Closed Bug 791102 Opened 8 years ago Closed 8 years ago

disable puppet's diffs by force


( Graveyard :: Server Operations, task)

Not set


(Not tracked)



(Reporter: dustin, Assigned: dustin)




(1 file)

Pupppet's habit of showing diffs is handy when you want to know what's changed, but it has a nasty way of sending those diffs all the heck over the place - including to the dashboard and, in the event of an error, in email.

That's bad.

I had a bug filed earlier to try to disable this the "normal" way.  But this capability needs to be brutally ripped out of puppet.

Jabba suggested wrapping 'puppet' and 'puppetd' to replace --test with the proper set of options; another option is a patch applied to puppet after installation to basically comment out the diff generation.
Blocks: 734123
FWIW I'd highly prefer a way to *manualy* trigger diff generation when doing local testing, eg so it spews to console when I type |puppet agent --test --show-unsafe-diff| or something. But if that is more work than its worth, turning off diff entirely is "ok".
The problem is, when you do that, the diff goes everywhere.  So that's the security risk I want to avoid here.  We already don't get diffs for timed/startup runs of puppet.
I just added a feature req for the "better" way to do this, btw:
Hah, this is pretty easy, actually:

    diff = echo
    diff_args = DIFFS DISABLED -
Attached patch bug791102.patchSplinter Review
Attachment #661200 - Flags: review?
Attachment #661200 - Flags: review? → review?(bugspam.Callek)
Comment on attachment 661200 [details] [diff] [review]

Review of attachment 661200 [details] [diff] [review]:

Weirdly hacky looking ;-) but should work
Attachment #661200 - Flags: review?(bugspam.Callek) → review+
Comment on attachment 661200 [details] [diff] [review]

Oh, it's definitely a hack.  Checked in.
Closed: 8 years ago
Resolution: --- → FIXED
Product: → Graveyard
You need to log in before you can comment on or make changes to this bug.