Ah, sudoers files. That narrows it down - less of a class issue and more of a multiple defined type instance issue. What module are you using, specifically? I use saz/sudo because it purges ALL sudoer.d files that it does not manage. So if on one run, there were say ERPM01-30 users and then on the next only ERPM01 and ERPM10-30 were present, ERPM02-09 would be automatically purged.
If I understand the problem correctly, I think your solution is to look at the module you're using to see if it has a method to purge non-managed sudoer.d files, and if not, look at adding that to the module or switching to a module like saz/sudo. If I did not understand the problem, let me know. I think I have another idea, but best to see if I'm on the right track rather than confusing the issue :) Rob Nelson rnels...@gmail.com On Wed, Oct 4, 2017 at 8:36 PM, James Perry <jjperr...@gmail.com> wrote: > Thanks Rob. >> >> > As for reclassifying nodes that is a use case outside of what I'm trying > to accomplish. > > Mostly I was trying to work more a scenario like the following: > > I have a set of restricted accounts for use with ERPM.on Linux. Each DBA > is assigned a Linux local ERPM user that is the same on all hosts due to > how ERPM is configured. Each of the ERPM account has specific sudo rules > assigned to it using the sudoers module from Puppet Forge. Basically each > erpm01-erpm30 user has the necessary groups, permissions, home and sudo > rules for that account. Each user is a defined class so we can add > individual ones on the host where they are required. I can't set the ERPMXX > class to absent as that will remove it globally, which we don't want. I > knew ways to work around this, but I'm trying to keep things as clean and > simple as possible so we don't have to touch the code except to add new > functionality. Our level on admins are given access in Foreman to add the > class so they need not touch any code. > > ------------------------------------------------------------------- > > Based on your explanation, how can I query / access the state Puppet knows > for a host with regard to classes it doesn't have assigned? > > I would like to write code to check for the absence of a class/classes and > then tell puppet what I want it to mean when the class is absent. Using the > example above, it would loop through all of the ERPMXX classes to detect > those that aren't present. When one is found to not be present it would > define the state noting for ensure => absent for that user. If the class is > there it does nothing for that user. > > Do as you noted in your Example for Apache, packages to know to be > installed solely for Apache dependencies could be defined and set ensure => > "absent" and any other steps required to handle the absence of the class. > > I know i don't even have a partial grasp of the intricacies of the Puppet > internals, so being able to check the state of classes being present or > absent on the host other than from the host's classes.txt file. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-dev/1dd6e4f0-fff1-41a8-bad3-7d502a8bae7a%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-dev/1dd6e4f0-fff1-41a8-bad3-7d502a8bae7a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAC76iT8gfSr-L78-YxAjisba9E9RC6c%3DzkF-0-eX9iJNrMQzbg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
