From 08fd4f85cb0b9001f8c9916d9ee35ffcc5e222f0 Mon Sep 17 00:00:00 2001
From: Alex Tayts <atayts@stanford.edu>
Date: Tue, 27 Aug 2024 21:22:44 -0700
Subject: [PATCH] add file/directory check
---
CHANGELOG.md | 4 +
README.md | 40 ++++++-
REFERENCE.md | 193 ++++++++++++++++++++++++++-------
manifests/validate.pp | 142 +++++++++++++++++++++---
metadata.json | 6 +-
templates/validate/files.epp | 100 +++++++++++++++++
templates/validate/header.epp | 7 ++
templates/validate/process.epp | 2 +-
8 files changed, 433 insertions(+), 61 deletions(-)
create mode 100644 templates/validate/files.epp
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c1493a5..6713f12 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
All notable changes to this project will be documented in this file.
+## Release 0.4.0
+
+* Added file/directory check.
+
## Release 0.3.1
* Fixed a bug with long process names.
diff --git a/README.md b/README.md
index 0803b87..38c1b6d 100644
--- a/README.md
+++ b/README.md
@@ -78,18 +78,54 @@ server_patching::validate::exports:
server_patching::validate::zfs_pools:
- pool1
- pool2
+server_patching::validate::files:
+ - path: /var/log/application.log
+ exists: true
+ type: regular file # file types are as outputted by stat(1)
+ owner: application
+ group: operations
+ mode: 644
+ age: 5m # maximum modification time format XXdXXhXXmXXs with any omited
+ min_size: 10
+ max_size: 6M
+ contains:
+ - application startup success
+ - connection established
+ not_contains:
+ - startup failed
+ - exception 24B70 in object.getConnected
+ last_lines: 100 # or 'first_lines: 100', but not both
+ - path: /srv/data/project
+ type: directory
+ owner: pete
+ group: staff
+ min_size: 5M # allocated space, calculation may take time
+ max_size: 10G # allocated space, calculation may take time
```
The fragment generates verifies if:
* VMWare tools service is running
* CrowdStrike daemon process is running
-* Java process which has *solr* in its command line is running
* NetDB URL redirects somewhere (to WebAuth presumably)
-* NetDB server 171.67.5.154 status URL returns success
+* NetDB status URL returns success
* SSH port is open over IPv4
* Telnet port is closed over IPv4
* Given ZFS pools are imported
* Given NFS shares are exported
+* Verfies that application log file
+ * exists
+ * is a regular file ("directory" type is supported as well)
+ * has correct permissions
+ * has been modified within last 5 min
+ * larger than 10 bytes, but smaller than 6MB
+ * contains both strings "application startup success" and "connection established" (Perl regular expressions supported)
+ * contains neither "startup failed" nor "exception 24B70 in object.getConnectd"
+ * only last 100 lines in the file are searched for these strings
+* Checks if a project directory:
+ * exists
+ * has correct premissions
+ * has an allocated size between 5MB and 10GB
+ * (text searches within directory files not supported)
The module would generate a validation script `validation.sh` in
`/usr/local/bin/` directory, which can be triggered by SSM and return a zero
diff --git a/REFERENCE.md b/REFERENCE.md
index 5d75d0b..a12ca71 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -7,7 +7,7 @@
### Classes
* [`server_patching`](#server_patching): A class to deploy patching-related tools
-* [`server_patching::validate`](#server_patchingvalidate): Validate the server state based on predefined checks.
+* [`server_patching::validate`](#server_patching--validate): Validate the server state based on predefined checks.
## Classes
@@ -23,7 +23,7 @@ At the moment only includes the class `server_patching::validate`.
include server_patching
```
-### <a name="server_patchingvalidate"></a>`server_patching::validate`
+### <a name="server_patching--validate"></a>`server_patching::validate`
The class generates or removes the validation script for the
state of the server. The resulting script can be automatically
@@ -64,6 +64,29 @@ server_patching::validate::exports:
server_patching::validate::zfs_pools:
- pool1
- pool2
+server_patching::validate::files:
+ - path: /var/log/application.log
+ exists: true
+ type: regular file # file types are as outputted by stat(1)
+ owner: application
+ group: operations
+ mode: 644
+ age: 5m # maximum modification time format XXdXXhXXmXXs with any omited
+ min_size: 10
+ max_size: 6M
+ contains:
+ - application startup success
+ - connection established
+ not_contais:
+ - application failed
+ - error 2740
+ last_lines: 100 # or 'first_lines: 100', but not both
+ - path: /srv/data/project
+ type: directory
+ owner: pete
+ group: staff
+ min_size: 5M # allocated space, calculation may take time
+ max_size: 10G # allocated space, calculation may take time
```
#### Examples
@@ -78,18 +101,19 @@ include server_patching::validate
The following parameters are available in the `server_patching::validate` class:
-* [`ensure`](#ensure)
-* [`validation_script`](#validation_script)
-* [`use_remctl`](#use_remctl)
-* [`services`](#services)
-* [`processes`](#processes)
-* [`urls`](#urls)
-* [`ports`](#ports)
-* [`mounts`](#mounts)
-* [`exports`](#exports)
-* [`zfs_pools`](#zfs_pools)
+* [`ensure`](#-server_patching--validate--ensure)
+* [`validation_script`](#-server_patching--validate--validation_script)
+* [`wait`](#-server_patching--validate--wait)
+* [`services`](#-server_patching--validate--services)
+* [`processes`](#-server_patching--validate--processes)
+* [`urls`](#-server_patching--validate--urls)
+* [`ports`](#-server_patching--validate--ports)
+* [`mounts`](#-server_patching--validate--mounts)
+* [`exports`](#-server_patching--validate--exports)
+* [`zfs_pools`](#-server_patching--validate--zfs_pools)
+* [`files`](#-server_patching--validate--files)
-##### <a name="ensure"></a>`ensure`
+##### <a name="-server_patching--validate--ensure"></a>`ensure`
Data type: `Enum['absent','present']`
@@ -97,7 +121,7 @@ Deploy or remove the validation script.
Default value: `'present'`
-##### <a name="validation_script"></a>`validation_script`
+##### <a name="-server_patching--validate--validation_script"></a>`validation_script`
Data type: `Stdlib::Unixpath`
@@ -105,15 +129,23 @@ Location of the validation script on the system.
Default value: `'/usr/local/bin/validate.sh'`
-##### <a name="use_remctl"></a>`use_remctl`
+##### <a name="-server_patching--validate--wait"></a>`wait`
-Whether to create a remctl for validation script or not.
+Data type: `Optional[Integer[0]]`
-##### <a name="services"></a>`services`
+Wait for specified number of seconds before starting checks.
-Data type: `Array[Struct[{
- 'name' => String,
- 'active' => Optional[Boolean]}]]`
+Default value: `undef`
+
+##### <a name="-server_patching--validate--services"></a>`services`
+
+Data type:
+
+```puppet
+Array[Struct[{
+ 'name' => String,
+ 'active' => Optional[Boolean]}]]
+```
Array of hashes, where each hash is describing a service and
its desired state.
@@ -127,12 +159,16 @@ Defaults to `true`.
Default value: `[]`
-##### <a name="processes"></a>`processes`
+##### <a name="-server_patching--validate--processes"></a>`processes`
-Data type: `Array[Struct[{
- 'name' => String,
- 'command' => Optional[String],
- 'running' => Optional[Boolean]}]]`
+Data type:
+
+```puppet
+Array[Struct[{
+ 'name' => String,
+ 'command' => Optional[String],
+ 'running' => Optional[Boolean]}]]
+```
Array of hashes, where each hash describes the name of a process
and whether it is supposed to be running.
@@ -146,12 +182,16 @@ or `false` if it is not supposed to. Defaults to `true`.
Default value: `[]`
-##### <a name="urls"></a>`urls`
+##### <a name="-server_patching--validate--urls"></a>`urls`
+
+Data type:
-Data type: `Array[Struct[{
- 'url' => Stdlib::HTTPUrl,
- 'resolve_to' => Optional[Stdlib::IP::Address],
- 'status' => Optional[Integer[100,510]]}]]`
+```puppet
+Array[Struct[{
+ 'url' => Stdlib::HTTPUrl,
+ 'resolve_to' => Optional[Stdlib::IP::Address],
+ 'status' => Optional[Integer[100,510]]}]]
+```
Array of hashes, where each hash describes the web URL
and the HTTP status code it is supposed to return
@@ -164,13 +204,17 @@ Options:
Default value: `[]`
-##### <a name="ports"></a>`ports`
+##### <a name="-server_patching--validate--ports"></a>`ports`
-Data type: `Array[Struct[{
- 'port' => Stdlib::Port,
- 'proto' => Optional[Enum['tcp','udp']],
- 'ip_ver' => Optional[Enum['ipv4','ipv6']],
- 'listening' => Optional[Boolean]}]]`
+Data type:
+
+```puppet
+Array[Struct[{
+ 'port' => Stdlib::Port,
+ 'proto' => Optional[Enum['tcp','udp']],
+ 'ip_ver' => Optional[Enum['ipv4','ipv6']],
+ 'listening' => Optional[Boolean]}]]
+```
Array of hashes, where each hash contains a port number, protocol,
IP protocol version (IPv4/IPv6) and whether anything is expected
@@ -186,7 +230,7 @@ the port is not supposed to respond. Defaults to `true`.
Default value: `[]`
-##### <a name="mounts"></a>`mounts`
+##### <a name="-server_patching--validate--mounts"></a>`mounts`
Data type: `Array[Stdlib::Unixpath]`
@@ -194,7 +238,7 @@ Array of mounts to be checked for presence.
Default value: `[]`
-##### <a name="exports"></a>`exports`
+##### <a name="-server_patching--validate--exports"></a>`exports`
Data type: `Array[Stdlib::Unixpath]`
@@ -202,7 +246,7 @@ Array of NFS exports to be checked for presence. Only local exports are checked.
Default value: `[]`
-##### <a name="zfs_pools"></a>`zfs_pools`
+##### <a name="-server_patching--validate--zfs_pools"></a>`zfs_pools`
Data type: `Array[String]`
@@ -210,3 +254,74 @@ Array of ZFS pools to be checked for presence.
Default value: `[]`
+##### <a name="-server_patching--validate--files"></a>`files`
+
+Data type:
+
+```puppet
+Array[Struct[{
+ 'path' => Stdlib::Unixpath,
+ 'type' => Optional[String[1]],
+ 'exists' => Optional[Boolean],
+ 'owner' => Optional[String[1]],
+ 'group' => Optional[String[1]],
+ 'mode' => Optional[Variant[String[3,4], Integer[0,3777]]],
+ 'age' => Optional[Pattern[/^(\d{0,}d)?(\d{0,2}h)?(\d{0,2}m)?(\d{0,2}s)?$/]],
+ 'min_size' => Optional[Variant[String, Integer[1]]],
+ 'max_size' => Optional[Variant[String, Integer[1]]],
+ 'contains' => Optional[Array[String[1]]],
+ 'not_contains' => Optional[Array[String[1]]],
+ 'first_lines' => Optional[Integer[1]],
+ 'last_lines' => Optional[Integer[1]]}]]
+```
+
+Array of hashes specifying requirements for a file or directory
+
+Options:
+
+* **:path** `Stdlib::Unixpath`: Full file system path to a file or directory. Mandatory.
+* **Optional** `String`: :type
+Type of a file or directory as shown by stat(1). The most typical ones are
+`regular file`, 'directory', 'block special file', 'character specila file',
+'fifo', 'socket', 'regular empty file', etc.
+* **Optional** `Boolean`: :exists
+Tells if the file should exist or not.
+* **Optional** `String`: :owner
+Owner of a file or directory. UIDs not accepted, only resolved user names.
+* **Optional** `String`: :group
+Group of a file or directory. GIDs not accepted, only resolved group names.
+* **Optional** `String`: :mode
+Mode of a file or directory either as an integer or a string.
+* **Optional** `Pattern`: :age
+File or directory modification date should be more recent than a given age.
+Age is specified in a format XXXXdXXhXXmXXs, where X are digits and `d` stands
+for days, `h` for hours, `m` for minutes and `s` for seconds. Any of these
+can be omited, like `5m` or `1h15m`.
+* **Optional** `Variant[String,Integer]`: :min_size
+Size of the file should exceed this value. Size is specified by default in bytes.
+'K', 'M', 'G', 'T' Multipliers can be appended to signify decimal Kilobytes,
+Megabytes, Gigabytes and Terabytes.
+* **Optional** `Variant[String,Integer]`: :max_size
+Size of the file should not exceed this value. Size is specified by default in bytes.
+'K', 'M', 'G', 'T' Multipliers can be appended to signify decimal Kilobytes,
+Megabytes, Gigabytes and Terabytes.
+* **Optional** `Array[String]`: :contains
+An array of strings, all of which should be present in a text file. Perl regular
+expressions are supported as well. Check fails if any of the strings is not found.
+* **Optional** `Array[String]`: :not_contains
+An array of strings, none of which should be present in a text file. Perl regular
+expressions are supported as well. Check fails if any of the strings is found.
+* **Optional** `Integer`: :first_lines
+Only this number of lines counting from the beginning of a text file are
+searched for strings listed in `contains` parameter. Even if a string is present
+in a file, but is located later than this line number, the check would fail.
+This paremeter cannot be specified together with `last_lines`.
+* **Optional** `Integer`: :last_lines
+Only this number of lines counting from the end of a text file are
+searched for strings listed in `contains` parameter. Even if a string is present
+in a file, but is located later than this line number, the check would fail.
+This paremeter cannot be specified together with `first_lines`. If you do that,
+this parameter would be ignored in favor of `first_lines`.
+
+Default value: `[]`
+
diff --git a/manifests/validate.pp b/manifests/validate.pp
index 41d3a63..e450a35 100644
--- a/manifests/validate.pp
+++ b/manifests/validate.pp
@@ -40,6 +40,29 @@
# server_patching::validate::zfs_pools:
# - pool1
# - pool2
+# server_patching::validate::files:
+# - path: /var/log/application.log
+# exists: true
+# type: regular file # file types are as outputted by stat(1)
+# owner: application
+# group: operations
+# mode: 644
+# age: 5m # maximum modification time format XXdXXhXXmXXs with any omited
+# min_size: 10
+# max_size: 6M
+# contains:
+# - application startup success
+# - connection established
+# not_contais:
+# - application failed
+# - error 2740
+# last_lines: 100 # or 'first_lines: 100', but not both
+# - path: /srv/data/project
+# type: directory
+# owner: pete
+# group: staff
+# min_size: 5M # allocated space, calculation may take time
+# max_size: 10G # allocated space, calculation may take time
# ```
#
# @param ensure
@@ -48,8 +71,8 @@
# @param validation_script
# Location of the validation script on the system.
#
-# @param use_remctl
-# Whether to create a remctl for validation script or not.
+# @param wait
+# Wait for specified number of seconds before starting checks.
#
# @param services
# Array of hashes, where each hash is describing a service and
@@ -117,34 +140,109 @@
# @param zfs_pools
# Array of ZFS pools to be checked for presence.
#
+# @param files
+# Array of hashes specifying requirements for a file or directory
+#
+# @option files [Stdlib::Unixpath] :path
+# Full file system path to a file or directory. Mandatory.
+#
+# @option files Optional[String] :type
+# Type of a file or directory as shown by stat(1). The most typical ones are
+# `regular file`, 'directory', 'block special file', 'character specila file',
+# 'fifo', 'socket', 'regular empty file', etc.
+#
+# @option files Optional[Boolean] :exists
+# Tells if the file should exist or not.
+#
+# @option files Optional[String] :owner
+# Owner of a file or directory. UIDs not accepted, only resolved user names.
+#
+# @option files Optional[String] :group
+# Group of a file or directory. GIDs not accepted, only resolved group names.
+#
+# @option files Optional[String] :mode
+# Mode of a file or directory either as an integer or a string.
+#
+# @option files Optional[Pattern] :age
+# File or directory modification date should be more recent than a given age.
+# Age is specified in a format XXXXdXXhXXmXXs, where X are digits and `d` stands
+# for days, `h` for hours, `m` for minutes and `s` for seconds. Any of these
+# can be omited, like `5m` or `1h15m`.
+#
+# @option files Optional[Variant[String,Integer]] :min_size
+# Size of the file should exceed this value. Size is specified by default in bytes.
+# 'K', 'M', 'G', 'T' Multipliers can be appended to signify decimal Kilobytes,
+# Megabytes, Gigabytes and Terabytes.
+#
+# @option files Optional[Variant[String,Integer]] :max_size
+# Size of the file should not exceed this value. Size is specified by default in bytes.
+# 'K', 'M', 'G', 'T' Multipliers can be appended to signify decimal Kilobytes,
+# Megabytes, Gigabytes and Terabytes.
+#
+# @option files Optional[Array[String]] :contains
+# An array of strings, all of which should be present in a text file. Perl regular
+# expressions are supported as well. Check fails if any of the strings is not found.
+#
+# @option files Optional[Array[String]] :not_contains
+# An array of strings, none of which should be present in a text file. Perl regular
+# expressions are supported as well. Check fails if any of the strings is found.
+#
+# @option files Optional[Integer] :first_lines
+# Only this number of lines counting from the beginning of a text file are
+# searched for strings listed in `contains` parameter. Even if a string is present
+# in a file, but is located later than this line number, the check would fail.
+# This paremeter cannot be specified together with `last_lines`.
+#
+# @option files Optional[Integer] :last_lines
+# Only this number of lines counting from the end of a text file are
+# searched for strings listed in `contains` parameter. Even if a string is present
+# in a file, but is located later than this line number, the check would fail.
+# This paremeter cannot be specified together with `first_lines`. If you do that,
+# this parameter would be ignored in favor of `first_lines`.
+#
# @example
# include server_patching::validate
#
class server_patching::validate (
Enum['absent','present'] $ensure = 'present',
Stdlib::Unixpath $validation_script = '/usr/local/bin/validate.sh',
+ Optional[Integer[0]] $wait = undef,
Array[Struct[{
- 'name' => String,
- 'active' => Optional[Boolean]}]] $services = [],
+ 'name' => String,
+ 'active' => Optional[Boolean]}]] $services = [],
Array[Struct[{
- 'name' => String,
- 'command' => Optional[String],
- 'running' => Optional[Boolean]}]] $processes = [],
+ 'name' => String,
+ 'command' => Optional[String],
+ 'running' => Optional[Boolean]}]] $processes = [],
Array[Struct[{
- 'url' => Stdlib::HTTPUrl,
- 'resolve_to' => Optional[Stdlib::IP::Address],
- 'status' => Optional[Integer[100,510]]}]] $urls = [],
+ 'url' => Stdlib::HTTPUrl,
+ 'resolve_to' => Optional[Stdlib::IP::Address],
+ 'status' => Optional[Integer[100,510]]}]] $urls = [],
Array[Struct[{
- 'port' => Stdlib::Port,
- 'proto' => Optional[Enum['tcp','udp']],
- 'ip_ver' => Optional[Enum['ipv4','ipv6']],
- 'listening' => Optional[Boolean]}]] $ports = [],
+ 'port' => Stdlib::Port,
+ 'proto' => Optional[Enum['tcp','udp']],
+ 'ip_ver' => Optional[Enum['ipv4','ipv6']],
+ 'listening' => Optional[Boolean]}]] $ports = [],
Array[Stdlib::Unixpath] $mounts = [],
Array[Stdlib::Unixpath] $exports = [],
Array[String] $zfs_pools = [],
+ Array[Struct[{
+ 'path' => Stdlib::Unixpath,
+ 'type' => Optional[String[1]],
+ 'exists' => Optional[Boolean],
+ 'owner' => Optional[String[1]],
+ 'group' => Optional[String[1]],
+ 'mode' => Optional[Variant[String[3,4], Integer[0,3777]]],
+ 'age' => Optional[Pattern[/^(\d{0,}d)?(\d{0,2}h)?(\d{0,2}m)?(\d{0,2}s)?$/]],
+ 'min_size' => Optional[Variant[String, Integer[1]]],
+ 'max_size' => Optional[Variant[String, Integer[1]]],
+ 'contains' => Optional[Array[String[1]]],
+ 'not_contains' => Optional[Array[String[1]]],
+ 'first_lines' => Optional[Integer[1]],
+ 'last_lines' => Optional[Integer[1]]}]] $files = [],
) {
- if [$services, $processes, $urls, $ports, $mounts, $exports, $zfs_pools].any |$param| { !empty($param) } {
+ if [$services, $processes, $urls, $ports, $mounts, $exports, $zfs_pools, $files].any |$param| { !empty($param) } {
concat { $validation_script:
ensure => $ensure,
mode => '0700',
@@ -153,7 +251,7 @@ class server_patching::validate (
concat::fragment { 'bash-header':
target => $validation_script,
order => '01',
- content => epp('server_patching/validate/header.epp'),
+ content => epp('server_patching/validate/header.epp', { 'wait' => $wait }),
}
concat::fragment { 'bash-footer':
@@ -237,6 +335,18 @@ class server_patching::validate (
content => epp('server_patching/validate/zpool.epp', { 'zfs_pools' => $zfs_pools }),
}
}
+
+ if !empty($files) {
+ $_files = $files.map |$file| {
+ { 'exists' => true } + $file
+ }
+
+ concat::fragment { 'validate-files':
+ target => $validation_script,
+ order => '08',
+ content => epp('server_patching/validate/files.epp', { 'files' => $_files }),
+ }
+ }
} else {
# If no checks are defined, no reason to keep an empty
# validation script around.
diff --git a/metadata.json b/metadata.json
index ed59792..b0fcfd0 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "ruthenium-server_patching",
- "version": "0.3.1",
+ "version": "0.3.0",
"author": "Ruthenium",
"summary": "Generate bash script to valideate server state.",
"license": "MIT",
@@ -50,9 +50,9 @@
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
- "18.04",
"20.04",
- "22.04"
+ "22.04",
+ "24.04"
]
}
],
diff --git a/templates/validate/files.epp b/templates/validate/files.epp
new file mode 100644
index 0000000..daf4033
--- /dev/null
+++ b/templates/validate/files.epp
@@ -0,0 +1,100 @@
+<%- | Array[Hash] $files | -%>
+<%- $files.each |$file| { -%>
+# file <%= $file['path'] %>
+echo -n "File <%= $file['path'] -%>..."
+failed=0
+stats="$(stat --format='%a!%G!%U!%Y!%B!%F' "<%= $file['path'] %>" 2>/dev/null)"
+if [ $? -eq 0 ]; then
+ <%- if !$file['exists'] { -%>
+ failed=1
+ <%- } -%>
+ IFS=! read -r mode group owner age size type <<< $stats
+else
+ <%- if $file['exists'] { -%>
+ failed=1
+ <%- } -%>
+ :
+fi
+ <%- if 'age' in $file { -%>
+if [[ <%= $file['age'] %> =~ ([0-9]+)d ]]; then
+ days=${BASH_REMATCH[1]}
+fi
+if [[ <%= $file['age'] %> =~ ([0-9]+)h ]]; then
+ hours=${BASH_REMATCH[1]}
+fi
+if [[ <%= $file['age'] %> =~ ([0-9]+)m ]]; then
+ minutes=${BASH_REMATCH[1]}
+fi
+if [[ <%= $file['age'] %> =~ ([0-9]+)s ]]; then
+ minutes=${BASH_REMATCH[1]}
+fi
+interval_seconds=$((days * 86400 + hours * 3600 + minutes * 60 + seconds))
+current_epoch=$(date +%s)
+oldest_allowed=$((current_epoch - interval_seconds))
+if [ $age -lt $oldest_allowed ]; then
+ failed=1
+fi
+ <%- } -%>
+ <%- if 'type' in $file { -%>
+if ! [ "$type" = "<%= $file['type'] %>" ]; then
+ failed=1
+fi
+ <%- } -%>
+ <%- if 'owner' in $file { -%>
+if ! [ $owner = <%= $file['owner'] %> ]; then
+ failed=1
+fi
+ <%- } -%>
+ <%- if 'group' in $file { -%>
+if ! [ $group = <%= $file['group'] %> ]; then
+ failed=1
+fi
+ <%- } -%>
+ <%- if 'mode' in $file { -%>
+if ! [ $mode = <%= $file['mode'] %> ]; then
+ failed=1
+fi
+ <%- } -%>
+if [ "$type" = 'directory' ]; then
+ size=$(du -s --bock-size=1 <%= $file['path'] %> | cut -f1)
+else
+ <%- if ('contains' in $file) or ('not_contains' in $file) { -%>
+ <%- if 'first_lines' in $file {
+ $op = "head -n ${file['first_lines']}"
+ } elsif 'last_lines' in $file {
+ $op = "tail -n ${file['last_lines']}"
+ } else {
+ $op = "cat"
+ } -%>
+ <%- $file['contains'].each |$pattern| { -%>
+ if ! <%= $op %> '<%= $file['path'] %>' | grep -P '<%= $pattern %>' >/dev/null 2>&1; then
+ failed=1
+ fi
+ <%- } -%>
+ <%- $file['not_contains'].each |$pattern| { -%>
+ if <%= $op %> '<%= $file['path'] %>' | grep -P '<%= $pattern %>' >/dev/null 2>&1; then
+ failed=1
+ fi
+ <%- } -%>
+ <%- } -%>
+ :
+fi
+ <%- if 'min_size' in $file { -%>
+min_size=$(numfmt --from=auto <%= $file['min_size'] %>)
+if [ $size -lt $min_size ]; then
+ failed=1
+fi
+ <%- } -%>
+ <%- if 'max_size' in $file {-%>
+max_size=$(numfmt --from=auto <%= $file['max_size'] %>)
+if [ $size -gt $max_size ]; then
+ failed=1
+fi
+ <%- } -%>
+if [ $failed -eq 0 ]; then
+ echo " OK."
+else
+ echo " FAIL."
+ ((result+=1))
+fi
+<%- } %>
diff --git a/templates/validate/header.epp b/templates/validate/header.epp
index 30a5316..e5dade7 100644
--- a/templates/validate/header.epp
+++ b/templates/validate/header.epp
@@ -1,3 +1,4 @@
+<%- | Optional[Integer[0]] $wait | -%>
#!/bin/bash
# Set $PATH for this script
@@ -5,3 +6,9 @@ export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# Overall result of a check
result=0
+
+# Wait for some time before initiating the checks
+<%- if $wait =~ NotUndef { -%>
+sleep <%= $wait %>
+<%- } -%>
+
diff --git a/templates/validate/process.epp b/templates/validate/process.epp
index 0d4afe8..4a1374e 100644
--- a/templates/validate/process.epp
+++ b/templates/validate/process.epp
@@ -4,7 +4,7 @@
# process <%= $process['name'] %>
echo -n "Process <%= $process['name'] -%>..."
<%- if 'command' in $process { -%>
-pgrep -af <%= $process['name'] %> | grep <%= $process['command'] %> > /dev/null
+pgrep -fa <%= $process['name'] %> | grep <%= $process['command'] %> > /dev/null
<%- } else { -%>
pgrep -f <%= $process['name'] %> > /dev/null
<%- } -%>
--
GitLab