[Puppet Users] Variable Scoping = Root Canal
I've been struggling with puppet variable scope all day, well, for
several months actually.
I think I have pretty simple requirements. For any given node, I want
to be able to set a series of variables and include a set of classes,
based on three different aspects of a node, being physical location,
operating system, and function. If I try and do this with classes, I
find that variables set in a class included from a node, are not
visible to other classes included from that node.
node 'node1.fr.xxx.com' {
include facility::sjc
include ldap::client
}
In this example, variables defined in facility::sjc are not visible in
ldap::client (in this case, it would be the IP address of the local
LDAP server).
Another approach is to do everything with node inheritance, but in
order to model these three functions, you end up with nodes with names
like sjcDellBootServer or nycVmwareBootServer, which is just plain
stupid.
So... what am I missing here, and why is such a simple thing so
complicated in puppet? I'm not even sure if this email is lucid. I am
really annoyed and frustrated as hell.
Doug.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping = Root Canal
On 27 Giu, 09:02, Douglas Garstang doug.garst...@gmail.com wrote:
I've been struggling with puppet variable scope all day, well, for
several months actually.
I think I have pretty simple requirements. For any given node, I want
to be able to set a series of variables and include a set of classes,
based on three different aspects of a node, being physical location,
operating system, and function. If I try and do this with classes, I
find that variables set in a class included from a node, are not
visible to other classes included from that node.
node 'node1.fr.xxx.com' {
include facility::sjc
include ldap::client
}
In this example, variables defined in facility::sjc are not visible in
ldap::client (in this case, it would be the IP address of the local
LDAP server).
Another approach is to do everything with node inheritance, but in
order to model these three functions, you end up with nodes with names
like sjcDellBootServer or nycVmwareBootServer, which is just plain
stupid.
Node names don't need to adapt to inheritance's logic.
You can do something like:
node sjc {
ldap_server=10.10.10.10
}
node 'node1.fr.xxx.com' inherits sjc {
include ldap::client
}
When using nodes' inheritance the only real thing you've to care about
is to define variables BEFORE including any class.
So at the end it's better to include classes only in the node that
defines your host nad never in the intermediary nodes that can
represent facilities, networks or whatever.
On the other way, this also should work, if you want to define your
variables in a class:
class ldap::client {
include facility::sjc
do_something with ${facility::ldap_server} in this class
BUT if you need to use ${facility::ldap_server} in a template you
should reassing it to a local variable (dunno if the problem is the
colon or whatever I just found the problem and made a quick fix with
somehting like):
$my_ldap_server=${facility::ldap_server}
and use $my_ldap_server in the template.
}
I'd avoid to use inheritance in the included class (facility::sjc
should not inherit anything)
Dunno if I've been clear with this example. Hope it helps
Al
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping = Root Canal
I think you could do:
node 'node1.fr.xxx.com' {
include facility::sjc
$my_ldap_server = $facility::sjc::ldap_server
include ldap::client
}
On Sun, Jun 27, 2010 at 2:02 AM, Douglas Garstang
doug.garst...@gmail.comwrote:
I've been struggling with puppet variable scope all day, well, for
several months actually.
I think I have pretty simple requirements. For any given node, I want
to be able to set a series of variables and include a set of classes,
based on three different aspects of a node, being physical location,
operating system, and function. If I try and do this with classes, I
find that variables set in a class included from a node, are not
visible to other classes included from that node.
node 'node1.fr.xxx.com' {
include facility::sjc
include ldap::client
}
In this example, variables defined in facility::sjc are not visible in
ldap::client (in this case, it would be the IP address of the local
LDAP server).
Another approach is to do everything with node inheritance, but in
order to model these three functions, you end up with nodes with names
like sjcDellBootServer or nycVmwareBootServer, which is just plain
stupid.
So... what am I missing here, and why is such a simple thing so
complicated in puppet? I'm not even sure if this email is lucid. I am
really annoyed and frustrated as hell.
Doug.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping = Root Canal
On Sun, Jun 27, 2010 at 11:28 AM, Steve Neuharth
steve.neuha...@gmail.com wrote:
I think you could do:
node 'node1.fr.xxx.com' {
include facility::sjc
$my_ldap_server = $facility::sjc::ldap_server
include ldap::client
}
That seems to work. Not pretty though. I'll go see if it causes any
other problems, apart from rubbing my logical brain the wrong way.
Thanks.
Doug.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Yet more variable scoping pain.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I disagree. And I disagree with you. Not being able to do this is _REALLY_ annoying... no, it is absolutely right that this isn't possible. Actually, we would have a lot more pain if this would be possible. cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwnp3kACgkQbwltcAfKi39yogCfexT5vqG+Llardua0GUPEH/fb S6gAn0aFw17Q/YyQtb0Qsz/8umBac5At =Rgk6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Borked Client Cert in 0.25
Here we go with puppet 0.25 certificate problems again. I had a system where puppet was running fine. I reinstalled it. Running puppet on the client causes this: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key. Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, who responds with: [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com kick01.fr.xxx.com notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' I then rerun puppet on the client and I am getting the same error. I must have done this hundreds of times with 0.24.8. What am I doing wrong now? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Borked Client Cert in 0.25
On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang doug.garst...@gmail.com wrote: Here we go with puppet 0.25 certificate problems again. I had a system where puppet was running fine. I reinstalled it. Running puppet on the client causes this: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key. Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, who responds with: [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com kick01.fr.xxx.com notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' I then rerun puppet on the client and I am getting the same error. I must have done this hundreds of times with 0.24.8. What am I doing wrong now? Doug. *sigh* On the client, I removed the puppet rpm, blew away /var/lib/puppet, and reinstalled the puppet rpm again. Started puppet, it requested a certificate (but it logged nothing on the client about it, even in debug mode), signed it on the server, and I am still getting this on the client. warning: peer certificate won't be verified in this SSL session info: Caching certificate for kick01.fr.xxx.com err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key *sigh* Puppet is on crack. Even when the server isn't running, I STILL get this error! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Borked Client Cert in 0.25
On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote: On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang doug.garst...@gmail.com wrote: Here we go with puppet 0.25 certificate problems again. I had a system where puppet was running fine. I reinstalled it. Running puppet on the client causes this: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key. Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, who responds with: [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com kick01.fr.xxx.com notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' I then rerun puppet on the client and I am getting the same error. I must have done this hundreds of times with 0.24.8. What am I doing wrong now? Doug. *sigh* On the client, I removed the puppet rpm, blew away /var/lib/puppet, and reinstalled the puppet rpm again. Started puppet, it requested a certificate (but it logged nothing on the client about it, even in debug mode), signed it on the server, and I am still getting this on the client. warning: peer certificate won't be verified in this SSL session info: Caching certificate for kick01.fr.xxx.com err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key *sigh* Puppet is on crack. Even when the server isn't running, I STILL get this error! I think I know what the problem is. I ran into this exact error message before. Try this: Step 1, run this on client: service puppet stop rm -R /var/lib/puppet Step 2, run this on server: puppetca --clean kick01.fr.xxx.com #Make sure to change this back Step 3, run this on client: #Restart the client how ever you like. I recommend this for testing: puppetd --test --verbose --debug I'm pretty sure this will work. If it does, I'll by happy to explain why you got all those different error messages. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping = Root Canal
Yup, I hear ya. This was a pain until I realized that the only
variables defined in nodes are inherited from node to node. The
variables defined in classes that are included by the node must be
expressed using the variable's full context. I just ended up mapping
certain variables to other variables in my server templates and it
seems to work fine. Modules will invariably use different variable
names for the same information so it seems like this kind of duct tape
is unavoidable.
--steev
tel: (612) 840-6253
On Jun 27, 2010, at 1:39 PM, Douglas Garstang
doug.garst...@gmail.com wrote:
On Sun, Jun 27, 2010 at 11:28 AM, Steve Neuharth
steve.neuha...@gmail.com wrote:
I think you could do:
node 'node1.fr.xxx.com' {
include facility::sjc
$my_ldap_server = $facility::sjc::ldap_server
include ldap::client
}
That seems to work. Not pretty though. I'll go see if it causes any
other problems, apart from rubbing my logical brain the wrong way.
Thanks.
Doug.
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Complex templating
On Sun, Jun 27, 2010 at 3:20 AM, Daniel Pittman dan...@rimspace.net wrote:
Douglas Garstang doug.garst...@gmail.com writes:
On Sat, Jun 26, 2010 at 8:00 PM, Daniel Pittman dan...@rimspace.net wrote:
R.I.Pienaar r...@devco.net writes:
- Douglas Garstang doug.garst...@gmail.com wrote:
I've not quite figured out how to do complex templating in puppet yet.
[...]
Anyone know how I could do this?
I find concatenated snippets work well for this kind of problem.
http://github.com/ripienaar/puppet-concat
*nod* They are pretty much the best solution available at this time.
I must be missing something fundamental then, because I am getting this:
Could not run Puppet configuration client: Could not find dependent
Exec[concat_/tmp/foo] for File[/_tmp_foo/fragments/10__tmp_foo] at
/etc/puppet/modules/concat/manifests/fragment.pp:45
Did you follow the examples in the documentation of the module, and that
R.I.Pienaar pointed you to?
Can you post the code that isn't working for you?
My guess is that you have not included the setup and overall file target
sections, only a fragment, but without seeing what you wrote we could only
guess at what you had actually done...
Using the simple use case example in the comments at the top of
concat/init.pp, simply,
node 'test01.fr.xxx.com' {
concat::fragment{
foo.com_config:
target = /etc/somefile,
content = template(dhcp/host.erb);
}
}
That's it. I figured it would take the contents of dhcp/host.erb and
append it to /etc/somefile, but instead I get the error:
Could not run Puppet configuration client: Could not find dependent
Exec[concat_/etc/named.conf] for
File[/_etc_named.conf/fragments/10_foo.com_config] at
/etc/puppet/modules/concat/manifests/fragment.pp:45
And now that I think about it... isn't this incredibly
inefficient? Doesn't the client basically have to reconstruct the file
from scratch every time?
Doug.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping = Root Canal
On Jun 27, 7:38 pm, Douglas Garstang doug.garst...@gmail.com wrote:
The problem with doing something with ${facility::ldap_server} is
that it should really be called ${facility::sjc::ldap_server}, and
when you do that, you completely destroy the whole point of
inheritance. The ldap client module itself should not directly
reference the ${facility::sjc::ldap_server} variable, otherwise I
would see one ldap module for each facility!
Doug
Ok, right. Then you can do something like:
class ldap::client {
include facility
use ${facility::ldap_server} in this class
}
And in the facility class manage the logic to assign to ldap_server
the value you want according to the actual facility (this might be a
variable you define in nodes or a custom fact).
Al
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping = Root Canal
On Jun 27, 8:25 pm, Douglas Garstang doug.garst...@gmail.com wrote:
On Sun, Jun 27, 2010 at 12:48 AM, Al @ Lab42 lab42...@gmail.com wrote:
On 27 Giu, 09:02, Douglas Garstang doug.garst...@gmail.com wrote:
I've been struggling with puppet variable scope all day, well, for
several months actually.
I think I have pretty simple requirements. For any given node, I want
to be able to set a series of variables and include a set of classes,
based on three different aspects of a node, being physical location,
operating system, and function. If I try and do this with classes, I
find that variables set in a class included from a node, are not
visible to other classes included from that node.
node 'node1.fr.xxx.com' {
include facility::sjc
include ldap::client
}
In this example, variables defined in facility::sjc are not visible in
ldap::client (in this case, it would be the IP address of the local
LDAP server).
Another approach is to do everything with node inheritance, but in
order to model these three functions, you end up with nodes with names
like sjcDellBootServer or nycVmwareBootServer, which is just plain
stupid.
Node names don't need to adapt to inheritance's logic.
You can do something like:
node sjc {
ldap_server=10.10.10.10
}
node 'node1.fr.xxx.com' inherits sjc {
include ldap::client
}
When using nodes' inheritance the only real thing you've to care about
is to define variables BEFORE including any class.
So at the end it's better to include classes only in the node that
defines your host nad never in the intermediary nodes that can
represent facilities, networks or whatever.
That's awful. If you can't build an inheritance tree from generic to
specific, and assign variables at each step, that's a loss of a lot of
functionality, and just about makes everything impossible.
You misunderstood. You can assign variables at each step in the
inheritance tree, and redefine them at more specific node steps.
It's just important to include whatever classes you need in your node
at the end of the inheritance tree, at the host-node level.
You could actually include classes in step-nodes only if they don't
use variables that might be defined (or redefined) at more specific
steps. That's why it's safer to include classes at the end, at host-
node level and define your variables, according to whatever logic you
need, in the nodes inheritance tree.
And, even if I do that, only including classes in the final node...
class A {
$var = 1
}
class B {
do something with $var
}
node A {
include class A
include class B
}
This doesn't work! But, it's doing what you suggested. Class B does
not have access to $var, because it's out of scope. This is exactly
what I want to do. I want to define an LDAP server variable in class
A, and then use it in class B.
Doug
You can do something like:
class B {
include A
do something with ${A::var}
}
or, cleaner, define all your variables in a separated subclass that
can be included by every class that needs these variables (included
the same A class):
class B {
include A::params
do something with ${A::params::var}
}
class A {
include A::params
# These A variables can be shared by other classes that include
A::params
}
Would this work?
Al
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping = Root Canal
On Jun 27, 3:02 am, Douglas Garstang doug.garst...@gmail.com wrote: So... what am I missing here, and why is such a simple thing so complicated in puppet? I'm not even sure if this email is lucid. I am really annoyed and frustrated as hell. The only way I've found to do this and stay sane is to use extlookup.rb [0]. I resisted [1] for a while, since I kept telling myself that surely there had to be a good way to do this using only the base puppet functionality, but my life got much better once I gave in. [0] http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php [1] http://groups.google.com/group/puppet-users/browse_thread/thread/86c76e705b4ebe6c All the best, Brian Pitts -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Variable Scoping = Root Canal
Brian wrote: On Jun 27, 3:02 am, Douglas Garstang doug.garst...@gmail.com wrote: So... what am I missing here, and why is such a simple thing so complicated in puppet? I'm not even sure if this email is lucid. I am really annoyed and frustrated as hell. The only way I've found to do this and stay sane is to use extlookup.rb [0]. Of interest perhaps here is that we're looking to put RI's extlookup function into core with 2.6 and adding JSON and YAML back-ends to the existing CSV back-end. Regards James Turnbull -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
