Sometimes you need to rule with an iron fist and remove ANY host entries not managed by puppet.
class remove_unmanaged {
# always test with noop first!
resources { 'host':
purge => true,
noop => true,
}
# remove ALL unmanaged host resources
resources { 'host': purge => true }
}
Once you're feeling more confident with puppet you may want to start removing hand added configs from your systems. While puppet makes this amazingly easy (maybe too easy...) it also provides some useful logging capabilities to show you what would have changed.
Using the resources metatype (a metatype is used to manage other
types) the first example above will 'pretend' to remove all host
file entries that are not puppet managed, including the entry for
localhost (which you'll need to puppet manage if you try resource
purging). It will log all the resources that will be purged, when you
remove the noop => true and re-run puppet, in a format like this:
notice: /Host[localhost.localdomain]/ensure: is present, should be absent (noop)
When you remove the noop => true puppet will remove any unmanaged
host entries while leaving all the ones it controls in place. This is
one of the places where centralised configuration management gives you
more than enough rope to hang yourself so always run in noop mode first,
double check the edge cases, like the localhost entry, and use the power
wisely.