Trigger when on any package change
65 views
Skip to first unread message
GeekBiker
Sep 29, 2011, 3:22:01 PM9/29/11
to Puppet Users
I need to exec a program if ANY packages have been modified (added,
removed, updated, etc). I tried subscribing to Package with a
wildcard, but that isn't supported.
Is there any way to trigger an exec if there were any packages changes
were made or if yum was executed?
Specifically, I need to execute "rkhunter --propupd" so we will stop
getting false alarms whenever we update a bunch of systems.
removed, updated, etc). I tried subscribing to Package with a
wildcard, but that isn't supported.
Is there any way to trigger an exec if there were any packages changes
were made or if yum was executed?
Specifically, I need to execute "rkhunter --propupd" so we will stop
getting false alarms whenever we update a bunch of systems.
Matthias Pigulla
Sep 30, 2011, 2:20:39 PM9/30/11
to puppet...@googlegroups.com
Does
Package<||> ~> exec { ..., refreshonly => true }
do the trick?
-mp.
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
GeekBiker
Sep 30, 2011, 10:01:50 PM9/30/11
to puppet...@googlegroups.com
I suspect that is in a later version than we are using at the moment. We plan to upgrade, but aren't in a rush.
Nigel Kersten
Oct 1, 2011, 11:14:56 AM10/1/11
to puppet...@googlegroups.com
Does it matter if you run this at the end of every puppet run? Is the command itself idempotent?
Or do you need to run it immediately after any package change?
Ohad Levy
Oct 1, 2011, 4:02:42 PM10/1/11
to puppet...@googlegroups.com
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
>
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
>
you could setup a file resource on the rpm db file with mtime, which
notifies an exec, something like
file {"/var/lib/rpm": checksum => mtime, notify => Exec...}
this way every time that file would change, your exec would be triggered.
Ohad
GeekBiker
Oct 6, 2011, 9:01:15 PM10/6/11
to puppet...@googlegroups.com
Run once after everything is the desirable result if any packages have been added, removed, or updated.
devon
Oct 7, 2011, 4:26:40 PM10/7/11
to Puppet Users
One option would be to create a define to use as a wrapper around
"package". Something like this:
define package::special($ensure) {
package { $name:
ensure => $ensure,
}
exec { "rkhunter-$name":
command => "rkhunter --propupd",
refreshonly => true
subscribe => Package[$name],
}
}
Then you'd just use package::special, instead of package by itself:
package::special { "openssh":
ensure => latest,
"package". Something like this:
define package::special($ensure) {
package { $name:
ensure => $ensure,
}
exec { "rkhunter-$name":
command => "rkhunter --propupd",
refreshonly => true
subscribe => Package[$name],
}
}
Then you'd just use package::special, instead of package by itself:
package::special { "openssh":
ensure => latest,
Reply all
Reply to author
Forward
0 new messages