Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

john.bollin...@stjude.org (jcbollinger) writes:

 On May 14, 8:52 am, Simon J Mudd sjm...@pobox.com wrote:
 
  However, from the discussion a few things strike me:
 
  1. the use of parameterised classes is recommended heavily. I've just
  found out about this new feature inspite of using puppet for a long
  time. Hence many recipes that I'm using are not paremeterised and I
  have a large number of similar classes. This is certainly worth fixing
  but is quite a painful transition to make given the number of systems
  in use and the chance of creating heavy breakage during that change.
  So if you haven't used parameterised classes much that's the first
  thing that needs looking at.
 
 If you have a complex set of manifests that do not use parameterized
 classes, then I think it much safer to coalesce similar classes with
 the help of extlookup() than by attempting to switch to parameterized
 classes.

Perhaps. To some extend my non-parameterised classes are _very_ similar
in many ways except for various parameters (creation of logical volumes
and filesystems, version of mysql to use, creation of certain cron jobs
for importing informtation into a configuration database, and other crons
for doing standard jobs, etc) Most of the completely common stuff
has been taken out. However, using extlookup() doesn't really work for
me right now for a simple reason I haven't yet mentioned. I'd further
like to have a lookup_by_key() function [let's say similar to the extlookup()
one provided now] but also a lookup_by_regexp() function where I can match
groups of boxes, in my case mainly based on regexps of their hostnames
rather than on specific $hostname, or $domain, etc Without that
I need to add more entries to match by lots of hostnames, which doesn't
work.

So I'd like something like 

$mount_point = lookup_by_regexp( 'mount_point', $hostname, 'regexp_file', '' ) 
# parameters: lookup_item, lookup_value, regexp file to lookup, default
$lvsize  = lookup_by_regexp( 'lvsize',  $hostname, 'regexp_file', '' )
class db_lvconfig { db_lvconfig: mount_point = $mount_point, lvsize = $lvsize 
} # note: other default parameters not shown like: owner, group, mode, vgname, 
lvname

and have in the .csv file something like 

mount_point,/dbservera/,/mount_point/for/servera
mount_point,/dbserverb/,/mount_point/for/serverb
mount_point,/dbserverc/,/mount_point/for/serverc
lvsize,/dbservera/,100G
lvsize,/dbserverb/,200G
lvsize,/dbserverc/,300G

Then if $hostname = 'dbservera-001'
it would get $lvsize = '100G', and $mount_point = '/mount_point/for/servera'

If I have 10 dbservera-xxx boxes then this keeps the config simple and the
.csv files much smaller.

 There are a couple of important ways (other than
 parameterization itself) by which parameterized classes differ from
 non-parameterized ones, and the more complex your current manifests,
 the more likely these are to bite you if you parameterize existing
 classes.

Perhaps. for most of my cases I don't think that's the case. I'm
slowly adjusting the configuration of several classes to use
parameterised classes but even these still work nicely with
extlookup() alternatives such as the currently unimplemented
lookup_by_key() or lookup_by_regexp() alternatives I'm thinking of
using.

 Note, however, that it is the use of extlookup() *as an alternative to
 class parameterization* that the style guide recommends against.  Do
 not take it as a blanket recommendation against using the feature.

I'm not.  You need to have a very considered mindset to build
_everything_ top down using an ENC and classes or globalvariables.  If
using global variables as heavily as puppet seem to imply then ensuing
that you have a clear naming policy for this is quite important to
avoid unexpected name clashes (or mistakes) which might go unnoticed.
So I'd certainly like to see real world examples of complete
configurations to be fully convinced this works well. Perhaps after
moving a configuration to use extlookup() type mechanisms it then
becomes easier to make a further step up to get to the ENCs style
Puppetlabs reccommends.  However, with system configuration being a
continual ongoing process I tend to think that a 100% ENC-only style
build using only parameterised classes is going to be a hard thing to
achieve in practice. And the global variables just don't convince me
yet. Perhaps I still have to see the light.

 Note also that another part of the Style Guide's approach is that
 classes should avoid including other classes.  Although it may not be
 immediately obvious, that goes hand-in-hand with extensive use of
 parameterized classes.  Do take that into consideration as you
 evaluate the Style Guide's recommendations.

Hm.. well building bigger blocks from smaller ones tends to be a good
practice to follow, so this recommendation seems counterintuitive.
I'll have to lookup the section and see if they explain why, but guess
it's because the intention is you build your server

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

Hi John,

john.bollin...@stjude.org (jcbollinger) writes:

...

 Let's not cast things in terms of correctness, except insomuch as
 whether they reliably produce the desired effect on clients.

Indeed. As always there is more than one way to solve a problem.

 Depending on what you're trying to do with Puppet, however, it is
 certainly true that some approaches to structuring your manifests will
 make them easier to write and maintain than will others.  Personally,
 when writing specializations into my manifests, I find it useful to
 keep in mind the question of *why* a particular host or group of hosts
 is different from others.  I have yet to run into an answer that
 didn't fall into one of these categories, or a combination of them:
 
 1) It has a functional role that some other systems do not

In my case 90% of the differences are functional differences, often
expressed as part of the hostname.

 2) Its network environment requires differences from some other
 systems.

There may be some minor differences here but they are the exceptions
rather than the rule.

 3) It's just special

I have a few of these too.

 It has worked well for me so far to model roles via (unparameterized)
 classes, assigned to nodes via their node declarations.  That leaves
 only one level between common and node-specific where I might need
 to customize data.

Yes, I have db_server::type_a and db_server::type_b, ...

 (That intermediate level could in principal be
 parameterized by network domain, but in my case it is by subnet.)
 Most of my nodes do not require per-node customization, so I don't end
 up with many data files for extlookup.

In my case one db_server is pretty much similar to another one. Things
vary such as mysql version to use (normally pretty constant), partitions
to mount and their location(s), cron jobs to setup.

All of these are lower level classes which are almost the same except
for a few parameters. I also started with non-parameterised classes so
created a large number of nearly duplicate classes and now I'm
beginning to parameterise some of these the total number of classes
should drop much more easily. Of course if I can lookup the parameters
from a data source (extlookup or similar) then I can pretty much
make many classes identical: all they do is pickup the required
parameters and apply them.

 
 
   Moreover, I disagree with several of the opinions and conclusions in
   your post:
 
   1) You write: The extlookup() functionality only allows [...
   specifying implicitly ...] where to look for this value.  That is
   false.  Extlookup does provide for configuration of a standard set of
   CSV files to search (which can be parameterized by nodes' facts), but
   the function also has an optional parameter to specify a specific file
   to be searched first on any given invocation.
 
  Perhaps coming from a database background, I'd like to mirror what
  seems more _natural_ and having values spread around over potentially
  a large number of files seems non-intuitive.
 
 
 If extlookup use would indeed require you to maintain a large number
 of separate files then that might be a good reason to find something
 better, but in all likelihood you can avoid that, or else structure it
 in a sane way.  Consider also:
 
 When you work with a database, do you normally focus on how it maps
 data to the host filesystem?

Focus no. Again as mentioned I try to simplify the structure by
normalising it.  Here I see I want to lookup a parameter ( say
partition size ) from somewhere and I need to find it for a server
called $hostname. If I can't find a parameter for $hostname, I may be
happy if I find the same parameter for $domain, or if not I may be
happy with some default value. _My_ preference is to look that up in
one place. Also as mentioned in a different message, doing this lookup
via a regexp might nicely enable me to keep the list of entries short.

 Given the diverse data parameterization you described, if you created
 a database for your configuration data, would you really organize
 everything into a single table?  (And what would be its key?)

yes:

CREATE TABLE lookup_table ( 
config_item VARCHAR(200) NOT NULL,
lookup_value VARCHAR(200) NOT NULL,
return_value VARCHAR(200) NOT NULL
PRIMARY KEY ( config_item, lookup_value )
)

SELECT return_value FROM lookup_table WHERE config_item = 'lvsize' AND 
lookup_value = 'myhostname001'

provides a fast lookup of the value. If that fails you can do

SELECT return_value FROM lookup_table WHERE config_item = 'lvsize' AND 
lookup_value = 'example.com'

for a more generic response. If that fails you can do:

SELECT return_value FROM lookup_table WHERE config_item = 'lvsize' AND 
lookup_value = 'DEFAULT'

Yes, I'm fully aware this could be normalised better but given the
limited number of entries it's trivial to understand, trivial to
maintain fast to access. The 3 SELECTs could be optimised into a
_single_ more complex SELECT adding 

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

r...@devco.net (R.I.Pienaar) writes:

 - Original Message -
  john.bollin...@stjude.org (jcbollinger) writes:
  
  Perhaps. To some extend my non-parameterised classes are _very_ similar
  in many ways except for various parameters (creation of logical volumes
  and filesystems, version of mysql to use, creation of certain cron jobs
  for importing informtation into a configuration database, and other crons
  for doing standard jobs, etc) Most of the completely common stuff
  has been taken out. However, using extlookup() doesn't really work for
  me right now for a simple reason I haven't yet mentioned. I'd further
  like to have a lookup_by_key() function [let's say similar to the 
  extlookup()
  one provided now] but also a lookup_by_regexp() function where I can match
  groups of boxes, in my case mainly based on regexps of their hostnames
  rather than on specific $hostname, or $domain, etc Without that
  I need to add more entries to match by lots of hostnames, which
  doesn't work.
 
 I think you're really trying to just avoid thinking in the puppet way instead
 trying to force some previous ideas on how things should work on it rather
 than figure out how it works.
 
 For example, you could just define a fact on your machines that indicate what
 role they have - perhaps based on your regex hostnames - and then use that in
 extlookup to select csv file to use.  That would achieve your goal and it 
 would
 be the puppet way of solving it.

Currently I build nodes.pp from an external source and that provides
the node with it's basic class (and hence role). So that's not needed.

One of the irritating things I see when we discuss puppet is the
inevitable I can't describe my complete problem as it's
[confidential] my site specific, so you can't have a full
understanding of what I'm doing or why I'm doing it wrong, or provide
me a precise, clear explanation of how better to solve my original
problem.

We talk in generics and that means we never fully understand each
other.  I guess the reasons are obvious but it's probably frustrating
to us all.

Nevertheless this thread I started has helped me clarify several
things so I appreciate the time you've spent discussing them with me.

Simon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

Hi John,

While you obviously disagree with me, thanks for taking the time to
reply. I may be looking at the problem the wrong way which is why
I'm trying to figure out if that's the case and why.

john.bollin...@stjude.org (jcbollinger) writes:

 On May 13, 8:07 am, jcbollinger john.bollin...@stjude.org wrote:
 
 I agree that it is silly to suppose that extlookup() is a universal
 solution, but personally, I don't take that impression from web
 comments in the first place.  In fact, Puppet Labs's own recently
 updated style guide recommends against using extlookup(), though that
 position is controversial.

Interesting. I wasn't aware of that. A colleague is starting to 
use extlookup() for other functionality and if this may not be
ideal we may need to reconsider.

 I also agree that for some sites, a richer / more powerful lookup
 feature might be needed.
 
 On the other hand, extlookup() is easy to set up and use, and it is
 powerful enough for most needs.  If you need a more powerful data
 lookup function then you would be lucky to find a canned one that
 meets all your needs.

Perhaps but I don't see it as being that bad, and it seems to be
the closest thing to a solution I could find at the moment. My current
recipes (perhaps incorrectly) are heavily customised in a way
which often is not just host specific or domain specific. Hence
the need to override the default settings. Other settings though
may need this thus requiring this to be more dynamic.

 Moreover, I disagree with several of the opinions and conclusions in
 your post:
 
 1) You write: The extlookup() functionality only allows [...
 specifying implicitly ...] where to look for this value.  That is
 false.  Extlookup does provide for configuration of a standard set of
 CSV files to search (which can be parameterized by nodes' facts), but
 the function also has an optional parameter to specify a specific file
 to be searched first on any given invocation.

Perhaps coming from a database background, I'd like to mirror what
seems more _natural_ and having values spread around over potentially
a large number of files seems non-intuitive.

 2) You would prefer looking up data via a compound key (config_item,
 lookup_value) rather than via a simple key (config_item).  You rightly
 observe that this would sometimes allow fewer files to be used than
 are needed in the current implementation, because different values for
 the same item could be distinguished by the lookup_value instead of
 by the file in which they reside.  The trade-off, however, is that
 every lookup is more expensive, because on average the function would
 need to read more lines, and to perform a more complex analysis on
 each one.  In your blog you suggest a DB backend, but that's not
 really relevant because by that point you have a completely different
 function than extlookup().  And even a DB performs multi-key queries
 slower than single-key searches.

Not if they are part of the primary key. That's part of the point.
Any modern database can sustain thousands of queries a second doing this.
However, you are right small sites may not want to go this way to 
start with unless configuration using a database is trivial.

 3) You argue that your suggested formulation of extlookup would be
 clearer as the configuration is more explicit then the current
 extlookup() definition.  I think you're missing the point.  It would
 indeed be clearer from which file the data would come, but the
 objective of extlookup is to separate the *definition* of the data as
 much as possible from the *use* of the data.  And I like that.  I
 prefer that my manifests _not_ specify a bunch of details to every
 extlookup() call, because that would obscure the details that are
 important at the manifest level.

ok. This perhaps is a different point of view we have. extlookup()
looks like a function. As such it's nice if the function given the same
input provides the same output. Otherwise confusion is easy.
As written it's clear if you do extlookup('dns_server') that you are
getting a dns server result. In many of the examples provided
the expected use case is: check first for the host, then the domain,
then ., but that's not specific, _and_ may be important.
Where the dns_server info is coming from is IMO important, as is how
you are trying to look it up (the order of the parameters in the search).
_How_ it gets retrieved (.csv file, db backend, ...) is _not_
something which I care about as probably that mechanism is likely to
be static and stable amongst all recipes.

 4) You seem to want to use an arbitrary-length list of values as your
 lookup key, but I don't see how that can work while retaining the
 apparent objective of reducing the number of data files that must be
 associated with your configuration and retaining the use of CSV.

The .csv files are currently lookup_key,lookup_value. AFAIK there is
no limit on either parameter's size. I'm only suggesting a third
grouping/column item_type, 

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

r...@devco.net (R.I.Pienaar) writes:

  Let me not be taken as an extlookup() zealot.  I do like the design
  as it is, but that doesn't mean it is ideal -- or even good -- for every
  purpose.  One of the advantages of Puppet, however, is that it is
  fairly easy to modify and extend.  If you would like an alternative
  lookup facility then by all means, write one.  If you are community-
  minded then you could consider sharing it; the Puppet Forge (http://
  forge.puppetlabs.com/) makes it easy to do that.
  
  You may also be interested in some of the extlookup() author's
  comments about it (http://www.devco.net/archives/2009/08/31/
  complex_data_and_puppet.php).  He hangs out here, so you may also
  hear from him directly.
  
 
 So extlookup wasnt written as a be-all and end-all of data sources.
 
 I recognized we want data and code separation and of course I could write
 an ENC but I also recognized that I could do something generic that would
 solve a large % of cases for people to push out the point at which they 
 need an ENC a bit later or in many cases entirely.  I hoped I could solve
 it in a way that adds some value like make it easier to write configurable
 modules and to do so in a way that people without programming backgrounds
 can grasp and use and make their manifests a bit better.
 
 With this in mind I wrote extlookup aiming to solve the most common problems.
 
 I am not against ENCs I think big/complex shops absolutely must have them and 
 I
 think a lot of the extlookup bashers missed this point - if you are big
 enough or complex enough where extlookup doesnt work for you then you've
 probably reached a legitimate point where investing time in writing an 
 ENC is time well spent.  And you're also not any more the the target audience
 extlookup was created for.

That's an interesting thought and also something I'm not sure of the answer to.
Personally I'm responsible for managing quite a few database servers, but the
company of course has several more severs of different types what we manage
besides that.

When I looked at the ENCs it seems to approach (if I understand how
they should be written) the problem from a different point of
view. That is provide: a list of global variables, and a list of
classes which should be defined for each node. That requires thinking
about the problem in quite a different way to the extlookup()
functionality which basically says: give me this value, and now based
on that I can decide what to do...  That's my understanding of the view
views of how to configure a system. If that's right one thing I don't like
with the ENCs is the fact that it appears to use and rely on a large number
of global variables which are then used by the classes.  As systems get more
complex that strikes me as not being good as the class behaviour may
change depending on the scope of where something comes from and how it's 
included
and that's not clear. I've already been tripped up by not setting a global 
variable
correctly (or using the wrong name) and not noticing and of course behaviour
changes.  So I still think it's clearer if you can do:

$ip_address = extlookup( parameters to get an ip address )
$interface  = extlookup( parameters to get an interface name )
interface::check{ $interface: ip_address = $ip_address }

than

inteface::check{ $global_interface1: ip_address = $global_ip_address1 }

as in the latter case it's not clear where these 2 values come
from. Their names are also less intuitive and if you have a number of
these to set then it gets worse.

 You should though just look at extlookups code, its extremely simple and easy
 to understand (especially since Jesse rewrote my ancient crappy code) and 
 this 
 should let you hack up solutions that solves your problems.

Ive tried to keep away from Ruby. Perhaps that's a real issue but yes, given
the idea is certainly sound, extending in a way that's more appropriate to my
perceived needs seems a sane approach.

 Puppet is a framework, its very hackable, its easy to write functions and 
 types,
 easy to copy them out to all your servers and make it work in new and 
 interesting
 ways.  So I totally encourage you to use extlookup as a example and solve the 
 problem in your own way or even to evaluate writing your own ENC.

One way or another I am probably going to go down that path. For the reasons
stated earlier building a complete ENC means that everything depends on it.
using a extlookup() type functionaliy initially at least makes the change seem
less imposing. However, if used heavily in the end it's doing just the same 
thing,
but a different way.

Thanks for your comments.

Simon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

kc7...@gmail.com (Patrick) writes:

 On May 14, 2011, at 12:55 AM, Simon J Mudd wrote:

...

  Not if they are part of the primary key. That's part of the point.
  Any modern database can sustain thousands of queries a second doing this.
  However, you are right small sites may not want to go this way to 
  start with unless configuration using a database is trivial.
 
 As a side note, putting the information in a csv file should make it
 much easier to version along with the rest of your files.  I assume,
 though I could easily be wrong, that most DBs aren't easy to version
 control using GIT and Subversion.

Using GIT or subversion, no. But versioning the configuration in the
database is hardly difficult to do. (If you got that far you have
enough infrastructure and expertise to solve this).

 That means (using csv files) you can keep your data in lockstep with
 the version of the config files.

Indeed and I think that's nice. So the only time this becomes an issue
is when the load on the puppet master to provide the lookup based on
the extlookup() calls is sufficiently high to be a problem. When it's
a problem you override the csv lookup to work the same based on some
sort of db lookup alternative.

Simon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

john.bollin...@stjude.org (jcbollinger) writes:

 In fact, Puppet Labs's own recently updated style guide recommends
 against using extlookup(), though that position is controversial.

I found the URL: http://docs.puppetlabs.com/guides/style_guide.html

The extlookup() Function

Modules should avoid the use of extlookup() in favor of ENCs or other 
alternatives.

The statement is clear, but it would be nice to know the reasoning.
That is if there's a problem with extlookup() then it would be good to
know what it is. This may have been discussed elsewhere but it
shouldn't be necessary to have to go and search for this.

Simon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/

[Simon J Mudd]

sjm...@pobox.com (Simon J Mudd) writes:

 john.bollin...@stjude.org (jcbollinger) writes:
 
  In fact, Puppet Labs's own recently updated style guide recommends
  against using extlookup(), though that position is controversial.
 
 I found the URL: http://docs.puppetlabs.com/guides/style_guide.html
 
 The extlookup() Function
 
 Modules should avoid the use of extlookup() in favor of ENCs or other 
 alternatives.
 
 The statement is clear, but it would be nice to know the reasoning.
 That is if there's a problem with extlookup() then it would be good to
 know what it is. This may have been discussed elsewhere but it
 shouldn't be necessary to have to go and search for this.

In the end I did. 
http://groups.google.com/group/puppet-users/browse_thread/thread/34e4dfb4828a2835/d9f6d8d6c7bba841?show_docid=d9f6d8d6c7bba841
It is a good read. However, from the discussion a few things strike me:

1. the use of parameterised classes is recommended heavily. I've just
found out about this new feature inspite of using puppet for a long
time. Hence many recipes that I'm using are not paremeterised and I
have a large number of similar classes. This is certainly worth fixing
but is quite a painful transition to make given the number of systems
in use and the chance of creating heavy breakage during that change.
So if you haven't used parameterised classes much that's the first
thing that needs looking at.

2. Does puppet provide an ENC? The dashboard? Again if you're not
using one switching over is a heavy tasks as you have to define
_everything_ first before you can use it. (that's how it seems to
me). I recently attended a puppet master course and it's content was
interesting, but despite there was little emphasis on this sort of
thing getting the high level design right and more on the nitty
gritty of the usage of the lower-level resource types. To push the use
of an ENC it seems that this higher level planning would be most helpful.
Also a real-life overview of how this would be implemented.  Saying how to
configure an ssh server doesn't count. I'd be interested in the deployment
of a series of database servers, their configuration, setup, and how 
to take into account differences between one set of boxes and another.
If I can relate to a use case that fits my own (using an ENC) and there's
a way to slowly bring in more systems into using this ENC then it makes
it easier to follow that path.

The alternative of using an extlookup() behaviour does indeed have the
inconvenience of hiding some behaviour depending on external aspects
which are picked up by the extlookups, but if you already have working
recipes perhaps and aren't using an ENC this gives you a way to
clearly remove the conditional logic the recipes currently have. It's
then a smaller step up to using an ENC if you want to go that
way. For those that don't it still becomes reasonably clear where the
configuration is parameterised and how/why that's done, so it's still
a more flexible approach.

Judging from people I've listened to at the last puppet camp there are
many ways to use puppet. Sites vary from small to very large and
there's no clear one solution fits all. So I'm inclined to agree
that a extlookup() [ or get_config_by_key lookup] mechanism may work
fine for a lot of people.  As long as you know and understand the
limitations of the approach you are taking that's fine.

Again the ENC setup described to me at the course I went on did not
mention parameterised classes, but simple variable settings and
classes.  I guess that will change as perhaps if you use parameterised
classes the enc should do nothing other than provide a definition of
the parameterised classes to use and their initial setup valus. Removing the 
global variables would ensure that each class's behaviour is encapsulated
only by it's input parameters and that does sound much more reasonable.

Simon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: MySQL Restart

[Simon J Mudd]

doug.garst...@gmail.com (Douglas Garstang) writes:

 I've got a mostly working puppet manifest for mysql, except for one problem.
 
 I'm using the RPM from the MySQL web site, and the packagers of this
 RPM in their infinite wisdom decided that the mysql service should be
 automatically started when the RPM was installed.

See http://bugs.mysql.com/bug.php?id=27072

If you don't like this behaviour tell Sun.

I use something like this, simplified (somewhat) which causes no problems.

# Installation of MySQL server binaries
class mysql::server {
package {
[ MySQL-server-communitiy ]:
ensure = installed,
notify = Exec[ chkconfig_mysql ]
}

# Configure the service.
# - Do NOT ensure enabled as this is carried out by chkconfig_mysql.
service { mysql:
hasrestart = true,
hasstatus  = true,
require= Package[MySQL-server-community],
}

exec { chkconfig_mysql:
path= [ /sbin, /bin ],
command = chkconfig --levels 345 mysql on,
unless  = chkconfig --list mysql | grep -q 
'3:$chkconfig_state.*4:$chkconfig_state.*5:on',
require = Package[MySQL-server-community],
}
}

Simon

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: copying files back to puppet master?

[Simon J Mudd]

Hi Luke,

l...@madstop.com (Luke Kanies) writes:

  ...
 
  I think you should have a look to the filebucket[1]. It might not be
  exactly what you are asking for, but it might still help you.
 
  No, not really but thanks for the pointer. As I said my idea would be
  to use this to manage local configuration files, but to manage them
  centrally.
 
  In a previous job using cvs and cfengine I used this to allow us to
  maintain local configuration files normally pushed to the central
  server, but under configuration control could also be used to push out
  the same files on to a different box for example to replace a failed
  server.
 
  To be fair I don't expect puppet to do all of this, but it would be
  nice if the current file: resource/protocol could potentially work in
  both directions.  This would open up a lot of possibilities.
 
 This will at least be possible internally with the code in 0.25 (which  
 looks like it'll go rc1 this week, I think just one more ticket), but  
 I don't know how it would actually be useful for the client.

On the client it's NOT useful, but that's not the point. Perhaps my
vision of a system like puppet is slightly different, but to manage a
whole group of servers, and not just think about a single specific
server. Hence my comment before about using a technique like this to
allow files perhaps not pushed out by puppet to be managed centrally
and if needed these older configurations could be later pushed back to
the same or perhaps a different server. I haven't thought out all the
details but I can see this as an alternative way of cloning configs
from a specific server.

 I've been thinking about what you're looking for, though, and I think  
 it would make more sense to directly integrate filebuckets into a  
 version control system - the client would back modified files up to  
 the server, the server would automagically check those files into a  
 version control repository (into a branch named after the host, I  
 assume), and then you could do whatever comparisons you wanted to your  
 heart's content.

Yes, that's basically the idea. It allows sysadmins to not be fearful
about changes they make as they would be tracked and thus easier to
revert should the need arise.

I can see this being useful for managing changes in:
- system and user cron jobs
- user ~/.[bash]profile or  ~/.bashrc
- user ~/.ssh/config type files
- ...

While puppet may not be pushing out these changes all of a sudden you
have these files under control. Potentially you could also add some 
sort of extra hooks (on the server) when these changes are collected
to do certain actions such as send out emails or whatever.

 I've actually got a basic proof of concept of at least replacing the  
 filebucket store with git done[1].  It's just the client-side pieces,  
 you'd need to add the server-side pieces that created the branch and  
 such, but I don't think that would be a ton of work, and it'd provide  
 everything you want while integrating nicely with how Puppet already  
 backs files up to the server.
 
 1 - http://gist.github.com/77811

I'll have a look. Thanks for taking the time to considering what I was
asking.

Simon


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] copying files back to puppet master?

[Simon J Mudd]

Hi all,

Puppet is used mainly for managing resources on the servers it manages,
and as such files and software may be distributed from the puppet master
to the clients as part of the management or configuration process.

That's fine.

The puppet installation where I work has evolved starting from a site
with no puppet to a site where most of the servers are puppetised with
the intention being on doing a complete deploy exclusively using puppet.

However, as not all aspects of all resources on the server are managed
by puppet there is room for the administators to make mistakes. As such
we often want to version control configuration information on the server
which protects against mistakes but also allows us to see when changes
were made, either automatically (by puppet) or manually.

If I'm not mistaken it's not possible to use the file resource for
copying files back to the puppet master.  Is that correct?

This functionality would be most useful, especially if we combine
this with some revision control system. If we did something like
this the files to be returned back to the puppet master (assuming
they change) would need to be copied back to a location like
/puppet_master_path/site_and_hostname/host_path/filename. The advantage of
doing this in puppet is that you don't need to ensure that extra firewall
holes are opened, and that in principal at least the same file resource
could be used. It might be necesssary to additionally qualify/authorise
back to master transfers for security reasons.

A feature like this is much easier to manage than doing this outside of
puppet. It is also much easier to compare the configuration of a number of
different similar servers if the files are located on the same server,
especially as the number of managed servers increases.

So is this possible at the moment in puppet, and if not is it a feature
that might be interesting to others?  How are others tackling problems
like this?

Simon

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: copying files back to puppet master?

[Simon J Mudd]

brice-pup...@daysofwonder.com (Brice Figureau) writes:

...

  If I'm not mistaken it's not possible to use the file resource for
  copying files back to the puppet master.  Is that correct?
 
 Yes it is correct.

ok.

...

 I think you should have a look to the filebucket[1]. It might not be
 exactly what you are asking for, but it might still help you.

No, not really but thanks for the pointer. As I said my idea would be
to use this to manage local configuration files, but to manage them
centrally.

In a previous job using cvs and cfengine I used this to allow us to
maintain local configuration files normally pushed to the central
server, but under configuration control could also be used to push out
the same files on to a different box for example to replace a failed
server.

To be fair I don't expect puppet to do all of this, but it would be
nice if the current file: resource/protocol could potentially work in
both directions.  This would open up a lot of possibilities.

Simon


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How to use definitions with common resources?

[Simon J Mudd]

philipp.hanselm...@gmail.com (philipp Hanselmann) writes:

 Simon J Mudd schrieb:

...

 #NOTE: generate is executed on the puppetmaster.
  $download_dir = generate(/usr/bin/env,bash,'-c',/bin/
  mktemp)
 
  With this every time your definition get used it will choose an random
  folder in your /tmp.
  
 
  Thanks. The idea is good, but it doesn't quite work.
 
  1. The script unfortunately contains account information
 user/passwords for the application's initial installation. Hence
 /root/tmp is better as only root users can access this directory.
 
 1.) With
 mktemp -p /root

Sure. If I'd wanted a random directory I would have done something like that.
The point is that puppet is SLOW at copying files from the master to the client.
Anything that's not a small file takes a while and syncing a directory like
this  (with say 50-100 scripts) gets very tedious. So I'm reluctant to:

copy from master, run, deleteevery 30 minutes on several hundred boxes.
Hence the optimisation of leaving the install script in one place and using
it to decide if any work needs doing. This is just a wrapper around the
vendor provided install binary which is NOT copied with puppet as puppet is
too slow (and the binary is about 20MB).

 3.) Clean-up of the random folder?
 
 may something like this helps?
 
 exec { $install_script/$software_env:
  command = $download_dir/$install_script ... appropriate 
 parameters ...   rm Rf $download_dir,
  onlyif  = ... test if software not installed ...,
  require = File[$download_dir/$install_script]
  }

Not quite. You'd need to have a separate Exec run dependent on the
File[$download_dir/$install_script] as the command shown is not
always run (see onlyif) and thus the rm would not be triggered.

In many ways a post_exec or cleanup =   would be handy which _is_
always run even if command isn't.

And remember part of the problem of this original post was that the
setup of the temporary directory fails if you have 2 similar
installations requiring the same base directory and installation
script. That's what bothers me (and I'd like to solve) more than the
details of the single install problem which works fine for me.

Your suggestions are valid but my implementation is different for the
reasons stated.

Simon

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: onlyif functionality for the File type

[Simon J Mudd]

[EMAIL PROTECTED] (Paul Lathrop) writes:

 Why are you doing this? This kind of situation usually indicates a
 need to adjust one's mindset in order to work within the Puppet model
 rather than fighting against it.

 That said, I think you could do this a couple ways:

 1) An Exec resource with 'onlyif' and make the File resource depend on it.
 2) A custom fact that checks for the existence of the directory,
 combined with 'if' statements around the File resource.

 Still, I think you'll get more mileage out of telling us what problem
 you are trying to solve so we can help you figure out the best way to
 solve that problem within the Puppet model.

I posted almost exactly the same problem a couple of days ago:

- you want to install via a custom installer an application, so you
  need to do the following:
  1. copy the file and installer over
  2. run installer and cleanup

Step 1 above needs to be done ONLY IF the installation has NOT been
completed. (check for some final installation file/directory)
Step 2 depends on step 1 so only takes place if the files are copied.

So as I suggested in my posting a few days ago an onlyif option would
be very nice. I phrased it in my posting as unless  some
condition, which is just the negative condition of the onlyif
condition.

My guess the poster wants to do the same thing.

Simon

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: file type and unless method

[Simon J Mudd]

[EMAIL PROTECTED] (Joshua Timberman) writes:

 On Sat, Nov 8, 2008 at 3:42 AM, Simon J Mudd [EMAIL PROTECTED] wrote:

 One thought I had was to have an unless method/attribute in the file
 type which would allow us to disable the configured file behaviour:

 This seems like it would provide a nice easy way to run custom install
 scripts and only copy over the files once. The install script would
 clean up afterwards.

 The file resource already has something like this in the replace parameter.

 replace

 Whether or not to replace a file that is sourced but exists. This is
 useful for using file sources purely for initialization. Valid values
 are true (also called yes), false (also called no).

 Alternately, just add the 'refreshonly' parameter on the exec resource
 so it only gets run if the installation script is replaced.

thanks for the suggestion. I'll see if I can use that instead.

Simon


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] puppet, facter and using non-scalar values

[Simon J Mudd]

Hello all,

I've been using puppet for a while now and have an issue I've not
seen clearly answered.  One of the issues I want to address in puppet
is to manage LVM, the volume groups and logical volumes on a series
of servers.

Starting from a small base configuration I would like to configure the
logical volumes on the server.

However this doesn't seem to be a thing that puppet knows about directly.
My first thought is to create some custom facts which store the volume
group names and within each volume group the logical volumes. This is
not ideally stored as a couple of scalar values.

So how should I store this? Facter would seem to be the best thing to
adjust adding some custom facts but from what I can see all facter facts
are single scalar values.

So am I approaching the problem incorrectly? My initial thought is
that I'd like to populate some sort of variable volume_group_info as a
hash of hashes, the first hash being indexed on the volume group names
and the second on the logical volume group names in each volume group.

Still being new to ruby I'm trying to work out how to do this straight
in ruby but I'm sure this can be done, and if so my question would by
how to translate this into puppet code.

I'm initally looking at doing something like:

-- snip --
vol_groups = Hash.new

puts vol_groups.to_s

if FileTest.exists?(/usr/sbin/lvs)
%x{/usr/sbin/lvs --noheadings 2/dev/null}.split(\n).each do |line|
if line =~ /\s+(\S+)\s+(\S+)/
puts match vg:  + $2 + , lv:  + $1
lvname = $1
vgname = $2

# now fill lvname into vol_groups by vgname...
end
end
end
-- snip --

Can anyone comment on this idea?

Simon

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---