Exclude dynamically modules from agent run

asked 2016-12-15 03:14:33 -0600

buchey gravatar image

Hi there,

I've got our puppet master for our ubuntu clients running - and it works great at this point! But now our users need a client script, which allows them to communicate through our puppet-controlled firewall. Now it's getting harder: i need now a method to exclude our firewall scripts from the puppet run. Actual state: the client script runs, disables any firewall settings and after 30m puppet does his work and reset the firewall to our wished state.

I researched some possibilities: I defined a custom fact, but now I would have to check this fact at every single module, which I would don't want to do at this point. The other point would be, that I run puppet in noop mode or disable it via script. But all other modules except the firewall-modules should run.

Thanks for reply and help!

edit retag flag offensive close merge delete


So you can't just include the modules required for your firewall machine configuration? 30mins for a PP run sounds quite odd (except for newly set up machines). Anywho, I can't figure out your situation. Maybe run stages w/ noop metaparam? https://docs.puppet.com/puppet/latest/lang_run_stages.html

Kai Burghardt gravatar imageKai Burghardt ( 2016-12-15 18:43:13 -0600 )edit

May this workflow helps understanding: 1. Exec some script which turns client in "working-mode". 2. now puppet should ignore my firewall manifests - all other should run on every 20-30mins 3. if finished with "work", executing some script which turns client in "normal-mode" 4. puppet should run on

buchey gravatar imagebuchey ( 2016-12-16 00:19:38 -0600 )edit