当包含由 puppet 控制的文件的包即将更改该文件时,是否可以在控制台上收到通知?这意味着,在 yum 中执行 yum update 时,是否可以注入自定义警告?
答案1
Yum 支持插件,因此完全可以编写一个插件来读取缓存的 Puppet 清单,并在事务覆盖 Puppet 控制的文件时发出警告。我不知道现有的插件可以做到这一点,但我可能会自己写一个,因为我喜欢这个想法。
该插件会检查所有新安装/升级/降级的软件包,告诉您将覆盖哪些 puppet 管理的文件并要求您确认。
[root@camel ~]# yum update pam
Loaded plugins: puppet, security
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package pam.i386 0:0.99.6.2-12.el5 set to be updated
---> Package pam.x86_64 0:0.99.6.2-12.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================================
Updating:
pam i386 0.99.6.2-12.el5 base 983 k
pam x86_64 0.99.6.2-12.el5 base 982 k
Transaction Summary
===============================================================================================================================================================
Install 0 Package(s)
Upgrade 2 Package(s)
Total download size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): pam-0.99.6.2-12.el5.x86_64.rpm | 982 kB 00:00
(2/2): pam-0.99.6.2-12.el5.i386.rpm | 983 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.7 MB/s | 1.9 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/pam.d/system-auth
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/security/access.conf
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/security/limits.conf
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/pam.d/system-auth
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/security/access.conf
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/security/limits.conf
Is this ok [y/N]: n
Aborting
[root@camel ~]# yum update pam
Loaded plugins: puppet, security
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package pam.i386 0:0.99.6.2-12.el5 set to be updated
---> Package pam.x86_64 0:0.99.6.2-12.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================================
Updating:
pam i386 0.99.6.2-12.el5 base 983 k
pam x86_64 0.99.6.2-12.el5 base 982 k
Transaction Summary
===============================================================================================================================================================
Install 0 Package(s)
Upgrade 2 Package(s)
Total size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/pam.d/system-auth
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/security/access.conf
Installing pam-0.99.6.2-12.el5.i386 overwrites puppet-managed file /etc/security/limits.conf
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/pam.d/system-auth
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/security/access.conf
Installing pam-0.99.6.2-12.el5.x86_64 overwrites puppet-managed file /etc/security/limits.conf
Is this ok [y/N]: y
Updating : pam 1/4
Updating : pam 2/4
Cleanup : pam 3/4
Cleanup : pam 4/4
Updated:
pam.i386 0:0.99.6.2-12.el5 pam.x86_64 0:0.99.6.2-12.el5
Complete!
插件本身可以找到在我的 github hacks 仓库中。
2013 年 11 月 8 日更新:
正如评论中提到的,我现在将其变成了一个更大的项目,以改善 Yum 和 Puppet 之间的交互。您可以找到它在 GitHub 上。
答案2
是的,这是可能的,但这与 Puppet 本身无关。
Linux 系统支持通知机制“可用于监视文件系统事件并对其采取行动”。此外inotify-tools还有incron程序的工作原理与 cron 类似,但它对文件系统事件做出反应。我认为您可以使用它来接收有关任何文件更改的通知。
(顺便说一句,如果您想查看/etc/sysctl.conf文件,我建议在操作之前先检查一下——您的 Linux 是否支持/etc/sysctl.d目录?)
答案3
我不知道如何实现此类通知。也许可以通过暂存 yum 事务、确定可能受影响的配置文件列表,然后检查 puppet 是否管理其中任何一个来设置某些内容。
但是,一般来说,管理将由软件包更新的文件并不是一个好习惯。对于配置文件(使用 rpm -qlc packagename 查看它们是否被标记为配置文件),如果软件包包含新版本,则将其保存为 filename.rpmnew。然后,您可以自行决定合并任何所需的更改。
我们遇到了一个问题,即 puppet 删除了一个配置文件,然后在更新软件包时由 yum 替换。这会导致问题,直到下一次 puppet 运行删除了该文件。针对这种情况,我们的解决方法是将“已删除”文件的内容设置为注释,使其基本上为空。处理它的另一种方法是尝试确保 Package['a'] -> File['/etc/a'],以便只需要运行一次 puppet。