FAQ
Hello Everyone;

I am just learning puppet and playing around.

I was testing the 'subscribe' metaparameter and making changes to the live
file on the node, specifically, making modifications the
/etc/ssh/sshd_config. What I found out was that puppet does not detect
changes to the live file, but, if I stage a new copy of the file (with
modifications), add it as a source to the resource, then subscribe does
restart the service. I just wanted to make sure that my understanding is
correct...

Also, if my goal is to ensure that the contents of the file are NOT being
changed on the target host, how do you reccommend that I accomplish this?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Felix Frank at Jun 26, 2012 at 7:55 am
    Hi,
    On 06/26/2012 01:39 AM, Worker Bee wrote:
    Hello Everyone;

    I am just learning puppet and playing around.

    I was testing the 'subscribe' metaparameter and making changes to the
    live file on the node, specifically, making modifications the
    /etc/ssh/sshd_config. What I found out was that puppet does not detect
    well, puppet manages only the properties of sshd_config that you
    explicitly tell it to manage. If you tell puppet the mode should be 664
    and it finds 666, puppet will change the mode and the subscribed service
    will be notified (i.e., restarted).
    changes to the live file, but, if I stage a new copy of the file (with
    modifications), add it as a source to the resource, then subscribe does
    restart the service. I just wanted to make sure that my understanding
    is correct...
    As long as you do *not* tell puppet what the file content should be,
    puppet does not care about the file content at all. Specifically, it
    does not try and remember what the contents looked like the last time
    puppet checked and diff that against what's there now. So if puppet has
    no idea of desired file content, it won't detect alterations, yes.
    Also, if my goal is to ensure that the contents of the file are NOT
    being changed on the target host, how do you reccommend that I
    accomplish this?
    Puppet will replace the file with what is stored on the master, either
    as a file or a template, i.e. by you defining content => or source =>
    parameteres.

    You cannot protect yourself from other root users changing your configs,
    but puppet *will* undo them if given the opportunity. (Do not use this
    for security purposes - if someone can write your configs, they can
    propably disable the puppet agent as well.)

    HTH,
    Felix

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 25, '12 at 11:39p
activeJun 26, '12 at 7:55a
posts2
users2
websitepuppetlabs.com

2 users in discussion

Worker Bee: 1 post Felix Frank: 1 post

People

Translate

site design / logo © 2022 Grokbase