FAQ
I have an entry for a file in a puppet manifest that checks file
properties. One is the MD5 checksum.

/etc/puppet/modules/Solaris/manifests/init.pp
file {"/etc/logadm.conf": mode=>"644", owner=>"root", group=>"sys",
checksum=>"md5", audit=>all; }

Wed Jul 23 03:31:41 -0700 2014
/Stage[main]/Solaris/File[/etc/logadm.conf]/content (notice): audit change:
previously recorded value {md5}4313e436be52ffe7a8296aec05612c0b has been
changed to {md5}fee96725c6872531af6e65b410f62a3d

How do you make the message go away?

--

thanks,
[ Lunixer ]

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACZbbm5VPEu%2BrSF%3D0Jy7R0%2B3zdPYTTpLqN8boJYAfONX8Q%2BC3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Lunixer at Jul 24, 2014 at 6:35 pm
    Does anyone have a tip regarding this?
    How do I stop it?

    I know that the "audit=>all" is causing this.
    It recorded the MD5 sum of the file when the audit ran for the first time.
    But a newer file was created as a result of patching the client machine.
    Is there a command I could rerun on the client or the server to make puppet
    aware of the new MD5 sum?


    Lun.


    On Wed, Jul 23, 2014 at 3:58 PM, Lunixer wrote:


    I have an entry for a file in a puppet manifest that checks file
    properties. One is the MD5 checksum.

    /etc/puppet/modules/Solaris/manifests/init.pp
    file {"/etc/logadm.conf": mode=>"644", owner=>"root", group=>"sys",
    checksum=>"md5", audit=>all; }

    Wed Jul 23 03:31:41 -0700 2014
    /Stage[main]/Solaris/File[/etc/logadm.conf]/content (notice): audit change:
    previously recorded value {md5}4313e436be52ffe7a8296aec05612c0b has been
    changed to {md5}fee96725c6872531af6e65b410f62a3d

    How do you make the message go away?

    --

    thanks,
    [ Lunixer ]


    --

    thanks,
    [ Lunixer ]

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACZbbm6YkUdV9XiEq7tgKt%3Dj9zK2_K2A8G3yGH_6c3dU4-qSZQ%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.
  • Christopher Wood at Jul 24, 2014 at 6:48 pm
    I was vaguely nosy, and found a note that the checksum is stored in state.yaml. Maybe stop puppet, nuke the state file, and start puppet?

    http://puppetlabs.com/blog/all-about-auditing-with-puppet

    /var/lib/puppet/state/state.yaml

    NB: Untested advice, potentially dangerous, use at your own risk.
    On Thu, Jul 24, 2014 at 11:35:14AM -0700, Lunixer wrote:
    Does anyone have a tip regarding this?
    How do I stop it?

    I know that the "audit=>all" is causing this.
    It recorded the MD5 sum of the file when the audit ran for the first time.
    But a newer file was created as a result of patching the client machine.
    Is there a command I could rerun on the client or the server to make
    puppet aware of the new MD5 sum?

    Lun.

    On Wed, Jul 23, 2014 at 3:58 PM, Lunixer wrote:

    I have an entry for a file in a puppet manifest that checks file
    properties. One is the MD5 checksum.

    /etc/puppet/modules/Solaris/manifests/init.pp
    file {"/etc/logadm.conf": mode=>"644", owner=>"root", group=>"sys",
    checksum=>"md5", audit=>all; }

    Wed Jul 23 03:31:41 -0700 2014
    /Stage[main]/Solaris/File[/etc/logadm.conf]/content (notice): audit
    change: previously recorded value {md5}4313e436be52ffe7a8296aec05612c0b
    has been changed to {md5}fee96725c6872531af6e65b410f62a3d

    How do you make the message go away?

    --
    thanks,
    [ Lunixer ]

    --
    thanks,
    [ Lunixer ]

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to [2]puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit
    [3]https://groups.google.com/d/msgid/puppet-users/CACZbbm6YkUdV9XiEq7tgKt%3Dj9zK2_K2A8G3yGH_6c3dU4-qSZQ%40mail.gmail.com.
    For more options, visit [4]https://groups.google.com/d/optout.

    References

    Visible links
    1. mailto:lunixer@gmail.com
    2. mailto:puppet-users+unsubscribe@googlegroups.com
    3. https://groups.google.com/d/msgid/puppet-users/CACZbbm6YkUdV9XiEq7tgKt%3Dj9zK2_K2A8G3yGH_6c3dU4-qSZQ%40mail.gmail.com?utm_medium=email&utm_source=footer
    4. https://groups.google.com/d/optout
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140724184814.GA23659%40iniquitous.heresiarch.ca.
    For more options, visit https://groups.google.com/d/optout.
  • Lunixer at Jul 24, 2014 at 11:27 pm
    Thanks for the pointer. I believe this does it.

    No need to stop the puppet agent. Just two things:
    - blank the /var/lib/puppet/state/state.yaml file
    - run the puppet agent
    New values are recorded.


    Blank the file.
    # cp /dev/null state.yaml

    Run the agent.

    # /opt/puppet/bin/puppet agent --test
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/ensure: audit change:
    newly-recorded value file
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/content: audit change:
    newly-recorded value {md5}e08b47228d3d97a3dbe2004d821500b2
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/target: audit change:
    newly-recorded value notlink
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/owner: audit change:
    newly-recorded value 0
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/group: audit change:
    newly-recorded value 3
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/mode: audit change:
    newly-recorded value 644
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/type: audit change:
    newly-recorded value file
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/seluser: audit change:
    newly-recorded value
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/selrole: audit change:
    newly-recorded value
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/seltype: audit change:
    newly-recorded value
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/selrange: audit change:
    newly-recorded value
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/ctime: audit change:
    newly-recorded value Thu Jul 24 03:10:00 -0700 2014
    notice: /Stage[main]/Solaris/File[/etc/logadm.conf]/mtime: audit change:
    newly-recorded value Thu Jul 24 03:10:00 -0700 2014

    Next run is normal

    # /opt/puppet/bin/puppet agent --test
    warning: iconv couldn't be loaded, which is required for UTF-8/UTF-16
    conversions
    info: Caching catalog for host.example.com
    info: Applying configuration version '1406237846'
    notice: Finished catalog run in 0.42 second

    The puppet agent writes the information to state.yaml.

    # ls -l /var/lib/puppet/state
    total 370
    drwxr-xr-x 2 root root 5 Oct 25 2012 graphs
    -rw-rw---- 1 root root 420363 Jul 24 14:19 last_run_report.yaml
    -rw-rw---- 1 root root 243 Jul 24 14:19 last_run_summary.yaml
    -rw-r--r-- 1 root root 2825 Jul 24 14:19 resources.txt
    -rw-rw---- 1 root root 42639 Jul 24 14:19 state.yaml

    The file state.yaml records the MD5 sum.

    # view /var/lib/puppet/state/state.yaml
       "File[/etc/logadm.conf]":
         !ruby/sym type: file
         !ruby/sym checked: 2014-07-24 15:14:08.612241 -07:00
         !ruby/sym target: !ruby/sym notlink
         !ruby/sym owner: 0
         !ruby/sym seltype:
         !ruby/sym group: 3
         !ruby/sym selrange:
         !ruby/sym mode: "644"
         !ruby/sym seluser:
         !ruby/sym mtime: 2014-07-24 03:10:00.000000 -07:00
         !ruby/sym ensure: !ruby/sym file
         !ruby/sym content: "{md5}e08b47228d3d97a3dbe2004d821500b2"
         !ruby/sym selrole:
         !ruby/sym ctime: 2014-07-24 03:10:00.000000 -07:00

    The last run is recorded in the file below.

    # view /var/lib/puppet/state/last_run_report.yaml
         "File[/etc/logadm.conf]": !ruby/object:Puppet::Resource::Status
           change_count: 0
           changed: false
           evaluation_time: 0.000796
           events: []
           failed: false
           file: *id001
           line: 73
           out_of_sync: false
           out_of_sync_count: 0
           resource: "File[/etc/logadm.conf]"
           resource_type: File
           skipped: false
           tags:
             - file
             - class
             - Solaris
           time: 2014-07-24 15:14:08.611898 -07:00
           title: /etc/logadm.conf

    Thanks,
    Lun

    On Thu, Jul 24, 2014 at 11:48 AM, Christopher Wood wrote:

    I was vaguely nosy, and found a note that the checksum is stored in
    state.yaml. Maybe stop puppet, nuke the state file, and start puppet?

    http://puppetlabs.com/blog/all-about-auditing-with-puppet

    /var/lib/puppet/state/state.yaml

    NB: Untested advice, potentially dangerous, use at your own risk.
    On Thu, Jul 24, 2014 at 11:35:14AM -0700, Lunixer wrote:
    Does anyone have a tip regarding this?
    How do I stop it?

    I know that the "audit=>all" is causing this.
    It recorded the MD5 sum of the file when the audit ran for the first time.
    But a newer file was created as a result of patching the client machine.
    Is there a command I could rerun on the client or the server to make
    puppet aware of the new MD5 sum?

    Lun.

    On Wed, Jul 23, 2014 at 3:58 PM, Lunixer wrote:

    I have an entry for a file in a puppet manifest that checks file
    properties. One is the MD5 checksum.

    /etc/puppet/modules/Solaris/manifests/init.pp
    file {"/etc/logadm.conf": mode=>"644", owner=>"root", group=>"sys",
    checksum=>"md5", audit=>all; }

    Wed Jul 23 03:31:41 -0700 2014
    /Stage[main]/Solaris/File[/etc/logadm.conf]/content (notice): audit
    change: previously recorded value
    {md5}4313e436be52ffe7a8296aec05612c0b
    has been changed to {md5}fee96725c6872531af6e65b410f62a3d

    How do you make the message go away?

    --
    thanks,
    [ Lunixer ]

    --
    thanks,
    [ Lunixer ]

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to [2]puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit
    [3]
    https://groups.google.com/d/msgid/puppet-users/CACZbbm6YkUdV9XiEq7tgKt%3Dj9zK2_K2A8G3yGH_6c3dU4-qSZQ%40mail.gmail.com
    .
    For more options, visit [4]https://groups.google.com/d/optout.

    References

    Visible links
    1. mailto:lunixer@gmail.com
    2. mailto:puppet-users+unsubscribe@googlegroups.com
    3.
    https://groups.google.com/d/msgid/puppet-users/CACZbbm6YkUdV9XiEq7tgKt%3Dj9zK2_K2A8G3yGH_6c3dU4-qSZQ%40mail.gmail.com?utm_medium=email&utm_source=footer
    4. https://groups.google.com/d/optout
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/20140724184814.GA23659%40iniquitous.heresiarch.ca
    .
    For more options, visit https://groups.google.com/d/optout.


    --

    thanks,
    [ Lunixer ]

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACZbbm6j%2BDjTTjNvLJdnOFe%3Dc1QzBqc8qwEZo-2DMsBDv0FJmA%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJul 23, '14 at 10:58p
activeJul 24, '14 at 11:27p
posts4
users2
websitepuppetlabs.com

2 users in discussion

Lunixer: 3 posts Christopher Wood: 1 post

People

Translate

site design / logo © 2022 Grokbase