January 12, 2011
This came up in a discussion last week so I thought I’d work up a
functional plugin to let people enhance.
Yum currently has some nifty verify() functionality – mostly exposed on
the cli via the verify plugin. It does all the things that rpm -V does
but it has nicer output and can be configured a lot more.
One thing that’s always bugged me is that in all the verification
processes we’ve never taken into account the checksums or other value
changes that we intentionally make and know about in config management
systems like cfengine, bcfg2 or puppet.
In yum, now, we have a plugin hook for the file verification process for
this specific point. It allows us to add in the values that we should
see from the config mgmt system so that if the files on disk don’t match
what was originally in the rpm package but do match what we intended to
see from the config mgmt changes then it doesn’t alert about it.
So here’s the reverify plugin and accompanying scripts – just a simple,
working, proof of concept.
obviously change the paths to not be in my homedir.