Auditing resources
Dry run mode, using the --noop switch, is a simple way to audit any changes to a machine under Puppet's control. However, Puppet also has a dedicated audit feature, which can report changes to resources or specific attributes.
How to do it...
Here's an example showing Puppet's auditing capabilities:
Modify your
site.ppfile as follows:node 'cookbook' { file { '/etc/passwd': audit => [ owner, mode ], } }Run Puppet:
[root@cookbook clients]# puppet agent -t Info: Caching catalog for cookbook.example.com Info: Applying configuration version '1413789080' Notice: /Stage[main]/Main/Node[cookbook]/File[/etc/passwd]/owner: audit change: newly-recorded value 0 Notice: /Stage[main]/Main/Node[cookbook]/File[/etc/passwd]/mode: audit change: newly-recorded value 644 Notice: Finished catalog run in 0.55 seconds
How it works...
The audit metaparameter tells Puppet that you want to record and monitor certain things about the resource. The value can be a list of the parameters that...
