In regard to: [Puppet Users] Override a file{} directive - is it possible?,...:
Is there a way that puppet can detect these particular hosts? For
example, is it true for all hosts that are in a particular datacenter,
or for which some class (or even user) is present?
I ask, because the way you would typically do what you're asking is to
either use facts about systems to trigger the "don't manage
/etc/security/limits.conf" logic, or to have your manifests key on
external configuration that you keep in something like extlookup(),
hiera(), or your ENC (external node classifier).
So, there are several ways to accomplish what you're looking for, but
which one is best depends on your needs and how you actually detect that
hostB shouldn't have limits.conf managed.
You don't say what version of puppet you're using, whether you're using
an ENC, or whether you're already using either extlookup() or hiera(),
so it's really difficult to suggest something that integrates well with
your current environment.
I can give you two examples from my environment, though.
We're using puppet 2.7.14 without an ENC (we have dashboard but don't
use it for ENC purposes), but we are using hiera. The absolute easiest
way (but likely *not* best) way to do this would be to do this with
a hiera setting like:
common.yaml:
---
manage_limits_conf: 'yes'
host1.example.com.yaml:
---
manage_limits_conf: 'no'
and then in your manifest that sets up limits.conf, just wrap with the
appropriate logic to check hiera() whether it should be managed or not.
A second example would be if you have a fact (probably a custom fact)
that could be used to determine the exact set of systems for which
limits.conf should not be managed. For example, we have a custom fact
(location) that returns the name of the datacenter a system is located in.
If you wanted all the systems in location=datacenter1 to not manage
limits.conf, then you could wrap your file{} resource in a conditional
that tests the fact.
Certainly vague answers to your question, but hopefully this gives you
something to go on. If it's not enough to go on, provide more information
about your environment. That will hopefully make it easier for someone to
suggest a method that works well for your environment.
Tim
--
Tim Mooney
Tim.M...@ndsu.edu
Enterprise Computing & Infrastructure
701-231-1076 (Voice)
Room 242-J6, IACC Building
701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164