docs/3.10/reference-promise-types-edit_line.html
I am try to use Fabric 1.13.2 / 1.14.0
for Configuration Management and Server provisioning.
But as I can see, put() operation is non-atomic,
so configuration files on remote server can be corrupted.
Non-atomic put() operation - this is a bug in Fabric code?
Should I report this bug via https://github.com/fabric/fabric/issues ?
Or this is not bug, but "feature",
and I should create workaround for this "feature" in my own code?
Something like this: put(..., atomic=True, ...)
- if destination file has multiple hard links:
abort execution with fatal error,
because we can't atomically replace such file
else:
- upload new file to file with temporary name on remote server
- run( chown new file using old file as --reference= )
- run( chmod new file using old file as --reference= )
- if linux extended attributes is supported:
getfacl oldfile > tmpfile.facl ; setfacl --restore=tmpfile.facl
- if selinux enabled, run:
chcon --reference=/path/to/oldfile /path/to/a/newfile
- and finally, run( mv /path/to/newfile /path/to/oldfile )
In such way I can atomically replace edited file at remote host.
P.S.
Both, Ansible and CFEngine make atomic file updates on remote servers:
http://docs.ansible.com/ansible/latest/replace_module.html
https://docs.cfengine.com/docs/3.10/reference-promise-types-edit_line.html
--
Best regards,
Gena
Best regards,
Gena