Greetings!
Thank you so much John. I just learned something new about Puppet. Utilizing
inline_template is a heck of a lot easier then how I first attempted that
variable substitution. I might have to go back and fix some of my older code
later....
Here are a few other notes in response to your email:
> Have you considered setting up a caching proxy between you and them?
We have discussed doing a caching proxy, but haven't ever had the
time/inclination to implement one yet.
----
> What per-package request(s) is yum actually making?
I explored the yum thing a bit more. Running puppet-3.6.2-1.el6.noarch on both
server and client using CentOS6 as my test systems. I started a puppet run in
one terminal and ran this code in a second:
$ while [ "$(pgrep puppet)" != "" ]; do pgrep yum; done | uniq
If I just do this:
package { 'telnet' : ensure=>absent,}
Nothing triggers.
If I do it this way:
$removethesepackages = [
'telnet-server',
'telnet',
]
package {$removethesepackages : ensure=>absent,}
Then I get a yum PID per package. For every PID I get a line in the puppet log
like this:
Notice: /Stage[main]/audit::Software_disabled/Package[telnet]/ensure: created
(there is that weird error message again where an absent is "created").
I don't know why. Both work as expected, but the second triggers a yum call the
first doesn't.
So I thought, 'Maybe it is hitting local cache and not actually going out to
the repo'. I dug around in the logs on our local repo and found this:
[IP REMOVED] - - [23/Jul/2014:14:07:58 -0500] "GET
/puppetlabs/6/products/x86_64/repodata/repomd.xml HTTP/1.1" 200 2529 "-"
"urlgrabber/3.9.1 yum/3.2.29"
It isn't one per package, but it is one per puppet run. Something about that
method calls yum differently I guess. Not sure why.
---
The double notice I was referring to is this:
Notice: Package telnet is not installed
Notice:
/Stage[main]/audit::Software_disabled/audit::Forbidden_package[telnet]/Notify[Package
telnet is not installed]/message: defined 'message' as 'Package telnet is not
installed'
I am told three times in two lines (more with wrap around on a console) that
telnet isn't installed. I find it annoying and haven't found a solution to
removing it yet and leaving just the first Notice. If you know of one I would
be /very/ grateful.
----
I implemented your code and it is working brilliantly. I made two changes.
1) I placed the define in init.pp so I can reference it anywhere in the audit
class easily.
2) I changed:
'<%= scope.lookupvar('::pkg_' + @title.gsub('-', '_')) %>')
to:
"<%= scope.lookupvar('::pkg_' + @title.gsub('-', '_')) %>")
Using the single quotes gave me the error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at '::pkg_'; expected ')' at
/etc/puppet/modules/audit/manifests/software_disabled.pp:8 on node
centos6.testing.puppet
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
But now it is working really well in my dev environment! I push to production
tomorrow...We will see how pleased I am with my code changes at the end of the
day after this fix + 4 other "minor" changes roll out. :-D
Thank you to everyone who has chimed in. These responses are exactly what I was
looking for. I have learned more about puppet and have a few new tricks to use.
I really do appreciate it.
Thanks!
~Stack~
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1d09b25c-55ab-486b-a6c4-e31803b9b813%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
