I'm a little confused by the output of the puppet resource
commands, and the documentation isn't helping me.
If I run puppet resource user myuser
for example, it yields:
user { 'myuser':
ensure => 'present',
comment => 'Ubuntu',
gid => '1000',
groups => ['cdrom', 'floppy', 'sudo', 'audio', 'dip', 'video', 'plugdev', 'netdev'],
home => '/home/myuser',
shell => '/bin/bash',
uid => '1000',
}
This command gives the same output whether the user account is Puppetized or not. In this case, the node has no Puppet manifests applied that affects this user. I could delete this account and it would not be re-created. So, what is this output telling me? The ensure => present
attribute is certainly not telling me that Puppet will ensure that the account is present.
Is this basically telling me 'if you want Puppet to keep this user account in it's current configuration state, here's what you'd stick in a manifest'? Or am I completely misunderstanding the point?
Puppet can be used to audit the state of your system. Part of the functionality of auditing the state of your system is being able to actually read the state of some resource. Puppet only changes things on a system when a resource is isn't what it is supposed to be. It must be able load the current state of a resource to decide if a change is required.
The
puppet resource
command simply exposes that functionality. It isn't used directly very often, but it is sometimes useful for debugging. You can certainly use it to help you figure out how to compose your manifest if you want. In any case, the functionality is absolutely required for primary functions of puppet. The puppet resource is just a bit of the plumbing that has been exposed because it is occasionally useful.