Puppet users - Jun 2012 - Puppet Subscribe Metaparameter

Hello Everyone;

I am just learning puppet and playing around.

I was testing the ''subscribe'' metaparameter and making changes
to the live
file on the node, specifically, making modifications the
/etc/ssh/sshd_config.  What I found out was that puppet does not detect
changes to the live file, but, if I stage a new copy of the file (with
modifications), add it as a source to the resource, then subscribe does
restart the service.  I just wanted to make sure that my understanding is
correct...

Also, if my goal is to ensure that the contents of the file are NOT being
changed on the target host, how do you reccommend that I accomplish this?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

On 06/26/2012 01:39 AM, Worker Bee wrote:
> Hello Everyone;
> 
> I am just learning puppet and playing around. 
> 
> I was testing the ''subscribe'' metaparameter and making
changes to the
> live file on the node, specifically, making modifications the
> /etc/ssh/sshd_config.  What I found out was that puppet does not detect
well, puppet manages only the properties of sshd_config that you
explicitly tell it to manage. If you tell puppet the mode should be 664
and it finds 666, puppet will change the mode and the subscribed service
will be notified (i.e., restarted).
> changes to the live file, but, if I stage a new copy of the file (with
> modifications), add it as a source to the resource, then subscribe does
> restart the service.  I just wanted to make sure that my understanding
> is correct...
As long as you do *not* tell puppet what the file content should be,
puppet does not care about the file content at all. Specifically, it
does not try and remember what the contents looked like the last time
puppet checked and diff that against what''s there now. So if puppet has
no idea of desired file content, it won''t detect alterations, yes.
> Also, if my goal is to ensure that the contents of the file are NOT
> being changed on the target host, how do you reccommend that I
> accomplish this?
Puppet will replace the file with what is stored on the master, either
as a file or a template, i.e. by you defining content => or source =>
parameteres.

You cannot protect yourself from other root users changing your configs,
but puppet *will* undo them if given the opportunity. (Do not use this
for security purposes - if someone can write your configs, they can
propably disable the puppet agent as well.)

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.