Containment

Containment is what controls the order in which the various parts of your Puppet code are executed. Containment is the relationship that resources have to classes and defined types, determining what has to happen before other things can happen.

Classes and defined type instances contain the resources they declare. Contained resources are not applied before the container begins, and they finish before the container finishes.

This means that if any resource or class forms a relationship with the container, it forms the same relationship with every resource inside the container.

Consider this example:

class ntp {
  file { '/etc/ntp.conf':
    ...
    require => Package['ntp'],
    notify  => Service['ntp'],
  }
  service { 'ntp':
    ...
  }
  package { 'ntp':
    ...
  }
}

include ntp
exec {'/usr/local/bin/update_custom_timestamps.sh':
  require => Class['ntp'],
}

Here, exec['/usr/local/bin/update_custom_timestamps.sh'] would happen after every resource in the ntp class, including the package, file, and service.

Containment allows you to notify and subscribe to classes and defined resource types as though they were a single resource.