res_host - Clockwork Resource Type for /etc/hosts entries


The /etc/hosts file associates IP addresses to hostnames, without the use of external systems like NIS, LDAP or DNS. Through the host resource, a Clockwork policy can modify individual entries in /etc/hosts, without having to specify a complete map.



The hostname that the entry should map its IP address to.


The IPv4 or IPv6 address for this entry.


One or more hostname aliases. If multiple aliases are specified, they must be separated by a single space.


Basic Usage

Map to the hostname 'testhost1':

host "testhost1" {
    ip: ""

Alias Usage

Map to 'testhost1', but make 'test-1' and 'lab1' aliases:

host "testhost1" {
    ip:    ""
    alias: "test-1"
    alias: "lab1"

Same as above, but specify both aliases in a single directive:

host "testhost1" {
    ip:      ""
    aliases: "test-1 lab1"


Clockwork tries to be predictable and not clever. As such, it does not attempt to deal with certain edge cases that crop up when managing hosts file entries. Namely:

1. Consolidating Hosts

If /etc/hosts contains the following:   hosta   hostb   hostc

And the policy manifest only specifies these host resources:

host "hostb" { ip: "" }
host "hostc" { ip: "" }

Clockwork will not remove the entry for hosta. It won't even modify the entry for hostb, but will instead append a fourth:   hosta   hostb   hostc   hostb

2. Overlapping Canonical and Alias Hostnames

Clockwork does not try to reconciliate overlap between canonical hostnames and aliases. If you are experiencing issues in this space, please contact the developers so that we can understand your needs.




There is currently no way to remove a host entry.

There really should be an implicit dependency on /etc/hosts, if defined in the policy. That way, host resources take precedence over file resources, and administrators can push out a base /etc/hosts via res_file(5), and then tweak it with res_host.

Caveat #1 (see CAVEATS) could be side-stepped if a new attribute was introduced to: exclusive. This attribute could be set to "ip" or "hostname" and would instruct the fixup routines to kill off all other entries matching either the IP or the hostname (but not necessarily both).


Clockwork was designed and written by James Hunt.

The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License