Issue #4943 has been updated by Nigel Kersten. Status changed from Needs more information to Accepted
Here's a more up to date description, but I'm keeping the original around for historical reasons. We are building a new application, "inspect". This application examines the local catalog on disk as produced by an "agent" run, finds all resources that have the audit metaparameter set on any of their properties, and retrieves the state of those properties. It does not need to do any sorting of relationships between resources. It simply inspects their current state. It does not need to wait for "agent" if it is already running. It is entirely orthogonal to "agent", but relies upon artifacts that "agent" produces. It should not need a lockfile. There is no problem with multiple "inspect" runs occurring at once. It will never run in daemon mode. It is a onetime run. So far, everything is local. It consumes the local catalog and inspects the relevant resource properties. The result of this inspection will however be sent to the report server as defined in the [agent] config block. If the config option "report" is set to false, or report_server is undefined, then the "inspect" run should not happen, and an error should be thrown, as inspection implies the functionality of reporting to a report_server (by our definition). The "inspect" application should ignore settings such as "reports=log". It will always behave as if "reports=store" is set. It should also be possible to define another config block [inspect] that specifies a different report server, and we should also be able to specify this on the command line. ---------------------------------------- Feature #4943: Puppet single executable should support audit feature. https://projects.puppetlabs.com/issues/4943 Author: Nan Liu Status: Accepted Priority: Normal Assignee: Nan Liu Category: Target version: Affected Puppet version: Keywords: Branch: puppet audit should be the equivalent of puppet agent --noop but with auditing of resources. It should also support --report to submit results to puppet master. (maybe this should be puppet agent --audit/puppet apply --audit instead?) puppet audit should support the following features: * Create a state.yaml file after auditing the existing system state against the catalog. * Generate a list of resources that are out of compliance. This is similar to puppet agent --noop. * Compare the system against a known state. i.e. audit the system current state against an state.yaml file from 2010/1/1. This will be helpful in conjunction with the negate tag feature request: http://projects.puppetlabs.com/issues/1107 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
