You never heard of nmap, eh? If you want to start talking about security and auditing, that's a whole other can of worms.
It's a bad idea to assume that Defined State and Actual State will match. Anyway, I think you're forgetting that node state in Puppet is explicit by nature. What you're asking for defies this. If your node changes roles, reinstall the OS. On Thu, Jul 14, 2011 at 4:48 PM, Darrell Fuhriman <darr...@garnix.org>wrote: > > But that's because I want the puppet configs to be the first (and ideally > only) place I need to go to find out what a given system's state is. That's > why I automate in the first place. It's also the basis for my wanting a !X > class – because currently I have no easy way of knowing if node Y is running > a webserver or not without logging into it and checking. If I had a > !webserver class, I could feel confident that node Y is not a webserver just > by looking at the puppet configs. > > That's good for security, good for auditing, good for performance, and good > for piece of mind. :) > > Darrell > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
