thias
commented
10 years ago I think my module used to do that... but then it was causing some problems for values with spaces, such as the ones for net.ipv4.tcp_mem, net.ipv4.ip_local_port_range, kernel.sem, etc.
Maybe something like this could work, where we squeeze all of the spaces before comparing (WARNING : 100% untested!) :
$squeezed_value = regsubst($value,' +',' ','G')unless => "sysctl ${title} | tr -s ' ' | grep -e \"= ${squeezed_value}\$\"",This would require a lot of testing before going in, as the implications are quite important. I'm guessing it's what you had in mind, correct?
Regarding your particular issue, though, I would argue that you're missing some ordering between what loads the conntrack module (probably some stateful iptables rules) and the sysctl change :-)
Feel free to try out that code, test it well, and submit a pull request!
sysctl { 'net.ipv4.vs.conntrack': value => '1' }
err /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack] /sbin/sysctl -p /etc/sysctl.d/net.ipv4.vs.conntrack.conf returned 255 instead of one of [0] err /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack] Failed to call refresh: /sbin/sysctl -p /etc/sysctl.d/net.ipv4.vs.conntrack.conf returned 255 instead of one of [0] notice /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack]/returns sysctl: cannot stat /proc/sys/net/ipv4/vs/conntrack: No such file or directory notice /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/File[/etc/sysctl.d/net.ipv4.vs.conntrack.conf]/ensure defined content as '{md5}9892f17f4768817fea4de8d7bac67fd0'
This option is not retried on the subsequent puppet run. Expectation is that it fails consistently. Module should actively check if the option has the correct value using 'sysctl net.ipv4.vs.conntrack'. This can be done in place of "refreshonly", using an onlyif value != provisioned value