Metaphorically, your management is asking you to drive nails with a
screwdriver. The right tool for the job here is facter, not puppet. (And puppet
already uses facter, so your management apparently doesn't understand the stack
here.) While this is ultimately their problem, it sounds like you have to act
as an enabler in order to keep your job and buy your groceries. Anyway, on to
the helpful stuff!
I have no idea what sort of thing is in this compliance report. I will assume
that it is checking which hosts have successfully completed a puppet agent run.
To deliberately fail this in your scenario I might:
-write a script which checks the value of PermitRootLogin
-script should exit with a non-zero status if the value is undesired
-package this script in a deb (or rpm on your platform)
-use puppet to distribute my deb everywhere
-use an exec to run the script
Then you will see the same style of failure as if you ran this:
$ puppet apply -e 'exec { "/bin/false": }'
err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0 failed:
/bin/false returned 1 instead of one of [0] at line 1
notice: Finished catalog run in 0.08 seconds
And that means the host is non-compliant.
Another item on my original point: ensure your communications with management
on this matter are all documented via email. When they finally figure out how
much technical debt they are accruing you will not wish to be left holding
their bag.
On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote:
> Understood, but is it possible to get it done via puppet? I've management
> requirement.
>
> On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote:
>
> You might be better off putting together a custom fact about this. Then
> you can check fact(s) on the host(s) without trying to
> manage-but-not-manage something inside puppet.
>
> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
> > How do I check content of a file in puppet?
> > ex: I want to see if "PermitRootLogin" is "no"
> in /etc/ssh/sshd_config
> > file (RHEL). If it's "yes" i want to show it on compliance report.
> For now
> > I don't want make any changes to the sshd_config file through
> puppet.
> > Here is something I have:
> > define line($file, $line, $ensure = 'present') {
> > $line = "PermitRootLogin no"
> > $file = "/etc/ssh/sshd_config"
> > case $ensure {
> > default : { err ( "unknown ensure value ${ensure}" ) }
> > present: {
> > warning/flag code:
> > unless => "/bin/grep '${line}' '${file}'"
> > }
> > }
> > }
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Puppet Users" group.
> > To view this discussion on the web visit
> > [1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
> > To post to this group, send email to [2][email protected].
> > To unsubscribe from this group, send email to
> > [3][email protected].
> > For more options, visit this group at
> > [4]http://groups.google.com/group/puppet-users?hl=en.
> >
> > References
> >
> > Visible links
> > 1. [5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
> Visible links
> 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> 2. javascript:
> 3. javascript:
> 4. http://groups.google.com/group/puppet-users?hl=en
> 5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> 6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
