Hi, I''ve recently upgraded our puppetmaster to 2.6. Mostly, everything is fine. However, one thing that I''ve noticed is that a 0.24 client, when replacing a file, will log the contents of the file in its syslog and also in its report emails. Mon Nov 15 14:50:30 +0000 2010 /Stage[main]/Misc-apps::Mms-app/Misc- apps::Misc-apps::Datasource[mms-ds.xml]/File[/usr/local/jboss/server/ mms/deploy/mms-ds.xml] (notice): Filebucketed to main with sum <?xml version="1.0" encoding="UTF-8"?> <datasources> <local-tx-datasource> <jndi-name>MMSDS</jndi-name> [... rest of file ...] A 0.25 client doesn''t do this; it will log something like Mon Nov 15 15:00:21 +0000 2010 /Stage[main]/Misc-apps::Bes-app/Misc- apps::Misc-apps::Datasource[bes-ds.xml]/File[/usr/local/jboss/server/ bes/deploy/bes-ds.xml]/content (notice): content changed ''{md5} ba6c7a361a64eb7768d8b790bae549a0'' to ''unknown checksum'' but never actually logs a message to say that it''s filebucketing file old file (although the old file _is_ preserved in the bucket) A 0.24 client talking to a 0.24 server logs this: Fri Jul 30 14:33:17 +0100 2010 //Node[jo-wsos-ap]/webgroups-app/build- user/File[/export/home/build/.ssh/known_hosts] (notice): Filebucketed to main with sum ade04634fd072069a1a474d78c572271 My config looks like this: filebucket { main: server => "puppetmaster.domain" } File { backup => main, } So; on to the question: Can I stop 0.24 clients from printing out file contents when taking to a 2.6 master ? It''s a bit of a security issue when the files contain passwords or other sensitive information - especially if it happens to get emailed out, or pushed onto the network via syslog. Cheers, Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nan Liu
2010-Nov-17 00:12 UTC
Re: [Puppet Users] Filebucket log messages include file content
On Mon, Nov 15, 2010 at 7:38 AM, Chris <chrismay50@gmail.com> wrote:> So; on to the question: Can I stop 0.24 clients from printing out file > contents when taking to a 2.6 master ? It''s a bit of a security issue > when the files contain passwords or other sensitive information - > especially if it happens to get emailed out, or pushed onto the > network via syslog.Check and see if show_diff is true: # puppetd --configprint show_diff false If so, set it to false in puppet.conf under the puppetd section. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Chris May
2010-Nov-17 09:48 UTC
Re: [Puppet Users] Filebucket log messages include file content
Hi Nan, On Wed, Nov 17, 2010 at 12:12 AM, Nan Liu <nan@puppetlabs.com> wrote:> On Mon, Nov 15, 2010 at 7:38 AM, Chris <chrismay50@gmail.com> wrote: > > So; on to the question: Can I stop 0.24 clients from printing out file > > contents when taking to a 2.6 master ? It''s a bit of a security issue > > when the files contain passwords or other sensitive information - > > especially if it happens to get emailed out, or pushed onto the > > network via syslog. > > Check and see if show_diff is true: > > # puppetd --configprint show_diff > false > > If so, set it to false in puppet.conf under the puppetd section. > >Nope; set to false for me $ /opt/csw/bin/puppetd --configprint show_diff false Thanks! Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.