Ask Your Question

Lost "self-healing" capability ...

asked 2013-04-15 17:31:32 -0600

Red Cricket gravatar image

updated 2013-04-22 14:21:37 -0600

Stefan gravatar image

I have the following simple init.pp for my class that keeps a DNS server's named.conf file update to date ...

class mydns {
  package { 'role-DNSmydns':
    ensure => present,

  file { '/opt/DNS/conf/named.conf.puppet':
     ensure  => file,
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => Package['role-DNSmydns'],
     backup  => false,
     content => template('mydns/named.conf.erb'),

   file { '/opt/DNS/conf/named.conf':
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => Exec['deploy_named_conf'],

   file { '/opt/DNS/named/':
     owner   => 'root',
     group   => 'root',
     mode    => '0440',
     require => File['/opt/DNS/conf/named.conf'],
     content => template('mydns/'),

   service { 'named ...
edit retag flag offensive close merge delete


Fix your formatting! People are much less likely to answer your question when you can't be bothered to format it nicely.

ramindk gravatar imageramindk ( 2013-04-15 17:59:34 -0600 )edit

You're not actually monitoring /opt/DNS/conf/named.conf, only the puppet.conf.puppet file itself. I think you need to switch on audit on that file (http://docs ...(more)

ken gravatar imageken ( 2013-04-15 18:21:41 -0600 )edit

Thanks for the comment Ken, but I am still having trouble... could you look at the updated question? thanks!

Red Cricket gravatar imageRed Cricket ( 2013-04-15 21:22:53 -0600 )edit

Hi @Red Cricket - I've added a note to my answer, does this do the trick?

jonn gravatar imagejonn ( 2013-04-16 01:22:22 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2013-04-15 19:05:12 -0600

jonn gravatar image

updated 2013-04-16 01:21:36 -0600

Your exec only runs if /opt/DNS/conf/named.conf.puppet changes - that's the only file resource it is subscribed to. Puppet is not managing the content of named.conf at all - it only manages its permissions - so it doesn't do anything if the file content changes.

I originally suggested managing named.conf directly, but having seen Ken's comment above, I think that auditing is definitely the way to go. (I didn't appreciate that you could subscribe to audited files to pick up changes; for some reason I thought it was just a reporting mechanism. This ... (more)

edit flag offensive delete link more


Get rid of the refreshonly parameter of the Exec.

Ancillas gravatar imageAncillas ( 2013-04-15 23:16:49 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-04-15 17:31:32 -0600

Seen: 331 times

Last updated: Apr 22 '13