linuxpuppetinfrastructure-as-code

Purging Puppet files where I don't manage the content


Trying to manage files created by an Exec in Puppet. I would like to make sure that we don't have any un-managed files.

Example code:

file { '/tmp/puppet_example':
  ensure => directory,
  purge  => true,
}
$files = [
  '/tmp/puppet_example/file1.json',
  # '/tmp/puppet_example/file2.json',
  '/tmp/puppet_example/file3.json',
]
$files.each |$file| {
  exec { "exec_${file}":
    creates => $file,
    command => "/usr/bin/touch ${file}",
    require => File['/tmp/puppet_example'],
  }
  file { $file:
    ensure  => file,
    replace => false,
    require => File['/tmp/puppet_example'],
  }
}

If an entry in $files get removed, the respective files are not purged.

What is the correct way of managing files where I don't manage the content? Or is this a feature of the replace attribute:

Setting this to false allows file resources to initialize files without overwriting future changes


Solution

  • If an entry in $files get removed, the respective files are not purged.

    I guess you're referring to the fact that you are managing the directory of these files with purge => true. Per the docs, however, purge is only relevant when you are managing a directory with recurse => true, which you are not doing.

    Consider the docs of recurse => true:

    If the source attribute is set, this behaves similarly to recurse => remote, automatically managing files from the source directory.

    This also enables the purge attribute, which can delete unmanaged files from a directory. See the description of purge for more details.

    The source attribute is not mandatory when using recurse => true, so you can enable purging in directories where all files are managed individually.

    (emphasis added).

    As far as I understand what you're looking for, you should be able to achieve it by adding (just) recurse => true to the File resource managing the directory:

    file { '/tmp/puppet_example':
      ensure  => directory,
      recurse => true,
      purge   => true,
    }
    

    What is the correct way of managing files where I don't manage the content? Or is this a feature of the replace attribute

    I take the point to be to put the files under nominal management to protect them from purging, but not otherwise to do anything with them. With respect to that:

    Overall, the minimum you need to do is declare the files without any attributes:

      file { $file: }
    

    That defaults to ensure => file, so it will create an empty file if the file does not already exist at all. Otherwise, nothing about the file is managed. I like this particular form for your purposes, as I think it emphasizes that you're only nominally managing the designated file. Nevertheless, the form presented in the question is fine for your purposes too.