On 10/13/14 8:59 AM, Trevor Vaughan wrote:
> Would it be possible to side-load this into PuppetDB?
>
> For instance, instead of running the full list of checks with every run
> of puppet, have a cron job (or something) that runs the list and feeds
> the data directly into PuppetDB for the node.
>
> That would take the pressure off of each Puppet run but still make the
> data available.
>
> A nifty MCollective plugin for triggering full runs or targeting
> specific CVE regexes would be handy for catching things like Shellshock.
>
> For skipping facts, why not use a JSON/YAML file?
>
> Trevor
>
Hi Trevor,
Goal is to use facts so vulnerabilities could be determined without
Puppet while also working with Puppet and its ecosystem - PuppetDB and
MCollective.
Good idea on skipping facts using structured data. While that is easy on
the fact side to implement in ruby, it seems easier to implement from
puppet using either file{} or file_line{} as I want to maintain the
ability to specify an array of facts to skip through Hiera.
BTW: Could really use help adding code to check for more CVE's :)
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/543C00CE.1000301%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.
