Retrieve initial content of files when using audit => content
274 views
Skip to first unread message
Martin Willemsma
Sep 27, 2012, 10:03:53 AM9/27/12
to Puppet Users
Hi,
I want to audit some files on content and planned to do this with puppet filebucket. Lets say for example that I have a list of audit_files as a parameter from puppet dashboard with a list of files to audit.
Output from ENC for this particular parameter:
audit_files: "[\"/etc/passwd\",\"/etc/resolv.conf\", \"/tmp/mawi\", \"/etc/httpd/conf.d/welcome.conf\",\"/etc/httpd/conf.d/README\", \"/etc/httpd/conf/magic\"]"
When I use this in my manifest this works and the files goto bucket. I get the bucket md5 sum for each file in the same run using a wrapper script.
In my manifest I iterate of the items in $::audit_files
== init.pp START ==
if $::audit_files {
$files_array = parsejson($::audit_files)
notify {
$files_array :
}
audit {
$files_array :
}
}
== init.pp END ==
I have a define to audit content and tag the files. The Exec does the actual backup of the file.
== audit.pp START ==
define audit($audit_dir = $fileview::params::audit_dir, $audit_script = $fileview::params::audit_script) {
# backup files only when it contents changes or never seen before
file { "fileview_${name}":
path => "${name}",
audit => content,
backup => main,
tag => "fileview",
}
# backup file to filebucket
exec { "fileview_audit_${name}":
command => "${audit_dir}/${audit_script} ${name}",
timeout => 10, # command should succeed within 10 seconds
logoutput => on_failure,
refreshonly => true,
subscribe => File["fileview_${name}"],
}
}
== audit.pp END ==
Problem here how do I get the initial content of the file? My solution only works after a modification on one of the files in $::audit_files. e.g. I added /etc/group to be put under audit. In the next run I get a notice
notice: /Stage[main]/Fileview/File[/etc/group]/content: audit change: newly-recorded value {md5}6dd97730fafbf2edde45314e000d138f
Is there any way I can get the content with that sum? Using filebucket with that sum results in nothing.
I read something similar in a post http://serverfault.com/questions/264122/custom-fact-to-copy-bar-file-from-all-puppet-clients-to-main-puppet-server
quote:
""This causes /etc/group to be uploaded to the server when (a) it changes or (b) it hasn't been seen before. Then, on the server you can use the 'puppet filebucket' utility to check out the data the clients sent. This is way better than putting it in a fact.""
point(a) is true, point(b) is not. If this was true I could reach my goal using this function. Any suggestions on how to get content of files that are not managed by puppet?
--
Kind Regards,
Martin Willemsma
I want to audit some files on content and planned to do this with puppet filebucket. Lets say for example that I have a list of audit_files as a parameter from puppet dashboard with a list of files to audit.
Output from ENC for this particular parameter:
audit_files: "[\"/etc/passwd\",\"/etc/resolv.conf\", \"/tmp/mawi\", \"/etc/httpd/conf.d/welcome.conf\",\"/etc/httpd/conf.d/README\", \"/etc/httpd/conf/magic\"]"
When I use this in my manifest this works and the files goto bucket. I get the bucket md5 sum for each file in the same run using a wrapper script.
In my manifest I iterate of the items in $::audit_files
== init.pp START ==
if $::audit_files {
$files_array = parsejson($::audit_files)
notify {
$files_array :
}
audit {
$files_array :
}
}
== init.pp END ==
I have a define to audit content and tag the files. The Exec does the actual backup of the file.
== audit.pp START ==
define audit($audit_dir = $fileview::params::audit_dir, $audit_script = $fileview::params::audit_script) {
# backup files only when it contents changes or never seen before
file { "fileview_${name}":
path => "${name}",
audit => content,
backup => main,
tag => "fileview",
}
# backup file to filebucket
exec { "fileview_audit_${name}":
command => "${audit_dir}/${audit_script} ${name}",
timeout => 10, # command should succeed within 10 seconds
logoutput => on_failure,
refreshonly => true,
subscribe => File["fileview_${name}"],
}
}
== audit.pp END ==
Problem here how do I get the initial content of the file? My solution only works after a modification on one of the files in $::audit_files. e.g. I added /etc/group to be put under audit. In the next run I get a notice
notice: /Stage[main]/Fileview/File[/etc/group]/content: audit change: newly-recorded value {md5}6dd97730fafbf2edde45314e000d138f
Is there any way I can get the content with that sum? Using filebucket with that sum results in nothing.
I read something similar in a post http://serverfault.com/questions/264122/custom-fact-to-copy-bar-file-from-all-puppet-clients-to-main-puppet-server
quote:
""This causes /etc/group to be uploaded to the server when (a) it changes or (b) it hasn't been seen before. Then, on the server you can use the 'puppet filebucket' utility to check out the data the clients sent. This is way better than putting it in a fact.""
point(a) is true, point(b) is not. If this was true I could reach my goal using this function. Any suggestions on how to get content of files that are not managed by puppet?
--
Kind Regards,
Martin Willemsma
Reply all
Reply to author
Forward
0 new messages