I have a little issue with purging. I use:
        file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
                ensure  =>      directory,
                mode    =>      0700,
                recurse =>      true,
                purge   =>      true,
        }
 but purging does not work, i can do a touch 
/etc/shorewall/puppet/rules/blahblah  and the file is not purged at all. 
I use puppetversion => 0.22.4
i tried also just:
        file  {
[''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']:
                purge   =>      true,
        }
but this does not change anything.
mainhost:/etc/shorewall%(root)> /usr/bin/sudo /usr/bin/puppetd --config 
/usr/local/.aqadmin/etc/puppetd.conf --onetime --test --debug|grep -i rules
debug: 
//mainhost.aqserver.net/shorewall-rule[backupserver-to-host]/File[/etc/shorewall/puppet/rules/200]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[backupserver-to-host]/File[/etc/shorewall/puppet/rules/200]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall-rule[monitoring-to-host]/File[/etc/shorewall/puppet/rules/201]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[monitoring-to-host]/File[/etc/shorewall/puppet/rules/201]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall/shorewall-realize[rules]/Exec[shorewall-sort-rules]/notify:
subscribes to Service[shorewall]
debug: 
//mainhost.aqserver.net/shorewall-rule[serverguard-to-host]/File[/etc/shorewall/puppet/rules/202]/require:
requires File[/etc/shorewall/puppet/rules]
debug: 
//mainhost.aqserver.net/shorewall-rule[serverguard-to-host]/File[/etc/shorewall/puppet/rules/202]/notify:
subscribes to Component[shorewall-realize[rules]]
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: 
Autorequiring File[/etc/shorewall/puppet]
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/200] 
=> shorewall-realize[rules]: false
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/202] 
=> shorewall-realize[rules]: false
debug: shorewall-realize[rules]: File[/etc/shorewall/puppet/rules/201] 
=> shorewall-realize[rules]: false
debug: //mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet]: 
Not managing more explicit file /etc/shorewall/puppet/rules
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/202
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/200
debug: 
//mainhost.aqserver.net/shorewall/File[/etc/shorewall/puppet/rules]: Not 
managing more explicit file /etc/shorewall/puppet/rules/201
mainhost:/etc/shorewall%(root)> ll puppet/rules
total 24K
drwx------ 2 root root 4096 May 15 08:50 .
drwx------ 9 root root 4096 May 15 08:37 ..
-rw-r--r-- 1 root root   28 May 15 08:37 200
-rw-r--r-- 1 root root   67 May 15 08:37 201
-rw-r--r-- 1 root root   67 May 15 08:44 202
-rwx------ 1 root root   28 May 15 08:39 209
-rwx------ 1 root root    0 May 15 08:50 blahblah
the 209 and blahblah are NOT managed by puppet but are still there. Any 
ideas why it fails  ?
-- 
Cordialement,
Ghislain
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users
ADNET Ghislain a écrit :> I have a little issue with purging. I use: > > file { [''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']: > ensure => directory, > mode => 0700, > recurse => true, > purge => true, > } > > but purging does not work, i can do a touch > /etc/shorewall/puppet/rules/blahblah and the file is not purged at > all. I use puppetversion => 0.22.4curiously it work with: file { [''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']: ensure => directory, recurse => true, purge => true } so it seems mode and owner prevent purge from working. I was knowing that owner prevented the purge but not the mode now i know :) -- Cordialement, Ghislain _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On May 15, 2007, at 5:50 AM, ADNET Ghislain wrote:> curiously it work with: > > file { [''/etc/shorewall/puppet'',''/etc/shorewall/puppet/rules'']: > ensure => directory, > recurse => true, > purge => true > } > > > so it seems mode and owner prevent purge from working. I was > knowing that owner prevented the purge but not the mode now i know :)In the currently released version, setting any property is sufficient to have a file considered to be managed and thus not open to purging. In SVN, I''ve fixed this so that if you are doing a remote copy and have purge enabled, then local files that are not otherwise managed will be purged regardless of the other properties you set. However, what you''re doing here looks like it''s just an rm -rf in that directory, right? Why not just do ensure => absent? -- I don''t know the key to success, but the key to failure is trying to please everybody. -- Bill Cosby --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
> However, what you''re doing here looks like it''s just an rm -rf in > that directory, right? Why not just do ensure => absent? > >in fact i use the directory to build firewall rules. Each rule create one file, at the end i do a cat directory/* > myconfigfile. With purge if there is any file that is not managed (read a firewall rule that has been removed) it is purged by puppet and the type notify a function that reconstruct the rules files that triggers a restart of the firewall. When i finish this i will try to publish it as a module to manage shorewall with puppet :) I am in early beta right now with the purging working. Using text replacement in files would not have worked when i removed a rules because i would have to explicitly delete it. Using this trick i can be sure only the rules i define are in my shorewall config :) This feature is really excellent i love it ! I also use this to manage the /etc/apt/sources.list.d directory in etch . Far easier than to manage the sources.list file itself thanks to puppet :) -- Cordialement, Ghislain _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On May 15, 2007, at 3:57 PM, ADNET Ghislain wrote:> in fact i use the directory to build firewall rules. Each rule > create one file, at the end i do a cat directory/* > myconfigfile. > With purge if there is any file that is not managed (read a > firewall rule that has been removed) it is purged by puppet and the > type notify a function that reconstruct the rules files that > triggers a restart of the firewall. When i finish this i will try > to publish it as a module to manage shorewall with puppet :) > > I am in early beta right now with the purging working. Using text > replacement in files would not have worked when i removed a rules > because i would have to explicitly delete it. Using this trick i > can be sure only the rules i define are in my shorewall config :) > This feature is really excellent i love it ! I also use this to > manage the /etc/apt/sources.list.d directory in etch . Far easier > than to manage the sources.list file itself thanks to puppetAh, I see. In that case, I would set the owner/mode on the file as you create it, and then purge with no owner/mode setting. That''s the only way to make it work at the moment. I could possibly make this work, but I hadn''t thought about it. Hmm. -- You''ve achieved success in your field when you don''t know whether what you''re doing is work or play. -- Warren Beatty --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
> Ah, I see. In that case, I would set the owner/mode on the file as > you create it, and then purge with no owner/mode setting. That''s the > only way to make it work at the moment. > > I could possibly make this work, but I hadn''t thought about it. Hmm. >yes i done it now but i ..by default... you allways choose the lazy way :) but working like that is fine, it''s just to know that purging requires to be conservative on the directory. The more i use puppet the more i love it, thanks Luke ! :) -- Cordialement, Ghislain _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users