Puppet users - Mar 2009 - force backup of config files

This is the situation:
We have a bunch of config files. We check if mtime changed.
The line written in syslog is trapped by a monitoring tool and someone
is warned.
This works fine...

What we want is
 1. to backup the file when mtime has changed (and keep x versions)
 2. execute a diff between new file and last backup and send it by
mail to so.

I don''t see any way to do 1.
If I try in the file type ... backup => puppet ... it doesn''t work.
The doc says it will be backed up before a change ( for ex with
source => ... ) but I don''t want to change it.

I can do sth like:
file { "test.txt": ... checksum => mtime }
exec{ "myscript": ... subscribe => File["test.txt"],
refreshonly =>
true }

with script "myscript" doing a backup, a diff and send the mail, but I
don''t want to reinvent everything.
How can I use a filebucket ?

NB: these config changes are made by a automatic deploiement system,
so we cannot manage it in Puppet. But we want to be warn when a change
occurs to avoid "accidental" manual changes...


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Don''t use Puppet for this, use AIDE or TRIPWIRE, or Samhain, or the
like.

On Tue, Mar 31, 2009 at 04:29, PL <pascal.lefevre.b@gmail.com>
wrote:
>
> This is the situation:
> We have a bunch of config files. We check if mtime changed.
> The line written in syslog is trapped by a monitoring tool and someone
> is warned.
> This works fine...
>
> What we want is
>  1. to backup the file when mtime has changed (and keep x versions)
>  2. execute a diff between new file and last backup and send it by
> mail to so.
>
> I don''t see any way to do 1.
> If I try in the file type ... backup => puppet ... it doesn''t
work.
> The doc says it will be backed up before a change ( for ex with
> source => ... ) but I don''t want to change it.
>
> I can do sth like:
> file { "test.txt": ... checksum => mtime }
> exec{ "myscript": ... subscribe => File["test.txt"],
refreshonly =>
> true }
>
> with script "myscript" doing a backup, a diff and send the mail,
but I
> don''t want to reinvent everything.
> How can I use a filebucket ?
>
> NB: these config changes are made by a automatic deploiement system,
> so we cannot manage it in Puppet. But we want to be warn when a change
> occurs to avoid "accidental" manual changes...
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mar 31, 2009, at 3:29 AM, PL wrote:
>
> This is the situation:
> We have a bunch of config files. We check if mtime changed.
> The line written in syslog is trapped by a monitoring tool and someone
> is warned.
> This works fine...
>
> What we want is
> 1. to backup the file when mtime has changed (and keep x versions)
> 2. execute a diff between new file and last backup and send it by
> mail to so.
>
> I don''t see any way to do 1.
> If I try in the file type ... backup => puppet ... it doesn''t
work.
> The doc says it will be backed up before a change ( for ex with
> source => ... ) but I don''t want to change it.
>
> I can do sth like:
> file { "test.txt": ... checksum => mtime }
> exec{ "myscript": ... subscribe => File["test.txt"],
refreshonly =>
> true }
>
> with script "myscript" doing a backup, a diff and send the mail,
but I
> don''t want to reinvent everything.
> How can I use a filebucket ?
>
> NB: these config changes are made by a automatic deploiement system,
> so we cannot manage it in Puppet. But we want to be warn when a change
> occurs to avoid "accidental" manual changes...

I think I actually opened a feature request for this, since I think  
it''s a good idea, but it''s not high on my priority list so I
don''t
think I''ll get to it any time soon.

I doubt we could easily add the ability to email diffs or anything,  
but you would get whatever was in the report, anyway, and you should  
be able to do your own diffs if you use a central filebucket.

I''ve also got some interesting ideas for a git-backed filebucket[1]  
which would make this much easier, but they also require quite a bit  
more effort and there are too many other things lined up in front of  
them.

1 - http://gist.github.com/77811

-- 
There are three kinds of death in this world. There''s heart death,
there''s brain death, and there''s being off the network. -- Guy
Almes
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Luke,

Would it not be preferable to be able to use a version control system
of the implemeters choice.
The reason being that some shops may have subversion skills already by
not git skills etc...

Best Regards

Martin

On Tue, Mar 31, 2009 at 5:48 PM, Luke Kanies <luke@madstop.com>
wrote:
>
> On Mar 31, 2009, at 3:29 AM, PL wrote:
>
>>
>> This is the situation:
>> We have a bunch of config files. We check if mtime changed.
>> The line written in syslog is trapped by a monitoring tool and someone
>> is warned.
>> This works fine...
>>
>> What we want is
>> 1. to backup the file when mtime has changed (and keep x versions)
>> 2. execute a diff between new file and last backup and send it by
>> mail to so.
>>
>> I don''t see any way to do 1.
>> If I try in the file type ... backup => puppet ... it
doesn''t work.
>> The doc says it will be backed up before a change ( for ex with
>> source => ... ) but I don''t want to change it.
>>
>> I can do sth like:
>> file { "test.txt": ... checksum => mtime }
>> exec{ "myscript": ... subscribe =>
File["test.txt"], refreshonly =>
>> true }
>>
>> with script "myscript" doing a backup, a diff and send the
mail, but I
>> don''t want to reinvent everything.
>> How can I use a filebucket ?
>>
>> NB: these config changes are made by a automatic deploiement system,
>> so we cannot manage it in Puppet. But we want to be warn when a change
>> occurs to avoid "accidental" manual changes...
>
>
> I think I actually opened a feature request for this, since I think
> it''s a good idea, but it''s not high on my priority list
so I don''t
> think I''ll get to it any time soon.
>
> I doubt we could easily add the ability to email diffs or anything,
> but you would get whatever was in the report, anyway, and you should
> be able to do your own diffs if you use a central filebucket.
>
> I''ve also got some interesting ideas for a git-backed
filebucket[1]
> which would make this much easier, but they also require quite a bit
> more effort and there are too many other things lined up in front of
> them.
>
> 1 - http://gist.github.com/77811
>
> --
> There are three kinds of death in this world. There''s heart death,
> there''s brain death, and there''s being off the network.
-- Guy Almes
> ---------------------------------------------------------------------
> Luke Kanies | http://reductivelabs.com | http://madstop.com
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---