Ask Your Question
0

Lost "self-healing" capability ...

asked 2013-04-15 17:31:32 -0500

Red Cricket gravatar image

updated 2013-04-22 14:21:37 -0500

Stefan gravatar image

I have the following simple init.pp for my class that keeps a DNS server's named.conf file update to date ...

class mydns {
  package { 'role-DNSmydns':
    ensure => present,
  }

  file { '/opt/DNS/conf/named.conf.puppet':
     ensure  => file,
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => Package['role-DNSmydns'],
     backup  => false,
     content => template('mydns/named.conf.erb'),
   }

   file { '/opt/DNS/conf/named.conf':
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => Exec['deploy_named_conf'],
   }

   file { '/opt/DNS/named/myzone.example.com.db':
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => File['/opt/DNS/conf/named.conf'],
     content => template('mydns/myzone.example.com.db.erb'),
   }

   service { 'named ...
(more)
edit retag flag offensive close merge delete

Comments

Fix your formatting! People are much less likely to answer your question when you can't be bothered to format it nicely.

ramindk gravatar imageramindk ( 2013-04-15 17:59:34 -0500 )edit
1

You're not actually monitoring /opt/DNS/conf/named.conf, only the puppet.conf.puppet file itself. I think you need to switch on audit on that file (http://docs ...(more)

ken gravatar imageken ( 2013-04-15 18:21:41 -0500 )edit

Thanks for the comment Ken, but I am still having trouble... could you look at the updated question? thanks!

Red Cricket gravatar imageRed Cricket ( 2013-04-15 21:22:53 -0500 )edit
1

Hi @Red Cricket - I've added a note to my answer, does this do the trick?

jonn gravatar imagejonn ( 2013-04-16 01:22:22 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
2

answered 2013-04-15 19:05:12 -0500

jonn gravatar image

updated 2013-04-16 01:21:36 -0500

Your exec only runs if /opt/DNS/conf/named.conf.puppet changes - that's the only file resource it is subscribed to. Puppet is not managing the content of named.conf at all - it only manages its permissions - so it doesn't do anything if the file content changes.

I originally suggested managing named.conf directly, but having seen Ken's comment above, I think that auditing is definitely the way to go. (I didn't appreciate that you could subscribe to audited files to pick up changes; for some reason I thought it was just a reporting mechanism. This ... (more)

edit flag offensive delete link more

Comments

Get rid of the refreshonly parameter of the Exec.

Ancillas gravatar imageAncillas ( 2013-04-15 23:16:49 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-04-15 17:31:32 -0500

Seen: 298 times

Last updated: Apr 22 '13