[openstack-dev] [Fuel] [Puppet] Potential critical issue, due Puppet mix stderr and stdout while execute commands
Sergey Vasilenko
svasilenko at mirantis.com
Thu Oct 22 06:52:17 UTC 2015
On Thu, Oct 22, 2015 at 6:16 AM, Matt Fischer <matt at mattfischer.com> wrote:
> I thought we had code in other places that split out stderr and only
> logged it if there was an actual error but I cannot find the reference now.
> I think that matches the original proposal. Not sure I like idea #3.
Matthew, this topic not about SSL. ANY warnings, ANY output to stderr from
CLI may corrupt work of providers from puppet-* modules for openstack
components.
IMHO it's a very serious bug, that potential affect openstack puppet
modules.
I see 3 way for fix it:
1. Long way. big patch to puppet core for add ability to collect stderr
and stdout separately. But most of existing puppet providers waits that
stderr and stdout was mixed when handle errors of execution (non-zero
return code). Such patch will broke backward compatibility, if will be
enabled by default.
2. Middle way. We should write code for redefine 'commands' method. New
commands should collect stderr and stdout separately, but if error happens
return stderr (with ability access to stdout too).
3. Short way. Modify existing providers to use json output instead
plain-text or csv. JSON output may be separated from any garbage (warnings)
slightly. I make this patch as example of this way:
https://review.openstack.org/#/c/238156/ . Anyway json more formalized
format for data exchange, than plain text.
IMHO way #1 is a best solution, but not easy.
/sv
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151022/d1f66054/attachment.html>
More information about the OpenStack-dev
mailing list