Hi, Starting a new thread since the question and problem are completely different at this point. I've written modules that implement a client side firewall and overwrite and flush any changes made by a user. This is mandated by several different internal security policies and of course compliance. I'm pretty much at the stage where I'm ready to start deploying but recently hit a snag: catalog expiration on the client. The client caches and uses the cached catalog as expected, but unfortunately if a client is "off-network" for too long the catalog expires and we get fun stuff like:
Not using expired catalog for <hostname> from cache; expired at <date> I've tried using 'use_cached_catalog' just as a test, but it appears that an expiration date in a catalog takes priority over everything else. Of course manually changing the expiration date in the catalog yaml file fixes the issue, and I've written a short shell script that can do it based on the client's network, but that feels like a big kludge. Since these clients are laptops it would be nice to have the ability to use the cached catalog until the client is back on the network that the puppet master is on. Our laptops can, in less than ideal circumstances, be off-network for 1-2 weeks. Is there a way to have the agent use the cached catalog until it can reach the master again, regardless of the expiration? This is probably an edge case, since most of the time most of us are probably using puppet with servers and perhaps 'mostly-online' client workstations. Even when dealing with laptops, I imagine for most there's not frequently a concern about a consistent and frequent applications of a catalog to conform with security policies. Thanks for any insight you may have. Best, Khoury -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
