Ah, sudoers files. That narrows it down - less of a class issue and more of a multiple defined type instance issue. What module are you using, specifically? I use saz/sudo because it purges ALL sudoer.d files that it does not manage. So if on one run, there were say ERPM01-30 users and then on the next only ERPM01 and ERPM10-30 were present, ERPM02-09 would be automatically purged.
If I understand the problem correctly, I think your solution is to look at the module you're using to see if it has a method to purge non-managed sudoer.d files, and if not, look at adding that to the module or switching to a module like saz/sudo. If I did not understand the problem, let me know. I think I have another idea, but best to see if I'm on the right track rather than confusing the issue :) Rob Nelson [email protected] On Wed, Oct 4, 2017 at 8:36 PM, James Perry <[email protected]> wrote: > Thanks Rob. >> >> > As for reclassifying nodes that is a use case outside of what I'm trying > to accomplish. > > Mostly I was trying to work more a scenario like the following: > > I have a set of restricted accounts for use with ERPM.on Linux. Each DBA > is assigned a Linux local ERPM user that is the same on all hosts due to > how ERPM is configured. Each of the ERPM account has specific sudo rules > assigned to it using the sudoers module from Puppet Forge. Basically each > erpm01-erpm30 user has the necessary groups, permissions, home and sudo > rules for that account. Each user is a defined class so we can add > individual ones on the host where they are required. I can't set the ERPMXX > class to absent as that will remove it globally, which we don't want. I > knew ways to work around this, but I'm trying to keep things as clean and > simple as possible so we don't have to touch the code except to add new > functionality. Our level on admins are given access in Foreman to add the > class so they need not touch any code. > > ------------------------------------------------------------------- > > Based on your explanation, how can I query / access the state Puppet knows > for a host with regard to classes it doesn't have assigned? > > I would like to write code to check for the absence of a class/classes and > then tell puppet what I want it to mean when the class is absent. Using the > example above, it would loop through all of the ERPMXX classes to detect > those that aren't present. When one is found to not be present it would > define the state noting for ensure => absent for that user. If the class is > there it does nothing for that user. > > Do as you noted in your Example for Apache, packages to know to be > installed solely for Apache dependencies could be defined and set ensure => > "absent" and any other steps required to handle the absence of the class. > > I know i don't even have a partial grasp of the intricacies of the Puppet > internals, so being able to check the state of classes being present or > absent on the host other than from the host's classes.txt file. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-dev/1dd6e4f0-fff1-41a8-bad3-7d502a8bae7a%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-dev/1dd6e4f0-fff1-41a8-bad3-7d502a8bae7a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAC76iT8gfSr-L78-YxAjisba9E9RC6c%3DzkF-0-eX9iJNrMQzbg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
