Puppet users - Nov 2010 - Filebucket log messages include file content

Hi,

I''ve recently upgraded our puppetmaster to 2.6. Mostly, everything is
fine. However, one thing that I''ve noticed is that a 0.24 client, when
replacing a file, will log the contents of the file in its syslog and
also in its report emails.

Mon Nov 15 14:50:30 +0000 2010 /Stage[main]/Misc-apps::Mms-app/Misc-
apps::Misc-apps::Datasource[mms-ds.xml]/File[/usr/local/jboss/server/
mms/deploy/mms-ds.xml] (notice): Filebucketed to main with sum <?xml
version="1.0" encoding="UTF-8"?>
<datasources>
 <local-tx-datasource>
   <jndi-name>MMSDS</jndi-name>
[... rest of file ...]

A 0.25 client doesn''t do this; it will log something like

Mon Nov 15 15:00:21 +0000 2010 /Stage[main]/Misc-apps::Bes-app/Misc-
apps::Misc-apps::Datasource[bes-ds.xml]/File[/usr/local/jboss/server/
bes/deploy/bes-ds.xml]/content (notice): content changed ''{md5}
ba6c7a361a64eb7768d8b790bae549a0'' to ''unknown
checksum''

but never actually logs a message to say that it''s filebucketing file
old file (although the old file _is_ preserved in the bucket)

A 0.24 client talking to a 0.24 server logs this:

Fri Jul 30 14:33:17 +0100 2010 //Node[jo-wsos-ap]/webgroups-app/build-
user/File[/export/home/build/.ssh/known_hosts] (notice): Filebucketed
to main with sum ade04634fd072069a1a474d78c572271

My config looks like this:

filebucket { main: server => "puppetmaster.domain" }
File {
  backup => main,
}

So; on to the question: Can I stop 0.24 clients from printing out file
contents when taking to a 2.6 master ? It''s a bit of a security issue
when the files contain passwords or other sensitive information -
especially if it happens to get emailed out, or pushed onto the
network via syslog.

Cheers,

Chris

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mon, Nov 15, 2010 at 7:38 AM, Chris <chrismay50@gmail.com>
wrote:
> So; on to the question: Can I stop 0.24 clients from printing out file
> contents when taking to a 2.6 master ? It''s a bit of a security
issue
> when the files contain passwords or other sensitive information -
> especially if it happens to get emailed out, or pushed onto the
> network via syslog.
Check and see if show_diff is true:

# puppetd --configprint show_diff
false

If so, set it to false in puppet.conf under the puppetd section.

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Nan,

On Wed, Nov 17, 2010 at 12:12 AM, Nan Liu <nan@puppetlabs.com> wrote:
> On Mon, Nov 15, 2010 at 7:38 AM, Chris <chrismay50@gmail.com> wrote:
> > So; on to the question: Can I stop 0.24 clients from printing out file
> > contents when taking to a 2.6 master ? It''s a bit of a
security issue
> > when the files contain passwords or other sensitive information -
> > especially if it happens to get emailed out, or pushed onto the
> > network via syslog.
>
> Check and see if show_diff is true:
>
> # puppetd --configprint show_diff
> false
>
> If so, set it to false in puppet.conf under the puppetd section.
>
>
Nope; set to false for me

$ /opt/csw/bin/puppetd --configprint show_diff
false

Thanks!

Chris

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.