On Nov 4, 2011, at 3:21 PM, Douglas Garstang wrote:
> I have a tricky problem. I''m going to use Augeas, like here
>
http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf
> to maintain sysctl.conf.
That doesn’t look like a very good example in my opinion. For one thing, the
test defined in the onlyif is unnecessary. The Augeas type does that inherently.
Second, by wrapping the changes in a define, you’d be forcing a call to `sysctl
-p` for every single change.
Better to just create your own Augeas resources that lists *all* of the changes
and then have it notify an Exec.
> However, since iptables is already disabled,
> when I add more lines to sysctl.conf with augeas and run sysctl -p,
> the following lines (which are already there) cause a failure.
>
> # Disable netfilter on bridges.
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-call-arptables = 0
So if you call "set net.bridge.bridge-nf-call-ip6tables 0", it will
get added to the file, even if it’s already defined?
> So, I figured I''d staty with a default sysctl.conf (which
didn''t have
> these lines), and then add more lines to it with augeas. However, even
> if I get the dependancies right and push the file out before running
> augeas, augeas will re-add the lines every time because they
aren''t
> there.
Can you show the section of your manifests that mess with the above three lines?
--
Rob McBroom
<http://www.skurfer.com/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.