Auditing resources
Dry run mode, using the --noop switch, is a simple way to audit any changes to a machine under Puppet's control. However, Puppet also has a dedicated audit feature, which can report changes to resources or specific attributes.
How to do it…
Here's an example showing Puppet's auditing capabilities:
Modify your
manifests/nodes.ppfile as follows:node 'cookbook' { file { '/etc/passwd': audit => [ owner, mode ], } }Run Puppet:
ubuntu@cookbook:~/puppet$ papply Notice: /Stage[main]//Node[cookbook]/File[/etc/passwd]/owner: audit change: newly-recorded value 0 Notice: /Stage[main]//Node[cookbook]/File[/etc/passwd]/mode: audit change: newly-recorded value 644 Notice: Finished catalog run in 0.27 seconds
How it works…
The audit metaparameter tells Puppet that you want to record and monitor certain things about the resource. The value can be a list of the parameters which you want to audit.
In this case, when Puppet runs, it will now record the owner and mode of the /etc/passwd...
