如何确保传输的文件与puppet中的源文件相同?
[英]How to ensure the file transferred is identical to the source in puppet?
问题描述
I have some config files to transfer from the master to the agent.How can I ensure that the file is transferred done successfully? 
我有一些配置文件要从主服务器传输到代理。如何确保文件传输成功? I wonder when transferring file the network is closed , a half config file may be very harmful to the service before the puppet agent's next running. 我不知道何时关闭网络传输文件,在木偶代理下次运行之前,一半的配置文件可能对服务非常有害。 I can compute the md5 of file on the master and transfer the md5 to agent by transferring the md5 file.And on the agent I will compare the md5 to the file which transferred done.So I know the file is completely transferred and move it to the config file path. 我可以在主服务器上计算文件的md5并通过传输md5文件将md5传输到代理,然后在代理上将md5与已传输完成的文件进行比较,因此我知道文件已完全传输并将其移动到配置文件路径。 But if the config file's content is written in a template.I do not know the way to checksum its md5 val. 但是如果配置文件的内容写在模板中,我不知道校验和的md5 val的方法。 Can anyone help me? 谁能帮我? thanks 谢谢
1 个解决方案
解决方案1
1 2017-10-19 21:15:28
I have some config files to transfer from the master to the agent.How can I ensure that the file is transferred done successfully?
That's a fair question, but ultimately, you don't need to do anything special here. 这是一个公平的问题,但是最终,您不需要在这里做任何特别的事情。 Puppet agents communicate with the master via HTTPS for all purposes. 为了所有目的, 人偶代理通过HTTPS与主服务器通信 。 In addition to authentication of both ends and confidentiality of the data transferred, this ensures the integrity of the data transferred , to a very high level of confidence. 除了两端的身份验证和传输数据的机密性之外, 这还可以确保传输数据的完整性 ,并具有很高的置信度。 This applies equally to files embedded in the catalog and to files downloaded separately from the master's file server. 这同样适用于目录中嵌入的文件以及从主文件服务器单独下载的文件。
I wonder when transferring file the network is closed , a half config file may be very harmful to the service before the puppet agent's next running.
True, but you don't have to worry about this. 是的,但是您不必为此担心。 When Puppet downloads files from the master's file server, or when it copies them out of the catalog, it does not directly overwrite the target. 当Puppet从主文件服务器下载文件时,或者将其从目录中复制出来时,它不会直接覆盖目标。 Instead, it writes them into a temporary file, and only after the transfer is complete does it move them into place. 相反,它将它们写入一个临时文件,并且仅在传输完成后才将它们移动到位。 I assure you that it can tell if the connection drops mid-transfer, and as I already described, the transfer protocol used has integrity assurance built in. 我向您保证,它可以判断连接是否在传输过程中断开,并且正如我已经描述的那样,所使用的传输协议具有内置的完整性保证。
I can compute the md5 of file on the master and transfer the md5 to agent by transferring the md5 file.And on the agent I will compare the md5 to the file which transferred done.So I know the file is completely transferred and move it to the config file path.
Yes, you could do that. 是的,您可以这样做。 I'd account it a waste of effort, but that's your business. 我认为这很浪费精力,但这是您的事。
But if the config file's content is written in a template.I do not know the way to checksum its md5 val.
If the file's content is generated via a template then that content is embedded in the catalog, and it is also stored in PuppetDB if you have that installed and enabled. 如果文件的内容是通过模板生成的,则该内容将嵌入目录中,并且如果已安装并启用该文件,该内容也将存储在PuppetDB中。 You could, in principle, hash the content from there, but again, I think that would be wasted effort. 从原则上讲,您可以从那里哈希内容,但是再次,我认为这是浪费精力。 It's tremendously more likely that the file content is just wrong in the first place than that it gets corrupted between master and agent. 首先,文件内容很可能是错误的,而不是在主机和代理之间损坏的。
And if you're going to worry about that then you should not neglect the possibility that some other part of the catalog is corrupted during transfer, with who knows what unwanted effect. 而且,如果您担心这一点,那么您不应该忽略目录的其他部分在传输过程中被破坏的可能性,谁知道这是什么不良影响。 That'll keep you up at night if you let it, but as I said, Puppet has built-in safeguards against that sort of thing. 如果您允许的话,这会让您彻夜难眠,但是正如我说的那样,Puppet具有针对此类情况的内置防护措施。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.