On 06/26/2012 01:39 AM, Worker Bee wrote:
I am just learning puppet and playing around.
I was testing the 'subscribe' metaparameter and making changes to the
live file on the node, specifically, making modifications the
/etc/ssh/sshd_config. What I found out was that puppet does not detect
well, puppet manages only the properties of sshd_config that you
explicitly tell it to manage. If you tell puppet the mode should be 664
and it finds 666, puppet will change the mode and the subscribed service
will be notified (i.e., restarted).
changes to the live file, but, if I stage a new copy of the file (with
modifications), add it as a source to the resource, then subscribe does
restart the service. I just wanted to make sure that my understanding
As long as you do *not* tell puppet what the file content should be,
puppet does not care about the file content at all. Specifically, it
does not try and remember what the contents looked like the last time
puppet checked and diff that against what's there now. So if puppet has
no idea of desired file content, it won't detect alterations, yes.
Also, if my goal is to ensure that the contents of the file are NOT
being changed on the target host, how do you reccommend that I
Puppet will replace the file with what is stored on the master, either
as a file or a template, i.e. by you defining content => or source =>
You cannot protect yourself from other root users changing your configs,
but puppet *will* undo them if given the opportunity. (Do not use this
for security purposes - if someone can write your configs, they can
propably disable the puppet agent as well.)
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to email@example.com.
To unsubscribe from this group, send email to firstname.lastname@example.org.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.