Exclude dynamically modules from agent run

asked 2016-12-15 03:14:33 -0600

buchey gravatar image

Hi there,

I've got our puppet master for our ubuntu clients running - and it works great at this point! But now our users need a client script, which allows them to communicate through our puppet-controlled firewall. Now it's getting harder: i need now a method to exclude our firewall scripts from the puppet run. Actual state: the client script runs, disables any firewall settings and after 30m puppet does his work and reset the firewall to our wished state.

I researched some possibilities: I defined a custom fact, but now I would have to check this fact at every single module, which I would don't want to do at this point. The other point would be, that I run puppet in noop mode or disable it via script. But all other modules except the firewall-modules should run.

Thanks for reply and help!

edit retag flag offensive close merge delete

Comments

So you can't just include the modules required for your firewall machine configuration? 30mins for a PP run sounds quite odd (except for newly set up machines). Anywho, I can't figure out your situation. Maybe run stages w/ noop metaparam? https://docs.puppet.com/puppet/latest/lang_run_stages.html

Kai Burghardt gravatar imageKai Burghardt ( 2016-12-15 18:43:13 -0600 )edit

May this workflow helps understanding: 1. Exec some script which turns client in "working-mode". 2. now puppet should ignore my firewall manifests - all other should run on every 20-30mins 3. if finished with "work", executing some script which turns client in "normal-mode" 4. puppet should run on

buchey gravatar imagebuchey ( 2016-12-16 00:19:38 -0600 )edit