[kwlug-disc] Puppet partial config templates

John Van Ostrand john at netdirect.ca
Sun Aug 22 08:25:00 EDT 2010

I don't use puppet (yet) but it seems to me that the purpose of using puppet 
to configure systems is to maintain both consistency and a centralized 

The best way to maintain consistency is to replace the entire config. 
Editing commands like AppendIfNoSuchLine are not guaranteed to produce 

The issue of upgrades is probably moot. Do upgrades in Debian replace 
existing config files? In RPM based distros they don't, a .rpmnew file is 
created and the admin has to manually integrate their changes into the new 
config if desired. So upgrades require me to scan for changes anyway or risk 
missing a new config or, in rare cases, have an upgraded package fail to 

As for tracking changes isn't that what comments and RCS' are for?

----- Original Message -----
From: kwlug-disc-bounces at kwlug.org <kwlug-disc-bounces at kwlug.org>
To: kwlug-disc at kwlug.org <kwlug-disc at kwlug.org>
Sent: Sun Aug 22 03:03:45 2010
Subject: [kwlug-disc] Puppet partial config templates

So I still don't understand Puppet -- I am very much in the reading
stages. I am sure this is a newbie complaint, but here goes: the
configuration files (in /etc) for many packages are pretty verbose.
They are well-commented and often specify options that I intentionally
don't touch. Instead, I change the one or two lines I care about and
move on with my life.

As far as I can tell, Puppet .erb templates want me to reproduce
config files as templates, rather than edit the files directly.

Bad old cfengine2 had directives like "AppendIfNoSuchLine" that would allow
you to concisely list the changes you want to make to config files.
I do not see how you do that in shiny beautiful Puppet.

This matters to me because for the most part I trust the Debian
package maintainer's choices over my own judgement when it comes to
config files. If a Debian maintainer sets an option, I usually want to
agree with that option. I also appreciate the good comments in many
config files, and I want to keep them. But Puppet wants me to take
control of the config files entirely, which means that when there are
important new versions of the config files released, I have to
*manually* inspect files for differences. I don't like that -- I want
the Debian config file tools to handle as much of this as possible.
(Yes, I know that on upgrades sysadmins have to look at config files
manually sometimes, but I think the tools for handling this are
getting better, and Puppet undoes this.)

I also want to highlight the important options that are being changed
in each file, and including only the changes in my Puppet
configuration seems like a good way to do this.

What am I misunderstanding?

- Paul


kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org

More information about the kwlug-disc mailing list