Theoretically that's the way to do it in Puppet, but as other people
point out it would be much simpler to block things from being installed
in the first place. "ensure => purged" might get you better results from
providers that handle dependencies, however I have mixed results with
yum when do
On Tue, May 1, 2012 at 10:38 PM, bainar wrote:
> Can anyone tell me if it is possible to explicitly specify the only
> allowed packages on a host (modules on a node?) - i.e. a white list?
> This is for hardening a VPS in the cloud.
>
>
Shouldn't it work using a resource default, something like:
Rather than whitelisting packages, you probably want to build a severely
cut-down repository and ensure it's the only one configured for your box.
On May 1, 2012 1:40 PM, "bainar" wrote:
> Can anyone tell me if it is possible to explicitly specify the only
> allowed packages on a host (modules on
you could always write shell to compare a "whitelist" against a dpkg -l
listing, or whatever pkg manager you are using. Then have it generate your
puppet manifest..
First I would try to figure out how to prevent unwanted packages from being
installed in the first place, not removing them after they
You can install and remove specific packages, but not specify a whitelist.
(Unless you wanted to do creative things with facts, templates, and puppetized
scripts. I'm assuming you think it's better to hose your server due to a typo
than run with a single unpermitted package. And then how are you
Can anyone tell me if it is possible to explicitly specify the only
allowed packages on a host (modules on a node?) - i.e. a white list?
This is for hardening a VPS in the cloud.
Thanks in advance
Andrew
--
You received this message because you are subscribed to the Google Groups
"Puppet Users"
