The issue is simple: I don’t want that my password appear in Puppet log if the command fail. But you still have to pass it in order to make that Exec ! Here is how to dow it:
First the exec:
exec{'my_awesome_exec':
command => '/home/matt/swag.sh -pass=fooBar'
}And the resulting output:
Error: /home/matt/swag.sh -pass=fooBar returned 1 instead of one of [0]
Error: /Stage[main]/Ntp/Exec[my_awesome_exec]/returns: change from notrun to 0 failed: /home/matt/swag.sh -pass=fooBar returned 1 instead of one of [0]
The best solution I found to deal with that is to use environment variable like that:
exec{'my_awesome_exec':
command => '/home/matt/swag.sh -pass=$PASS',
environment => 'PASS=fooBar'
}Be careful with the simple quote around the “command”. If you use classic quote (“), Puppet will try to replace $PASS so the resulting command will be:
/home/matt/swag.sh -pass=
Not what we want.
And the final result:
Error: /home/matt/swag.sh -pass=$PASS returned 1 instead of one of [0]
Error: /Stage[main]/Ntp/Exec[my_awesome_exec]/returns: change from notrun to 0 failed: /home/matt/swag.sh -pass=$PASS returned 1 instead of one of [0]
Much better !