Is it possible to suppress specific error messages when running a Puppet manifest?
The following snippet activates and starts iptables if the file /etc/sysconfig/iptables exists. It works fine, but "Check for iptables rulesfile" generates an error message that I would like to hide. I checked the (v2.7) docs the options of the exec resource type and Googled, but no luck.
cat init.pp
service { "iptables":
enable => true,
ensure => running,
require => Exec["Check for iptables rulesfile"];
}
exec { "Check for iptables rulesfile":
command => "/usr/bin/test -f /etc/sysconfig/iptables",
returns => "0";
}
puppet apply --debug init.pp
...
err: /Stage[main]//Exec[Check for iptables rulesfile]/returns: change from notrun to 0 failed: /usr/bin/test -f /etc/sysconfig/iptables returned 1 instead of one of [0] at init.pp:12
...
warning: /Stage[main]//Service[iptables]: Skipping because of failed dependencies
Any thoughts?
P.S. Yes, I'm aware this is not the 'right' way to manage firewall rules with Puppet.
I gather that you want the iptables service to only be enabled and running if /etc/sysconfig/iptables exists. One easy option would be to create a custom fact named iptables (or whatever tickles your fancy) and use that boolean to decide whether or not to execute the service block. For example:
Create a custom fact in your module, in $module_name/lib/facter:
Then, in your service block have something like this:
This will only execute that service block if that file exists. I think that's what you want.
Boscoe sketches a very good solution.
Your hack might work as well, try with the loglevel metaparameter.
Note that the service resource will complain about failed dependencies.