1

I am totally new to Puppet. I am using Puppet Enterprise 3.7 and have a lab set up with a puppet master and puppet agents running on Linux CentOS. The primary aim is to use Puppet automation as an auditing and patching tool. I would like to audit all my agent servers for what packages that are installed in it and then push them to patch if required. I have done a fair bit of reading but the information i get is very vague.

I would appreciate any help on how and where to start with the process. I know it is a vague question, but any help would be much appreciated.

Thanks

kishore nath
  • 31
  • 3
  • This question is way too broad. Please add at least some references to what you read, and why you don't think it is helpful to you. – Felix Frank Feb 10 '15 at 16:50

1 Answers1

1

For auditing, there is a native Puppet metaparameter of audit:

file { '/etc/hosts':
  audit => [ owner, group, mode ],
}

Puppet will then generate auditing log messages, which are available in your standard Puppet reports:

audit change: previously recorded value owner root has been changed to owner james

(Taken from the PuppetLabs blog post about auditing)

For patch-management, it's a bit different. You shouldn't really think of Puppet as a patch-management tool. It can do it, because Puppet can do anything that any script or manual work can perform/

One approach that you can use Puppet patch-management for is:

  • Manage your own mirrors of external package repositories with Puppet
  • Control when you update those mirrors when a patch comes out Have
  • Puppet update packages on a rough schedule with an Exec resource, cron-job etc.

There's a pretty good ServerFault post explaining this approach here.

Community
  • 1
  • 1
Peter Souter
  • 5,110
  • 1
  • 33
  • 62