[Puppet Users] Re: Server Hierarchies Part Two (Puppet's Revenge)
In James Turnbull's book there's a good discussion on the variable
scoping issue (excellent book btw, a must have). He offered a
workaround by defining the variable you want to override outside the
class scopes. So you could try
$ntp_servers = ['ntp01.example.com',
'ntp02.example.com']
class zones::global {
$ntp_acls = ['']
include ntp
}
class zones::nyc {
$ntp_servers = ['ntp01.othersite.com',
'ntp02.othersite.com']
include zones::global
}
node host1.example.com {
include zones::nylrc
}
On Jun 23, 7:32 pm, Don wrote:
> > Wow, how did I miss that? That may very well solve a bunch of my
> > problems- it's not as transparent as I would prefer (you can't see at
> > a glance what resources a node references) but it has got to be better
> > than what I'm dealing with now. Thanks for the feedback.
>
> Nope spoke too soon. Scoping screws this up.
>
> For example:
> class zones::global {
> $ntp_servers = ['ntp01.example.com',
> 'ntp02.example.com']
> $ntp_acls = ['']
> include ntp
>
> }
>
> class zones::nyc {
> $ntp_servers = ['ntp01.othersite.com',
> 'ntp02.othersite.com']
>
> include zones::global
>
> }
>
> node host1.example.com {
> include zones::nylrc
>
> }
>
> The variables in global are available to NYC but the variables I have
> overridden in NYC are not available to global. In the end,
> host1.example.com ends up with ntp01.example.com as it's NTP server
> instead of ntp01.othersite.com because of scoping.
>
> Am I crazy for thinking this sort of hierarchical structure would be
> amazingly useful and is basically impossible with puppet?
>
> Is there some reason I am missing that would make the above a terrible
> idea?
>
> Without the above sort of hierarchy I'm going to end up with a jumble
> of logic statements and node descriptions that could otherwise be made
> incredibly simple.
>
> What am I missing?
>
> -Don
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: puppet+augeas inittab
Thanks very much David, that explained it.
I've changed the manifest to the following and it is now working fine.
augeas { "inittab":
context => "/files/etc/inittab",
changes => [ "set 01/id 'co'",
"set 01/runlevels 2345",
"set 01/action respawn",
"set 01/process \"/sbin/agetty ttyS0 19200 vt100\"",
],
onlyif => "match *[id='co'] size == 0",
}
Also that bug explained why my effort to manage limits.conf didn't
succeed:
augeas { "limits.conf":
context => "/files/etc/security/limits.conf",
changes => [ "set domain[type=\"soft\"][item=\"nofile\"] '1024'",
"set domain[type=\"hard\"][item=\"nofile\"] '65535'",
],
}
I'll manage that with the file resource for now. Looking forward to
the new version (currently on 0.24.8-1.el5.1)
:)
On Jun 12, 10:43 pm, David Lutterkort wrote:
> On Fri, 2009-06-12 at 04:46 -0700, Hui wrote:
> > Hi guys,
>
> > I was enlightened by the 'puppet+augeas modprobe.conf' post (thanks!)
> > and was going to put inittab under puppet/augeas management.
>
> > My goal is to add this one line for spawning a console on the serial
> > port if it doesn't exist:
> > co:12345:respawn:/sbin/agetty ttyS0 19200 vt100
>
> > However the task proved to be more tricky than I first imaged. There
> > were two thing I was stuck on. Firstly inittab tree in augeas starts
> > with number instead of arrays, and I had to work around to append with
> > ins and last().
>
> Assuming you're happy with appending that line to the end of the file,
> you shouldn't need to do anything fancy .. just a bunch of set's should
> be fine.
>
> > Secondly the match in onlyif didn't seem to like
> > spaces, so I was unsure how I can match the sequence exactly.
>
> That is a bug that's been addressed in the current master branch (ticket
> #2141)
>
>
>
> > I came up with the following:
> > augeas { "inittab":
> > context => "/files/etc/inittab",
> > changes => [ "set 100/id 'co'",
> > "set 100/runlevels 12345",
> > "set 100/action respawn",
> > "set 100/process \"/sbin/agetty ttyS0 19200 vt100\"",
> > ],
> > onlyif => "match */id[.='co'] size == 0'",
> > #onlyif => "match */process[.='/sbin/agetty ttyS0 19200 vt100']
> > size == 0",
> > }
>
> > So for my first problem, I used an arbitary large number (100) so it's
> > outside the existing line ranges - not robust and could inadvertently
> > overwrite something else.
>
> A much better way to make sure numbered nodes are truly unique is to use
> labels that start with a '0' - you're guaranteed that they will never
> appear in a tree that was just read from file; so you'd say "set 01/id
> 'co'" etc.
>
> > But for the matching, the first onlyif
> > works but the commented out one would error with
>
> That can actually be also written as "match *[id='co'] size == 0"
>
> > err: //Augeas[inittab]: Failed to retrieve current state of resource:
> > Error sending command 'match' with params ["vt100']", "size", "==",
> > "0"]/unknown error - Matching path expression '/files/etc/inittab/*/
> > process[.='/sbin/agetty' failed
>
> That's another manifestation of bug #2141.
>
> > I would really want to match on the serial console port (ttyS0) in
> > case it's named under a different id on an existing host.
>
> This would really require that Augeas path expressions grow a way to
> match regexps or at least substrings, so that you could say
>
> onlyif => "match *[process =~ @^/sbin/agetty tt...@] size == 0"
>
> or some such.
>
> David
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Scheduling with subscribe question
Hi guys,
I am new to puppet and got a question regarding subscribing and
scheduling. As we are going to run puppet on production machines
certain operations can only be performed out-of-hours, e.g. management
of ntp and syslog.
Take NTP for instance, I needed to distribute the configuration and
restart the service afterwards, but only if it's between 20:00 to
22:00. I thought of following ways:
- schedule on exec and exec subscribe to file: didn't work, the
conditions are 'OR'ed
- file notify exec, schedule on exec: didn't work, triggering are also
'OR'ed
- schedule on file, exec subscribe to file (see below config)
- schedule on file, file notify exec (gives same result as above)
So I arrived at the following configuration:
class ntp {
package { ntp: ensure => latest }
file { "/etc/ntp.conf":
ensure => present,
mode => 444,
owner => root,
group => root,
source => "puppet:///ntp/ntp.conf",
schedule => atnight,
}
service { ntpd:
enable => true,
ensure => true,
hasrestart => true,
hasstatus => true,
}
schedule { atnight:
range => "20 - 22",
period => daily,
}
exec { "reload_ntp":
path => "/usr/bin:/usr/sbin:/bin",
subscribe => File["/etc/ntp.conf"],
refreshonly => true,
# Explicitly avoid init.d/ntpd restart as it uses ntpdate
# Needs tweaking to accomondate other OSes
refresh => "/etc/init.d/ntpd stop && ntpd -u ntp:ntp -p /var/
run/ntpd.pid -g",
}
}
When I run puppetd during testing inside the time range, it would
complain about the schedule:
debug: //Node[testhost]/ntp/Exec[reload_ntp]/subscribe: subscribes to
File[/etc/ntp.conf]
debug: //Node[testhost]/ntp/File[/etc/ntp.conf]: Not scheduled
I've attempted to tweak the range (e.g. range => "08:00 - 22:00",
range => [08, 22] which resulted Parameter range failed: Invalid range
value error), changed period => hourly, added repeat => 10 (I
understand this counts number of invocations during the range in the
given period?), and restarted puppetmasterd in attempt to clear any
counters (are they persistent?), none of which made it run.
Could you help? I'm running puppet 0.24.5.
On a separate note, how is notify different from subscribe in terms of
practical use? I noticed both would work (e.g. add notify => Exec
["reload_ntp"] in the file resource and get rid of subscribe in the
exec resource), what is the best scenario to use either?
Many thanks.
HL
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
