-
-
Notifications
You must be signed in to change notification settings - Fork 879
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confine NGINX version fact to exclude Cisco Nexus switches #1140
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What an amazing bug. I can imagine it took quite some time to figure it out.
lib/facter/nginx_version.rb
Outdated
@@ -1,6 +1,6 @@ | |||
Facter.add(:nginx_version) do | |||
setcode do | |||
if Facter.value('kernel') != 'windows' && (Facter::Util::Resolution.which('nginx') || Facter::Util::Resolution.which('openresty')) | |||
if Facter.value('kernel') != 'windows' && Facter.value('operatingsystem') != 'nexus' && (Facter::Util::Resolution.which('nginx') || Facter::Util::Resolution.which('openresty')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move this to confine
? According to https://puppet.com/docs/facter/3.9/fact_overview.html#main-components-of-simple-resolutions you can repeat it multiple times.
I think the syntax for confine is like this: https://puppet.com/docs/facter/3.9/custom_facts.html#confining-facts |
7ce0598
to
ac79eb6
Compare
Refactored code and cleaned up confine. Regarding spec tests, it is not required for the fact itself, as the addition just says dont run this fact on the Nexus Operating system. I also noticed the spec tests for the fact are simulations on string output, and not confinement. |
@murdok5 Generally, Vox likes to have spec tests for changes... in this case, the test would just test that the fact is undef when the facts match the confine statement, obviously the existing tests validate that it works in normal conditions. |
@wyardley As long as the confine is only checking equality against a string constant, I don't think there's anything of value to unit test. We don't care about the fact value in the event the system is Windows or a Nexus device, we just want it not to evaluate. Unit tests against I would like to see the confines cleaned up a little to make it obvious that the only thing happening is an inequality check. Beyond that, I endorse merging. Code is trivial - not possible to write a unit test that adds value. confine { Facter.value(:kernel) != 'windows' }
confine { Facter.value(:operatingsystem) != 'nexus' } |
@reidmv Fair enough. I was thinking mostly about the case where some changes to the fact itself could cause this to break again in the future, but I am fine with leaving them out. Should it be using Also, +1 on @ekohl's comments to the OP, great work figuring this out. |
Cisco Nexus Switches may run older version of NGINX internally in which the command 'nginx -v' disables the nxapi socket (deletes sock file) on second or later runs. Tested on CIsco NXOS 9k. Refactor ruby fact moving kernel/OS to confine block as well.
ac79eb6
to
e28737a
Compare
@wyardley I chose the operatingsystem fact since as far as I have tested the issue is restricted to Nexus devices. Attached is a picture of the facts from one of my 9k test VMs for fact reference. @reidmv thanks for clarification. I have updated the confine block to show single logic per line to improve readability and future additions if needed. |
@murdok5 sorry, I just meant using structured facts vs. |
Confine NGINX version fact to exclude Cisco Nexus switches
Cisco Nexus Switches may run older version of NGINX internally in which the command 'nginx -v' disables the nxapi socket (deletes sock file) on second or later runs. Tested on CIsco NXOS 9k physical and virtual, and confirmed with Cisco engineers.
Nginx is an underlying component, and should not be managed by resources other than the Cisco module(s) for the Nexus devices, hence prevention of this fact running on the Nexus operating system.