I have a file that I manage that requires the immutable bit set. Is there a way to only trigger the remove of the immutable bit if the file needs to be updated? To clarify a little, this is on a Red Hat Linux server. The file that I manage with puppet resource type file is /etc/resolv.conf.
The immutable bit is set on that file, so if any changes need to occur to that file they end up failing until the immutable bit is removed. Once the file is updated the immutable bit can be set back. The current config looks like this:
file { $resolv_conf_file:
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template("test/resolv.conf.erb"),
require => Exec['remove_immutable_bit'],
}
exec { "chattr":
command => "/bin/chattr +i $resolv_conf_file",
subscribe => File[$resolv_conf_file],
}
exec { "remove_immutable_bit":
command => "/bin/chattr -i $resolv_conf_file",
}
This configuration works, but it removes and adds the bit every time puppet runs. It would be nice if the remove_immutable_bit would only execute when necessary but I don't see a way to do this. My only thought is to have a file resource somewhere else and trigger the immutable part only if the file changes. Hopefully someone has a better idea than that.
Thanks
↧