bailey86
2012-Aug-04 17:55 UTC
[Puppet Users] How can puppet help with change control of /etc
Hi, I''ve used etckeeper before and it puts the contents of /etc/ into a local git repository. This means that I can easily see any changes which have been made to anything in /etc/ However, I need to look after a SLES server - and etckeeper is not available. Also, I''m looking to upgrade server management to Puppet. Is there anyway Puppet can be used to manage /etc/ - i.e. act as a sort of code repository for /etc? Thanks for any help. Kevin Bailey -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/c5kV-fi1VGcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Stuart Cracraft
2012-Aug-04 18:24 UTC
Re: [Puppet Users] How can puppet help with change control of /etc
I use Puppet to track /etc for any changes, backing up the changed files and original, capture forensics, and then track it down. Making /etc a derived repository sounds like you''re pushing back the problem of surprise production changes one step back. /etc should be for files that are manually copied in and installed or automatically *AFTER* a human reviews them thoroughly BEFORE the configuration management starts tracking it via hash checksums. Puppet Enterprise has an audit keyword and with exec one can track and collect extract lsof/top/last/who/ps, with backup you can capture the changed file and preserve it. But the same can easily be done with Open Puppet and we have it. Works fine for this kind of tracking/capture activity. The point is that people (maybe even you) are tweaking your system at odd times, destabilizing production. Puppet could watch that like a hawk. To derive from a git repository, one possibility, you''d exec a git of each of file on top of the equivalent file in /etc from /etc/.git and track it using the above, for example - but I''d push the git source back onto the Puppet Master, not on the local box being managed. On Aug 4, 2012, at 10:55 AM, bailey86 <bailey86@gmail.com> wrote:> Hi, > > I''ve used etckeeper before and it puts the contents of /etc/ into a local git repository. This means that I can easily see any changes which have been made to anything in /etc/ > > However, I need to look after a SLES server - and etckeeper is not available. Also, I''m looking to upgrade server management to Puppet. > > Is there anyway Puppet can be used to manage /etc/ - i.e. act as a sort of code repository for /etc? > > Thanks for any help. > > Kevin Bailey > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/c5kV-fi1VGcJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
bailey86
2012-Aug-05 15:52 UTC
Re: [Puppet Users] How can puppet help with change control of /etc
Thanks for that. So it looks like it''s possible. I''ll get the Puppet Pro book and start working through my way through it. Kevin On Saturday, August 4, 2012 7:24:58 PM UTC+1, Stuart Cracraft wrote:> > I use Puppet to track /etc for any changes, backing up the changed files > and original, capture forensics, and then track it down. > > Making /etc a derived repository sounds like you''re pushing back the > problem of surprise production changes one step back. > /etc should be for files that are manually copied in and installed or > automatically *AFTER* a human reviews them thoroughly > BEFORE the configuration management starts tracking it via hash checksums. > > Puppet Enterprise has an audit keyword and with exec one can track and > collect extract lsof/top/last/who/ps, with backup > you can capture the changed file and preserve it. But the same can easily > be done with Open Puppet and we have it. Works > fine for this kind of tracking/capture activity. > > The point is that people (maybe even you) are tweaking your system at odd > times, destabilizing production. Puppet could > watch that like a hawk. > > To derive from a git repository, one possibility, you''d exec a git of each > of file on top of the equivalent file in /etc from /etc/.git > and track it using the above, for example - but I''d push the git source > back onto the Puppet Master, not on the local box being > managed. > > On Aug 4, 2012, at 10:55 AM, <xxxx@gmail.com <bailey86@gmail.com>> wrote: > > Hi, > > I''ve used etckeeper before and it puts the contents of /etc/ into a local > git repository. This means that I can easily see any changes which have > been made to anything in /etc/ > > However, I need to look after a SLES server - and etckeeper is not > available. Also, I''m looking to upgrade server management to Puppet. > > Is there anyway Puppet can be used to manage /etc/ - i.e. act as a sort of > code repository for /etc? > > Thanks for any help. > > Kevin Bailey > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/c5kV-fi1VGcJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/pvbIF8sYJTEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Possibly Parallel Threads
- puppet bug in File selector ?
- Ubuntu Execution of '/etc/puppet/etckeeper-commit-pre' returned 1:
- 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
- puppet client server connection refused when I use puppet kick
- Could not retrieve catalog from remote server: Error 400 on SERVER: cannot generate tempfile `/var/lib/puppet/yaml/facts/vagrant1.localdomain.yaml20131009-16545-8oie5i-9'