On Thursday, June 14, 2012 6:00:21 AM UTC-7, PorkCharSui wrote: > > ... can Puppet detect if a user has changed a *.conf file him(her)self and > NOT do anything to that *.conf file? >
Nope! Puppet has no good way to tell the difference between: - A user using sudo to deliberately change a file, - A rogue or malicious process overwriting the file, - A package update replacing the file with a boilerplate one that lacks the modifications you need As far as I know, that kind of knowledge always has to come from out-of-band; there's nothing intrinsic in the file that can tell you about intent. But so anyway. Some possible approaches: - Investigate the file type's replace => false capability, for initializing files and then not managing content afterwards. - If you're comfortable having users able to edit their puppet.conf files, use environments. If a user changes their environment from "production" to "manual," you can have a selector statement in all of your conf file resources that sets the source (or content) to undef, which makes it unmanaged. This is good because environments show up in reports, so you can tell how many of your users have switched into manual mode. - If you aren't comfortable with opening up puppet.conf, you could also do the same thing with a fact, using the facts.d plugin in the puppetlabs-stdlib module. (Facts.d lets you treat the contents of a plain text file as a custom fact, and then expose that text files to users as a config file.) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nSkZNChOpokJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
