On Nov 4, 2011, at 3:21 PM, Douglas Garstang wrote: > I have a tricky problem. I'm going to use Augeas, like here > http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf > to maintain sysctl.conf.
That doesn’t look like a very good example in my opinion. For one thing, the test defined in the onlyif is unnecessary. The Augeas type does that inherently. Second, by wrapping the changes in a define, you’d be forcing a call to `sysctl -p` for every single change. Better to just create your own Augeas resources that lists *all* of the changes and then have it notify an Exec. > However, since iptables is already disabled, > when I add more lines to sysctl.conf with augeas and run sysctl -p, > the following lines (which are already there) cause a failure. > > # Disable netfilter on bridges. > net.bridge.bridge-nf-call-ip6tables = 0 > net.bridge.bridge-nf-call-iptables = 0 > net.bridge.bridge-nf-call-arptables = 0 So if you call "set net.bridge.bridge-nf-call-ip6tables 0", it will get added to the file, even if it’s already defined? > So, I figured I'd staty with a default sysctl.conf (which didn't have > these lines), and then add more lines to it with augeas. However, even > if I get the dependancies right and push the file out before running > augeas, augeas will re-add the lines every time because they aren't > there. Can you show the section of your manifests that mess with the above three lines? -- Rob McBroom <http://www.skurfer.com/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
