inhibit notify

[Cristian Falcas]

Hi,

Is it possible to inhibit notify message on per resource basis?

For example, we use the fog library and it needs the AWS credentials
to be in /root/.fog

If we manage this file from puppet and anything changes, the
credentials will remain in the reports and we don't want this.

Can we stop the notify message from this file resource?

Best regards,
Cristian Falcas

[Martin Alfke]

I am unsure whether one of the following will work:

one option would be to set backup to false.
another would be to lower the log level.
(http://docs.puppetlabs.com/references/latest/metaparameter.html#loglevel)

[jcbollinger]

I don't think you can prevent Puppet from reporting the file changed, but you could try declaring

  show_diff => false

on the File resource by which it is managed.  That will prevent Puppet from emitting the details of the change into its log, and it might also prevent those details from being included in the report sent back to the master (when that feature is enabled).

If by "reports" you just mean Puppet's log, then that should do the trick.  If instead you mean it in the Puppet sense, and turning off show_diff doesn't work, and you're really worried about the credentials appearing in a file on the same server that provides the credentials in the first place, then perhaps you can implement a report processor on the master that will strip the credentials from reports.

Alternatively, you could manage the file via a custom package.  Then Puppet would report when the package was updated, but the report (log or bona fide report) would not contain details about the changes.


John