Wanted to contribute another case where this idea of trying to manage "actual" has conceptual consequences. As you roll out Puppet on a unmanaged diverged infrastructure, you probably want to start identifying commonalities between systems and defining them as policy via puppet. If at that point you want to define the inverse of that policy too, you'll break everything that doesn't have a well-defined class yet that describes it. e.g. if you have a web server that's diverged so far from most other web servers that you can't put it in your web class yet, you'd want it to (temporarily) stay unmanaged by Puppet, not get uninstalled. Sure, if one of your clean boxes with Apache changed roles it would be nice to have that *undone*, but you can do that by having it be outside the scope of what is defined and then remove it manually. Or rebuild from scratch like Scott suggested! :-)
Hmm, lightbulb. *Maybe* having a way to undo a class that had been once installed is conceptually feasible, rather than defining as policy what !class looks like which I believe is conceptually untenable. What if a class that's installed and then is no longer defined in policy stays resident on the system as a tombstone, and certain class resources can be marked as tombstone-cleanup, and when a class switches to a tombstone, each of those tombstone-cleanup resources has to switch to ensured or executed success for the tombstone to go away completely (if a class had no tombstone-cleanup resources, than it would be directly removed). Hmm, of course the mere idea of having class-was-here-now-its-not cleanup functions is inherently divergent instead of convergent---you're just doing run-once actions---and so maybe shouldn't exist in Puppet. *What if* Puppet left a fact on the system of tombstoned classes (and/or resources)---that is resources/classes which had been once converged but were no longer)---then a sysadmin could use a non-convergent tool like mc to carry out actions that they determined they wanted done to clean up a tombstone from a system, and somehow as a result the fact also would be updated to represent that there was no more tombstone for that class/resource? (I'm not going to submit this as a feature request because at the moment I don't really need it ... I'm just suggesting it to promote discussion on the idea.) That way you can undo what Puppet does without dealing with "I'm defining what 'not webserver' looks like across *everything*". Eric -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
