While creating a custom type for cleaning up stunnel::instance artifacts
on the system, I needed to get a list of services that were running on the
This is also something that the svckill native type requires, and was
implemented manually in the past, so I thought that there had to be a more
reusable method built into Puppet.
I started writing the stunnel_instance_purge type and thought that all
services should be prefetched for optimization and that I would be able to get
grab those prefetched instances without issue.
I was wrong on both counts!
Since I was targeting sysv and systemd systems, I started by taking a look
at the lib/puppet/provider/service/init.rb file.
Here, I found that instances was defined but prefetch was not. This means
that the puppet resource service command would be able to return information
from this provider but that the information would not be prefetched into the
Honestly, this does make sense for sysv-style systems since there have been a
number of scripts over time that behave badly when queried so fundamentally,
this route was going to be unavailable to me for those.
But, I reasoned that, with chkconfig --list and systemctl list-unit-files
*.service, I should be able to get some level of prefetch magic.
Unfortunately, neither of those prefetched their services either!
Back to the Drawing Board
Having exhausted my hopes for prefetch, I started trying to figure out if
there was an easy built-in method to get the instances on the running system.
It turns out that is pretty easy (if a bit confusing) to query the RAL from
inside the custom type so that you can get a list of everything that the
instances method will return on a given system.
Most instances methods don’t cache, so be careful with this since you’ll be
executing whatever it calls to do its work each time.
The following will call the indirector and return all RESOURCE_TYPE resources
that are returned by the instances method of the relevant providers. This
behaves the same way as running the puppet resource RESOURCE_TYPE command
from the command line.
As a more concrete example, the following would fetch all Service resources
known by Puppet on your system:
And would return something like the following:
I am very much hoping that the folks over at Puppet decide to provide a method
where various resources can dig into cached version of items that have been
prefetched but I have a feeling that this isn’t high on anyone’s priority list.
Trevor has worked in a variety of IT fields over the last
decade, including systems engineering, operating system
automation, security engineering, and various levels of
At OP his responsibilities include maintaining overall
technical oversight for Onyx Point solutions, providing
technical leadership and mentorship to the DevOps teams. He is
also responsible for leading OP’s solutions and intellectual
property development efforts, setting the technical focus of
the company, and managing OP products and related services. In
this regard, he oversees product development and delivery as
well as developing the strategic roadmap for OP’s product line.
At Onyx Point, our engineers focus on Security, System
Administration, Automation, Dataflow, and DevOps consulting for
government and commercial clients. We offer professional
services for Puppet, RedHat, SIMP, NiFi, GitLab, and the other
solutions in place that keep your systems running securely and
efficiently. We offer Open Source Software support and
Engineering and Consulting services through GSA IT Schedule 70.
As Open Source contributors and advocates, we encourage the use
of FOSS products in Government as part of an overarching IT
Efficiencies plan to reduce ongoing IT expenditures attributed
to software licensing. Our support and contributions to Open
Source, are just one of our many guiding principles
Security in All We Do.
Pursue Innovation with Integrity.
Communicate Openly and Respectfully.
Offer Your Talents, and Appreciate the Talents of Others