Detecting cowboy'd changes in a Juju Env
Ian Booth
ian.booth at canonical.com
Mon May 12 23:54:39 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Joey
>
> I'm curious to know if there is any reliable mechanism to detect a
> cowboyed change inside a juju environment and then report them.
>
> A non-juju synonym of what I'm trying to accomplish would be with puppet
> managing a system's /etc directory. If that directory is under some RCS
> you can diff it and tell what changes have been made. I'd like to do
> something similar within a juju environment.
>
I assume you are talking about someone using the juju set-env command to change
an environment value, and knowing that that has happened. Right now, AFAIK,
there's no tooling in Juju that provides a packaged solution for what you want.
Currently, Juju's initial environment state comes from the environments.yaml
file at bootstrap, which is transformed into a yaml <envname>.jenv file inside
the $JUJU_HOME/environments directory. Each set-env invocation also leaves
information in the server side log files. So theoretically you could determine
if changes have been made and who did it, by combining information from get-env
with the sources just mentioned. Clearly, this is not ideal.
A topic of discussion at the recent Juju sprint was to add audit logging to
Juju. I *think* that topic has slipped off the todo list for the next cycle. So
I don't personally have a good answer for you right now. Perhaps someone else
can chime in with a better answer?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iJwEAQECAAYFAlNxXzoACgkQCJ79BCOJFcYdNQP/QZp8MIC5uG1eaEvGh20GR6v1
50FLMmpjw4/BjMGvSxmJDaahocHYGhAeuasSbzRUpkT7s0CRk2g5SkfhxSL3ZXsa
6hV3+kTzbl1yshSNWcyWcHIHTW3JAE3N7+aoQaXsPTOxpzryTrAUfqgyITZs1nqf
iQzYk9EGCUYw0+sGmzc=
=+Oom
-----END PGP SIGNATURE-----
More information about the Juju
mailing list