Home / server / Questions / 525749
Accepted
jayunit100
Asked: 2013-07-24 12:26:58 +0800 CST

Can you unapply a puppet manifest action?

  • 772

I've applied a puppet manifest, which in turn included a puppet module that added several entities to /opt/...

Is there a way to undo the effects of an applied puppet module ?

i.e. "puppet module uninstall ..."

puppet

3 Answers

  1. Best Answer

    There is not. Because a puppet module can execute arbitrary commands, there's no way to determine exactly what "unapply" means.

    Some modules ship with a corresponding anti-module that will perform the uninstall (e.g, foo vs foo::disable), but that requires explicit coding.

    • 9

  2. although it would be nice, but there is no unapply available.

    you would have to write an undo recipe yourself, depending on what you did exactly (installed package? then purge it, added user? then disable it, etc.)

    the replaced files should be stored in the clientbucket (/var/lib/puppet/clientbucket usually but it depends on your version and your setting)

    • 4

  3. No, there's not. What a module will do can depend very much on the state of your system. For example, what if you already had some of those entries that were added in /opt on your system? Then it would have only added the missing ones. And once the state has changed, Puppet no longer cares about what that previous state was. The next time the agent runs it's just going to compare what the state of the system currently is to what it thinks it should be and then line them up.

    One of the key concepts of Puppet is idempotency, meaning that if you ran the manifest multiple times you'd always end up with the same result. What you're trying to do is enforce a known end state that you want to occur. If the module does things you don't want it to, you can either not use it and write your own or you can modify it.

    As robbyt mentioned, using --noop mode is very helpful when you're testing new manifests. You should also be looking to test them somewhere else before you apply them to your production systems. VMs are great for this sort of testing, you can take a snapshot and then roll back if needed.

    Your agent runs should be getting logged to syslog. You can also examine the logs and see what was done and undo the changes manually (you can also see historical logs through the web console if you're using Puppet Enterprise). But that won't help if that module is still applied to the node, the agent will just put things back when it runs again.

    • 0