Sometimes you only want to manage a resource one time. This will help you do that.

Ben Ford



6,456 latest version

3.3 quality score

Version information

  • 0.0.1 (latest)
released Jun 20th 2016

Start using this module


binford2k/manageonce — version 0.0.1 Jun 20th 2016


Table of Contents

  1. Overview
  2. Usage - Configuration options and additional functionality
  3. Limitations - OS compatibility, etc.
  4. Development - Guide for contributing to the module


I'll bet that at one time or another, you've wanted the ability to manage certain resources on a node--but only once. For example, you may want to manage user accounts with a defined initial password, but give your users the ability to update their password.


It's very simple. Just add the word manageonce before your resource declaration and it will only be managed one time. This will currently work for file and user resource types only.

manageonce::file { '/root/.bashrc':
  owner   => 'root',
  group   => 'root,
  mode    => '0644,
  content => file('mymod/bashrc'),

Alternatively, you can declare any resource type by using the manageonce type:

manageonce { "puppet master host entry":
  resourcetype  => 'host',
  resourcetitle => 'master.puppetlabs.vm',
  parameters    => { 'ip =>', 'aliases' => ['puppet, master'] }

Finally, if you'd like to continue managing the resource, except for a certain parameter or two, then you can pass an array of parameter names as $onlyonce. Any parameters in that list will be managed one time only.

manageonce::user { 'joe':
  ensure   => present,
  password => hiera('defaults::user::initialpassword'),
  onlyonce => ['password'],


This will currently only run on Unix-like platforms due to the hard-coded path for the external facts.d directory.


I take no liability for the use of this module. As this uses standard Ruby, the only reason that it won't work anywhere Puppet itself does is that it's got a hard-coded path. (TODO: fix this!)

I have not yet validated on anything other than CentOS.