If you're using puppet as part of your system deployment process, you may notice some issues related to the fact that you're in a half-baked chroot rather than a full-fledged system when puppet runs.
Concrete example: anaconda/kickstart and RHEL. You won't be able to start the SSH daemon when puppet runs in the KS chroot if you're already running SSH in anaconda outside of the chroot. This means that using ensure => running on your sshd resource will cause a failure.
My approach to kickstart is "do as little with kickstart as possible and let puppet do as much as possible." The only stuff I want in kickstart is stuff that *has* to be in kickstart: partitioning, setting up the network, installing and running puppet, etc. There's no reason to duplicate stuff between KS and puppet, and if you offload too much logic to KS your puppet config's notion of how to configure resources will be incomplete and dependent on your KS process.
Problem is, those failed resources can really add up, and it means you might not get a full puppet run during deployment. Luckily, there's a pretty easy workaround: a custom fact that exists only in kickstart. For any resources that will fail in kickstart, you can wrap them in a check for that fact.
How it works in practice! Add this to your kickstart script, after puppet is installed but before it runs (obviously, if your facts are in a different path, put it where they go):
cat >> /usr/lib/ruby/site_ruby/1.8/facter/in_kickstart.rb << EOF
Facter.add("in_kickstart") do
setcode do
1
end
end
EOF
This is about the simplest fact that can exist; all it'll do is set the fact $::in_kickstart to "1".
After puppet runs in your kickstart, simply get rid of that file so that the subsequent run won't have the fact any more:
rm /usr/lib/ruby/site_ruby/1.8/facter/in_kickstart.rb
Now, in puppet's DSL, you'd do something like the following to utilize it:
# do not actually start the ssh daemon when we are inside kickstart
if $::in_kickstart {
service {"sshd":
enable => true,
}
} else {
service {"sshd":
subscribe => File["/etc/ssh/sshd_config"],
ensure => running,
enable => true,
}
}
In this case you just need to get rid of the "ensure" option; in others it might be more complex.