[Novalug] Any puppet people out there?
Steve Bambling
smbambling at gmail.com
Thu Mar 22 09:43:31 EDT 2012
Do you have just a single environment with in puppet? (it will default to
the name production...just fyi).
It might make it a little easier if you break things up into puppet
environments and are not trying to do so much with one manifest in puppet.
From my understanding the more modular you make scripts the better with
puppet. You can have manifest call manifest. All configured in the
site.pp.
We have several... Production, Test, Stage, Development and DR.
When a node is 1st registered with puppet it will be dropped into the
default (production) environment unless you have already set the
puppet.conf on the new client. I have have a module that runs on every
node (specified in the site.pp). Below you can see that it calls the class
puppet and and makes sure its not disabled. Also note that you can see the
host boba references the default node.
node default {
# Configure Puppet and apply the correct .conf files.
class { "puppet":
disable => "false",
}
# File Bucket for Puppet Dashboard Reporting
filebucket { "main":
server => "puppet.domain.com",
path => false,
}
File { backup => "main" }
}
#########
# Hosts #
#########
node 'boba.domain.com' inherits default {
class { "sudo": }
include repos::arin
Here is my puppet module client manifest it will look at the sub-domain of
a host to determine what environment in which it should live.
class puppet::client {
if ( "dev.domain.com" == "$domain" ) {
$env = "development"
}
if ( "test.domain.com" == "$domain" ) {
$env = "test"
}
if ( "stage.domain.com" == "$domain" ) {
$env = "stage"
}
if ( "dr.domain.com" == "$domain" ) or ( "drp.domain.com" == "$domain" ) {
$env = "dr"
}
if ( "domain.com" == "$domain" ) {
$env = "production"
}
if $puppet::disable == "false" {
$installed = present
$enable = true
$ensure = "running"
Package['puppet'] -> Service['puppet']
file { "puppetconf":
path => "/etc/puppet/puppet.conf",
owner => root,
group => root,
mode => 0644,
source => $env ? {
'production' =>
"puppet:///modules/puppet/client/production/puppet.conf",
'development' =>
"puppet:///modules/puppet/client/development/puppet.conf",
'test' =>
"puppet:///modules/puppet/client/test/puppet.conf",
'stage' =>
"puppet:///modules/puppet/client/stage/puppet.conf",
'dr' => "puppet:///modules/puppet/client/dr/puppet.conf",
}
}
file { "authconf":
path => "/etc/puppet/auth.conf",
owner => root,
group => root,
mode => 0644,
source => $env ? {
'production' =>
"puppet:///modules/puppet/client/production/auth.conf",
'development' =>
"puppet:///modules/puppet/client/development/auth.conf",
'test' => "puppet:///modules/puppet/client/test/auth.conf",
'stage' =>
"puppet:///modules/puppet/client/stage/auth.conf",
'dr' => "puppet:///modules/puppet/client/dr/auth.conf",
}
}
file { "namespaceauthconf":
path => "/etc/puppet/namespaceauth.conf",
owner => root,
group => root,
mode => 0644,
source => $env ? {
'production' =>
"puppet:///modules/puppet/client/production/namespaceauth.conf",
'development' =>
"puppet:///modules/puppet/client/development/namespaceauth.conf",
'test' =>
"puppet:///modules/puppet/client/test/namespaceauth.conf",
'stage' =>
"puppet:///modules/puppet/client/stage/namespaceauth.conf",
'dr' =>
"puppet:///modules/puppet/client/dr/namespaceauth.conf",
}
}
} else {
$installed = absent
$enable = false
$ensure = "stopped"
Package['puppet'] <- Service['puppet']
}
package { ["puppet"]:
ensure => $installed,
}
service { ["puppet"]:
ensure => $ensure,
enable => $enable,
hasrestart => true,
subscribe =>
File["/etc/puppet/puppet.conf","/etc/puppet/auth.conf","/etc/puppet/namespaceauth.conf"],
}
}
v/r
STEVE
On Thu, Mar 22, 2012 at 9:25 AM, Gopher <gopher at 3wa.org> wrote:
> On 3/22/12 7:26 AM, Steve Bambling wrote:
> > I think John nailed it, this is basically what we do for some of our
> > classes. I would also take a good look at the ruby erb templates, this
> > gives you the ability to cascade setting in place of having a bunch of
> > static files.
> >
> > For example:
> >
> > file { "/etc/sudoers":
> > mode => 0440,
> > content => $template ? {
> > 'default' => template("sudo/sudoers-default.erb"),
> > 'qa' => template("sudo/sudoers-qa.erb"),
> > 'dev' => template("sudo/sudoers-dev.erb"),
> >
> > Inside the sudoers-dev you can call the default template.
> >
> > <%= scope.function_template("sudo/sudoers-default.erb") %>
> > %sudodev ALL=(ALL) ALL
> >
> >
> > This way if a sysadmin leaves or you need to modify the default setting
> > your not doing it across multiple files.
> >
> > v/r
> >
>
> My stuff isn't so simple - at least no the way I look at it.
>
> I want to do the following:
>
> - Define 'base' that will applied to all hosts with per-environment
> settings.
> - Define exceptions based upon node name (i.e. 'dns.*')
> - Define exceptions based upon specific node name (i.e. 'dns-test')
>
> The issues I have is that I can only declare a given class once,
> regardless of the parameters passed to it (this galls me to no end, BTW
> - one reason I am not fond of Puppet at this time).
>
> And I have yet to figure out how to do all this without being able to
> overload variables later in he configuration ('you can only define it
> once'. ARG!)
>
> And believe me, my explanation here is no where as complicated as my
> situation is in real life. I've left out a lot of the gory details of
> waht I'm trying do to. Needless to say hiera isn't helping and I think
> either I'm going to end up with a ton of duplicated configuration
> information all over the place or a lot of 'if host =X or hostname like
> 'XXXX' ' type code in my modules.
>
> thx.
>
> --
> gopher at 3wa.org
> "Evil is, as humans do" - The Misfits
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20120322/b621805f/attachment-0001.html
More information about the Novalug
mailing list