execute

This resource executes a command. The unless parameter can be used to apply this resource according to a condition. Furthermore when passive is set to true the resource is only applied when triggered by other resources through the triggers meta-parameter. See triggers for more information.

Relationship to other resources

An execute resource runs after every resource that references this resource through the triggers meta-parameter. However it does not depend on them implicitly. This default behavior ensures that an execute resource runs if at least one of the triggering resources was applied successfully, regardless of the state of the others.

For instance when a file resource specifies an execute resource through triggers and the primary name parameter of the execute resource, the resource will be triggered when the file resource is either created, deleted or changed. When other resources trigger the same execute resource, the resource is ensured to run only once after each of those resources were applied.

Explicit dependencies can still be formed between an execute resource and another resource that triggers it. However this would result in the execute resource failing to apply if the triggering resource fails, regardless of if there are other triggering resources that ran successfully.

Parameters

NameTypeDescriptionMandatoryDefault
ensurestringDetermines the desired state of the resource. One of present or absent.yespresent
namestringPrimary parameter: The resource name.yes
commandarrayThe command and its arguments as strings. The program name and its arguments are each separate array items.yes
unlessarraySimilar to command, a program name and any number of arguments. If this is specified it runs before command. If it returns zero, command is not executed. Any other exit code will cause command to be executed normally.no
environmentarrayEnvironment variables that the processes that execute command and unless should inherhit.no
passivestringEither true or false. If this is true the resource is applied only when triggered by other resources via the triggers meta-parameter.nofalse

The environment array must contain hashes with the following keys:

NameTypeDescriptionMandatoryDefault
namestringThe name of the environment variable.yes
valuestringThe value of the environment variable. If this parameter is omitted the variable will be set to an empty string.no

Note that neither command nor unless are passed through a shell. One way to use shell-specific features such as pipes is to install a script (e.g. via file) first and then execute this script in command or unless.

Examples

# This does nothing unless explicitly triggered by another resource. resources: - type: execute parameters: name: reload command: - systemctl - daemon-reload passive: true
# A common use case: managing a configuration file and reloading # a service when the file changes. resources: - type: execute parameters: ensure: present name: reload-sshd command: - systemctl - reload - sshd.service passive: true - type: file parameters: ensure: present path: /etc/ssh/sshd_config owner: root group: root content: value: | Port 22 Listen 0.0.0.0 PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes AllowTcpForwarding yes triggers: - type: execute name: reload-sshd when: - created - changed