Greetings!
Thank you so much John. I just learned something new about Puppet. Utilizing
inline_template is a heck of a lot easier then how I first attempted that
variable substitution. I might have to go back and fix some of my older code
later....
Here are a few other notes in response to your email:
> Have you considered setting up a caching proxy between you and them?
We have discussed doing a caching proxy, but haven't ever had the
time/inclination to implement one yet.
----
> What per-package request(s) is yum actually making?
I explored the yum thing a bit more. Running puppet-3.6.2-1.el6.noarch on both
server and client using CentOS6 as my test systems. I started a puppet run in
one terminal and ran this code in a second:
$ while [ "$(pgrep puppet)" != "" ]; do pgrep yum; done | uniq
If I just do this:
package { 'telnet' : ensure=>absent,}
Nothing triggers.
If I do it this way:
$removethesepackages = [
'telnet-server',
'telnet',
]
package {$removethesepackages : ensure=>absent,}
Then I get a yum PID per package. For every PID I get a line in the puppet log
like this:
Notice: /Stage[main]/audit::Software_disabled/Package[telnet]/ensure: created
(there is that weird error message again where an absent is "created").
I don't know why. Both work as expected, but the second triggers a yum call the
first doesn't.
So I thought, 'Maybe it is hitting local cache and not actually going out to
the repo'. I dug around in the logs on our local repo and found this:
[IP REMOVED] - - [23/Jul/2014:14:07:58 -0500] "GET
/puppetlabs/6/products/x86_64/repodata/repomd.xml HTTP/1.1" 200 2529 "-"
"urlgrabber/3.9.1 yum/3.2.29"
It isn't one per package, but it is one per puppet run. Something about that
method calls yum differently I guess. Not sure why.
---
The double notice I was referring to is this:
Notice: Package telnet is not installed
Notice:
/Stage[main]/audit::Software_disabled/audit::Forbidden_package[telnet]/Notify[Package
telnet is not installed]/message: defined 'message' as 'Package telnet is not
installed'
I am told three times in two lines (more with wrap around on a console) that
telnet isn't installed. I find it annoying and haven't found a solution to
removing it yet and leaving just the first Notice. If you know of one I would
be /very/ grateful.
----
I implemented your code and it is working brilliantly. I made two changes.
1) I placed the define in init.pp so I can reference it anywhere in the audit
class easily.
2) I changed:
'<%= scope.lookupvar('::pkg_' + @title.gsub('-', '_')) %>')
to:
"<%= scope.lookupvar('::pkg_' + @title.gsub('-', '_')) %>")
Using the single quotes gave me the error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at '::pkg_'; expected ')' at
/etc/puppet/modules/audit/manifests/software_disabled.pp:8 on node
centos6.testing.puppet
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
But now it is working really well in my dev environment! I push to production
tomorrow...We will see how pleased I am with my code changes at the end of the
day after this fix + 4 other "minor" changes roll out. :-D
Thank you to everyone who has chimed in. These responses are exactly what I was
looking for. I have learned more about puppet and have a few new tricks to use.
I really do appreciate it.
Thanks!
~Stack~
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1d09b25c-55ab-486b-a6c4-e31803b9b813%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
