Issue #7600 has been updated by Daniel Pittman.
Stefan Schulte wrote:
> IIRC `resource { 'mytype': purge => true }` works for every provider that has
> an `instances` method. I dont know if this can work for all types:
>
> * How should purging files behave? Delete ALL files I dont manage with puppet?
Yes.
> * How should purging services behave? Stop all running and unmanaged services?
Yes.
> * Purging ssh_authorized_key: ssh-keys can be stored in different files
> (unlike host entries). Should puppet go through all possible homedirectories
> searching for keyfiles to delete entries there?
Ideally, but I wouldn't die to learn that the provider wasn't sophisticated
enough to identify that ... which is certainly a bug from the "inspect the
content of this system" side of things.
> I also see a problem with the current approach of using an extra type
> (`resources`) for purging: Every type may have some need to exclude stuff.
I don't see why an extra declaration is desired, compared to just setting the
default `ensure => absent` or whatever at the top level. I also don't see that
we should try and maintain some "exclude" list of things to never purge, even
though we were told to. That leads to a proliferation of "no, really, do what
I said" instructions at some point.
> You dont want to erase system users by default
Even if they are explicitly specified? I needed to do that back when we
migrated our Nagios user to LDAP from /etc/passwd – or do you mean just when we
are handling global purging?
Nick Moffitt wrote:
> How do you classify which resources to purge? Uninstall all packages?
> Remove all files? Would you remove only things *previously* asserted as
> puppet resources?
Yes, to the first two. Absolutely no, to the last. Puppet asserts the target
state of the system, not the target state of things it has previously managed.
Not that we don't have a chainsaw/shotgun hybrid here, where people can make
all sorts of assumptions about how we would save them from doing something as
monumentally crazy as "purge all files" or something. I would rather not
support the feature at all than try and make that safe, though: we will never
get that one hundred percent, but the more we promise that we are going to the
more *justified* anger we will get when it doesn't work out that way.
(Classic example: define "system user". It varies between Debian and RPM
distributions, even discounting the occasions that some buggy package ended up
creating a UID > 1000 user for system purposes. :)
----------------------------------------
Feature #7600: Need ability to remove all unmanaged resources
https://projects.puppetlabs.com/issues/7600
Author: Randall Hansen
Status: Investigating
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords: puppetcamp-eu-2011
Branch:
This works, purging all unmanaged hosts entries:
resources { 'host':
purge => true,
noop => true,
}
We should have a similar property for all (most?) types.
--
*This ticket is a request for comment, coming out of a discussion at Puppet
Camp EU, 2011. No promises whatever about implementation, but there were
enough people interested to open a public discussion.*
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
