Hi,
On 06/26/2012 01:39 AM, Worker Bee wrote:
Hello Everyone;
I am just learning puppet and playing around.
I was testing the 'subscribe' metaparameter and making changes to the
live file on the node, specifically, making modifications the
/etc/ssh/sshd_config. What I found out was that puppet does not detect
well, puppet manages only the properties of sshd_config that you
explicitly tell it to manage. If you tell puppet the mode should be 664
and it finds 666, puppet will change the mode and the subscribed service
will be notified (i.e., restarted).
changes to the live file, but, if I stage a new copy of the file (with
modifications), add it as a source to the resource, then subscribe does
restart the service. I just wanted to make sure that my understanding
is correct...
As long as you do *not* tell puppet what the file content should be,
puppet does not care about the file content at all. Specifically, it
does not try and remember what the contents looked like the last time
puppet checked and diff that against what's there now. So if puppet has
no idea of desired file content, it won't detect alterations, yes.
Also, if my goal is to ensure that the contents of the file are NOT
being changed on the target host, how do you reccommend that I
accomplish this?
Puppet will replace the file with what is stored on the master, either
as a file or a template, i.e. by you defining content = or source =
parameteres.
You cannot protect yourself from other root users changing your configs,
but puppet *will* undo them if given the opportunity. (Do not use this
for security purposes - if someone can write your configs, they can
propably disable the puppet agent as well.)
HTH,
Felix
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
