Automatic syntax checking with Git hooks

It would be nice if we knew there was a syntax error in the manifest before we even committed it. You can have Puppet check the manifest using the puppet parser validate command:

t@ckbk:~$ puppet parser validate bootstrap.pp Error: Could not parse for environment production: Syntax error at 'File'; expected '}' at /home/thomas/bootstrap.pp:3 

This is especially useful because a mistake anywhere in the manifest will stop Puppet from running on any node, even on nodes that don't use that particular part of the manifest. So checking in a bad manifest can cause Puppet to stop applying updates to production for some time, until the problem is discovered, and this could potentially have serious consequences. The best way to avoid this is to automate the syntax check, by using a precommit hook in your version control repo.

How to do it...

Follow these steps:

1. In your Puppet repo, create a new hooks directory:

   t@mylaptop:~/puppet$ mkdir hooks
   

2. Create the file hooks/check_syntax.sh with the following contents (based on a script by Puppet Labs):

   #!/bin/sh
   
   syntax_errors=0
   error_msg=$(mktemp /tmp/error_msg.XXXXXX)
   
   if git rev-parse --quiet --verify HEAD > /dev/null
   then
       against=HEAD
   else
       # Initial commit: diff against an empty tree object
       against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
   fi
   
   # Get list of new/modified manifest and template files
     to check (in git index)
   for indexfile in 'git diff-index --diff-filter=AM --
     name-only --cached $against | egrep '\.(pp|erb)''
   do
       # Don't check empty files
       if [ 'git cat-file -s :0:$indexfile' -gt 0 ]
       then
           case $indexfile in
               *.pp )
                   # Check puppet manifest syntax
                   git cat-file blob :0:$indexfile | 
                     puppet parser validate > $error_msg ;;
               *.erb )
                   # Check ERB template syntax
                   git cat-file blob :0:$indexfile | 
                     erb -x -T - | ruby -c 2> $error_msg >
                       /dev/null ;;
           esac
           if [ "$?" -ne 0 ]
           then
               echo -n "$indexfile: "
               cat $error_msg
               syntax_errors='expr $syntax_errors + 1'
           fi
       fi
   done
   
   rm -f $error_msg
   
   if [ "$syntax_errors" -ne 0 ]
   then
       echo "Error: $syntax_errors syntax errors found,
         aborting commit."
       exit 1
   fi

3. Set execute permission for the hook script with the following command:

   t@mylaptop:~/puppet$ chmod a+x hooks/check_syntax.sh
   

4. Now either symlink or copy the script to the precommit hook in your hooks directory. If your Git repo is checked out in ~/puppet, then create the symlink at ~/puppet/hooks/pre-commit as follows:

   t@mylaptop:~/puppet$ ln -s ~/puppet/hooks/check_syntax.sh.git/hooks/pre-commit
   

How it works...

The check_syntax.sh script will prevent you from committing any files with syntax errors when it is used as the pre-commit hook for Git:

t@mylaptop:~/puppet$ git commit -m "test commit"
Error: Could not parse for environment production: Syntax error at
 '}' at line 3
Error: Try 'puppet help parser validate' for usage
manifests/nodes.pp: Error: 1 syntax errors found, aborting commit.

If you add the hooks directory to your Git repo, anyone who has a checkout can copy the script into their local hooks directory to get this syntax checking behavior.