Closed Bug 791102 Opened 8 years ago Closed 8 years ago

disable puppet's diffs by force

Categories

(mozilla.org Graveyard :: Server Operations, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dustin, Assigned: dustin)

References

Details

Attachments

(1 file)

Pupppet's habit of showing diffs is handy when you want to know what's changed, but it has a nasty way of sending those diffs all the heck over the place - including to the dashboard and, in the event of an error, in email.

That's bad.

I had a bug filed earlier to try to disable this the "normal" way.  But this capability needs to be brutally ripped out of puppet.

Jabba suggested wrapping 'puppet' and 'puppetd' to replace --test with the proper set of options; another option is a patch applied to puppet after installation to basically comment out the diff generation.
Blocks: 734123
FWIW I'd highly prefer a way to *manualy* trigger diff generation when doing local testing, eg so it spews to console when I type |puppet agent --test --show-unsafe-diff| or something. But if that is more work than its worth, turning off diff entirely is "ok".
The problem is, when you do that, the diff goes everywhere.  So that's the security risk I want to avoid here.  We already don't get diffs for timed/startup runs of puppet.
I just added a feature req for the "better" way to do this, btw:
  https://projects.puppetlabs.com/issues/16412
Hah, this is pretty easy, actually:

    diff = echo
    diff_args = DIFFS DISABLED - https://bugzilla.mozilla.org/show_bug.cgi?id=791102
Attached patch bug791102.patchSplinter Review
Attachment #661200 - Flags: review?
Attachment #661200 - Flags: review? → review?(bugspam.Callek)
Comment on attachment 661200 [details] [diff] [review]
bug791102.patch

Review of attachment 661200 [details] [diff] [review]:
-----------------------------------------------------------------

Weirdly hacky looking ;-) but should work
Attachment #661200 - Flags: review?(bugspam.Callek) → review+
Comment on attachment 661200 [details] [diff] [review]
bug791102.patch

Oh, it's definitely a hack.  Checked in.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.