A collection of task oriented solutions in Puppet


Remove all unmanaged host entries


Sometimes you need to rule with an iron fist and remove ANY host entries not managed by puppet.


class remove_unmanaged {

  # always test with noop first!
  resources { 'host':
    purge => true,
    noop  => true,

  # remove ALL unmanaged host resources
  resources { 'host': purge => true }



Once you're feeling more confident with puppet you may want to start removing hand added configs from your systems. While puppet makes this amazingly easy (maybe too easy...) it also provides some useful logging capabilities to show you what would have changed.

Using the resources metatype (a metatype is used to manage other types) the first example above will 'pretend' to remove all host file entries that are not puppet managed, including the entry for localhost (which you'll need to puppet manage if you try resource purging). It will log all the resources that will be purged, when you remove the noop => true and re-run puppet, in a format like this:

notice: /Host[localhost.localdomain]/ensure: is present, should be absent (noop)

When you remove the noop => true puppet will remove any unmanaged host entries while leaving all the ones it controls in place. This is one of the places where centralised configuration management gives you more than enough rope to hang yourself so always run in noop mode first, double check the edge cases, like the localhost entry, and use the power wisely.

See also