Ask Your Question

Deploy file based on conditional of file existing

asked 2017-05-30 20:39:33 -0500

Am trying to deploy /etc/pam.d/* files to a linux server on initial server install, but not to over-write once server install completed (in case modifications have been made). Puppet 4.4.2.

Am trying to use "Require" option with an Exec (as seen on other forums) but that does not work, and constantly over-writes the target file regardless of whether the flag file /tmp/firsttimeinstall is present or not.

    exec { "test1":
            command => "/bin/true",
            onlyif => "/usr/bin/test -f /tmp/first_time_install",
            path => ['/usr/bin','/usr/sbin','/bin','/sbin'],

    file { 'system-auth':
            path    => '/etc/pam.d/system-auth-ac',
            owner   => root,
            group   => root,
            mode    => "644",
            source  => "puppet:///modules/redhat_os/system-auth-ac",
            require => Exec["test1"],

Have tried switching the Exec to "false" by default and using "unless" and it functionally works, but the deployment displays an error each time the flag file is not present.

So to summarise, I need a solution that does both options (deploys or not deploys) correctly AND quietly!

At the present, my best option is to copy all the files to a temporary directory /var/tmp/first_install then run a script to perform the complex dependency calculations and copies (which kind of defeats the purpose of using an automation tool like Puppet).

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2017-05-31 07:49:14 -0500

DarylW gravatar image

updated 2017-05-31 07:51:37 -0500

If I understand correctly, you want the file to be placed if it is not there, but the contents shouldn't be updated after that initial placement? You are looking for the file resource 'replace' parameter!


Whether to replace a file or symlink that already exists on the local system but whose content doesn’t match what the source or content attribute specifies. Setting this to false allows file resources to initialize files without overwriting future changes. Note that this only affects content; Puppet will still manage ownership and permissions. Defaults to true.

Valid values are true, false, yes, no.

I've used this to manage a password file that upon the first run of the webserver, it would take the contents and encrypt it. That would allow me to bootstrap a value in place, but leave the encrypted version in place. Note that if I needed to update the password, I would have to either go to the box and remove the file, or toggle the replace parameter off, then back on.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-05-30 20:39:33 -0500

Seen: 24 times

Last updated: May 31