Linux – Puppet conditional include based on selinux fact not working

centoslinuxpuppet

I have a class in a module:

# File: modules/selinux/tools.pp
class selinux::tools {
        $packages = ['policycoreutils-python',]

        package { $packages:
                ensure => installed
        }
}

Then, my default node:

# File: manifests/nodes/default.pp
node default {
        if $selinux {
                include selinux::tools
        }
}

I restart puppetmaster and the puppet agent. However, the package gets installed in the node even though the selinux fact is false:

$ facter -p selinux
false

What am I missing here?

Best Answer

The "true" or "false" in the selinux fact is just a string to Puppet, it doesn't treat the contents of the string as a boolean. The correct thing to do is just to compare it to another string:

if $selinux == "true" {
    include selinux::tools
}

There is a feature request to change the behavior so that Facter booleans are properly treated as Puppet booleans.

Related Solutions

Puppet installing multiple packages results in Package[undef] error

Using it as $::packages states explicitly that you want the variable to be looked up in the top scope, outside of any class. Since you seem to be defining it inside a class, this won't work.

Just use package { $packages: or package { $classname::packages: instead.

How to redefine parameters in subclass

Answer the meta question of how do you make this work, If you're using Passenger to run your Puppet master, which you should if you've a system of any size, there is a simple workaround to the madness that is the puppetlabs module. You simply drop a new file called /etc/puppet/puppetmaster.conf and maybe some other bits of config in a new module called puppetmaster and also add this line to the config.ru

ARGV << "--config=/etc/puppet/puppetmaster.conf"

You can use some of the logic inside the puppetlabs module, but it might be simpler to just push a file or less complex template if you don't care about having every single bit of config as a parameter. Then include puppetmaster on the nodes that are masters and you're set. You can also modify the existing puppetlabs to do the above.

Addressing the original question, Hiera might be the simplest solution. Use this in the init.pp

$master                   = hiera('puppet_master','false'),

and then set puppet_master: true for the machines that need it. Personally my preference is for the first method.

Best Answer

Related Solutions

Puppet installing multiple packages results in Package[undef] error

How to redefine parameters in subclass

Related Topic