Puppet users - Sep 2012 - Retrieve initial content of files when using audit => content

Hi,

I want to audit some files on content and planned to do this with puppet
filebucket. Lets say for example that I have a list of audit_files as a
parameter from puppet dashboard with a list of files to audit.

Output from ENC for this particular parameter:

audit_files: "[\"/etc/passwd\",\"/etc/resolv.conf\",
\"/tmp/mawi\",
\"/etc/httpd/conf.d/welcome.conf\",\"/etc/httpd/conf.d/README\",
\"/etc/httpd/conf/magic\"]"

When I use this in my manifest this works and the files goto bucket. I get
the bucket md5 sum for each file in the same run using a wrapper script.

In my manifest I iterate of the items in $::audit_files

== init.pp START =
 if $::audit_files {
        $files_array = parsejson($::audit_files)
        notify {
            $files_array :
        }
        audit {
            $files_array :
        }
 }

== init.pp END =
I have a define to audit content and tag the files. The Exec does the
actual backup of the file.

== audit.pp START =
define audit($audit_dir = $fileview::params::audit_dir, $audit_script
$fileview::params::audit_script) {

    # backup files only when it contents changes or never seen before
    file { "fileview_${name}":

      path => "${name}",
      audit  => content,
      backup => main,
      tag => "fileview",

    }

    # backup file to filebucket
    exec { "fileview_audit_${name}":

        command => "${audit_dir}/${audit_script} ${name}",
        timeout => 10,     # command should succeed within 10 seconds
        logoutput => on_failure,
        refreshonly => true,
        subscribe => File["fileview_${name}"],
    }
}

== audit.pp END =
Problem here how do I get the initial content of the file? My solution only
works after a modification on one of the files in $::audit_files. e.g. I
added /etc/group to be put under audit. In the next run I get a notice

notice: /Stage[main]/Fileview/File[/etc/group]/content: audit change:
newly-recorded value *{md5}6dd97730fafbf2edde45314e000d138f*

Is there any way I can get the content with that sum? Using filebucket with
that sum results in nothing.

I read something similar in a post
http://serverfault.com/questions/264122/custom-fact-to-copy-bar-file-from-all-puppet-clients-to-main-puppet-server

quote:
""This causes /etc/group to be uploaded to the server when (a) it
changes
or (b) it hasn''t been seen before. Then, on the server you can use the
''puppet filebucket'' utility to check out the data the clients
sent. This is
way better than putting it in a fact.""

point(a) is true, point(b) is not. If this was true I could reach my goal
using this function. Any suggestions on how to get content of files that
are not managed by puppet?

-- 
Kind Regards,

Martin Willemsma

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.