Puppet users - Mar 2009 - best practices stand-alone puppet

Hello,

I was evaluating the use of the puppet with the single purpose to
generate a handful of httpd.conf files for several apache instances.
Unfortunately my deployment environment is very restrictive and I can
not use puppetd on the target hosts - I wanted however take advantage
of puppet DSL to describe the system (few dozen of instances with ever-
changing ports) and generate stuff I need on the external box,
deploying configuration via ssh afterwards on the clients.

If someone has faced similar situation - what pointers would you
suggest?

Thanks!

Thomas

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, Mar 10, 2009 at 1:28 PM, thomas <thomas.bikeev@gmail.com>
wrote:
>
> Hello,
>
> I was evaluating the use of the puppet with the single purpose to
> generate a handful of httpd.conf files for several apache instances.
> Unfortunately my deployment environment is very restrictive and I can
> not use puppetd on the target hosts - I wanted however take advantage
> of puppet DSL to describe the system (few dozen of instances with ever-
> changing ports) and generate stuff I need on the external box,
> deploying configuration via ssh afterwards on the clients.
>
> If someone has faced similar situation - what pointers would you
> suggest?
>
I believe I would do the following:
I would skip the needing for apache in this case. the out of the box
puppetmaster runs a webbrick that runs on port 8141 and seems to cover
what you are looking for. In this case, you are wanting to make sure
that it only listens/talks on 127.0.0.1 and then sync out the puppet
directories.


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

It depends on what you are trying to do exactly, but you can run
''puppet''
stand alone without the master.

The only thing that gets tricky is if you have interhost configurations that
you want to manage.

You can also use the master as a file server for the stand alone puppet
executable.

If you can explain a little bit more about what you are trying to accomplish
and your constraints, you''ll hopefully get a better answer.

Cheers,
Andrew





On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<smooge@gmail.com>wrote:
>
> On Tue, Mar 10, 2009 at 1:28 PM, thomas <thomas.bikeev@gmail.com>
wrote:
> >
> > Hello,
> >
> > I was evaluating the use of the puppet with the single purpose to
> > generate a handful of httpd.conf files for several apache instances.
> > Unfortunately my deployment environment is very restrictive and I can
> > not use puppetd on the target hosts - I wanted however take advantage
> > of puppet DSL to describe the system (few dozen of instances with
ever-
> > changing ports) and generate stuff I need on the external box,
> > deploying configuration via ssh afterwards on the clients.
> >
> > If someone has faced similar situation - what pointers would you
> > suggest?
> >
>
> I believe I would do the following:
> I would skip the needing for apache in this case. the out of the box
> puppetmaster runs a webbrick that runs on port 8141 and seems to cover
> what you are looking for. In this case, you are wanting to make sure
> that it only listens/talks on 127.0.0.1 and then sync out the puppet
> directories.
>
>
> --
> Stephen J Smoogen. -- BSD/GNU/Linux
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks! Here it goes:

- there are between 30 and 40 Apache instances (on 20-30 physical
servers) that I need to supply with htppd.conf, mod_security.conf and
the keys.
- all instances are running in pairs for fail-over some are used just
as ssl endpoints, some as reverse proxies, some host custom modules
- all I can do on these machines is to push via ssh - can not install
puppet to pull (unfortunately)

I wanted to use puppet just to manage/generate files I need to push to
the target hosts (this would have been ideal, since I could group my
stuff, use inheritance, etc ...)
My idea was to have a "deployment box" where I will create my puppet
DSL files describing servers, services and topology, than using
"puppet" executable generate files, and push them over.

Questions I have at this stage:
- can I do this at all with puppet?
- any pointers to .pp scripting?
- how can I loop through all nodes executing .pp script?
- how can I select just one host when running "puppet"?

( For sure I am trying to use puppet not at all in the way it meant to
be in the first place, degrading it to ant/maven type of utility,
hence my question if this is possible at all)

Thomas



On Mar 10, 11:25 pm, Andrew Shafer <and...@reductivelabs.com>
wrote:
> It depends on what you are trying to do exactly, but you can run
''puppet''
> stand alone without the master.
>
> The only thing that gets tricky is if you have interhost configurations
that
> you want to manage.
>
> You can also use the master as a file server for the stand alone puppet
> executable.
>
> If you can explain a little bit more about what you are trying to
accomplish
> and your constraints, you''ll hopefully get a better answer.
>
> Cheers,
> Andrew
>
> On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<smo...@gmail.com>wrote:
>
>
>
>
>
> > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com> wrote:
>
> > > Hello,
>
> > > I was evaluating the use of the puppet with the single purpose to
> > > generate a handful of httpd.conf files for several apache
instances.
> > > Unfortunately my deployment environment is very restrictive and I
can
> > > not use puppetd on the target hosts - I wanted however take
advantage
> > > of puppet DSL to describe the system (few dozen of instances with
ever-
> > > changing ports) and generate stuff I need on the external box,
> > > deploying configuration via ssh afterwards on the clients.
>
> > > If someone has faced similar situation - what pointers would you
> > > suggest?
>
> > I believe I would do the following:
> > I would skip the needing for apache in this case. the out of the box
> > puppetmaster runs a webbrick that runs on port 8141 and seems to cover
> > what you are looking for. In this case, you are wanting to make sure
> > that it only listens/talks on 127.0.0.1 and then sync out the puppet
> > directories.
>
> > --
> > Stephen J Smoogen. -- BSD/GNU/Linux
> > How far that little candle throws his beams! So shines a good deed
> > in a naughty world. = Shakespeare. "The Merchant of Venice"
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Can you not have anything installed? or you just can''t pull?

In order for Puppet to really work you need to parametrize the configuration
with the ''facts''.

The most straight forward ways to accomplish that is to have the fact''s
pulled to the master, or to run the puppet executable on the clients.

You can do something like rsync the puppet manifests to the client and run
them there. People do that on 1000s of machines.

Your idea ''could'' work but it''s not a workflow
I''m aware of other people
using. You basically need to trick your ''deployment box'' with
the facts from
the other boxes, fully evaluate the manifests and then copy the results.
That might end up adding more complexity than it eliminates.

0.02

On Wed, Mar 11, 2009 at 12:54 AM, thomas <thomas.bikeev@gmail.com> wrote:
>
> Thanks! Here it goes:
>
> - there are between 30 and 40 Apache instances (on 20-30 physical
> servers) that I need to supply with htppd.conf, mod_security.conf and
> the keys.
> - all instances are running in pairs for fail-over some are used just
> as ssl endpoints, some as reverse proxies, some host custom modules
> - all I can do on these machines is to push via ssh - can not install
> puppet to pull (unfortunately)
>
> I wanted to use puppet just to manage/generate files I need to push to
> the target hosts (this would have been ideal, since I could group my
> stuff, use inheritance, etc ...)
> My idea was to have a "deployment box" where I will create my
puppet
> DSL files describing servers, services and topology, than using
> "puppet" executable generate files, and push them over.
>
> Questions I have at this stage:
> - can I do this at all with puppet?
> - any pointers to .pp scripting?
> - how can I loop through all nodes executing .pp script?
> - how can I select just one host when running "puppet"?
>
> ( For sure I am trying to use puppet not at all in the way it meant to
> be in the first place, degrading it to ant/maven type of utility,
> hence my question if this is possible at all)
>
> Thomas
>
>
>
> On Mar 10, 11:25 pm, Andrew Shafer <and...@reductivelabs.com> wrote:
> > It depends on what you are trying to do exactly, but you can run
''puppet''
> > stand alone without the master.
> >
> > The only thing that gets tricky is if you have interhost
configurations
> that
> > you want to manage.
> >
> > You can also use the master as a file server for the stand alone
puppet
> > executable.
> >
> > If you can explain a little bit more about what you are trying to
> accomplish
> > and your constraints, you''ll hopefully get a better answer.
> >
> > Cheers,
> > Andrew
> >
> > On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<smo...@gmail.com
> >wrote:
> >
> >
> >
> >
> >
> > > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com>
> wrote:
> >
> > > > Hello,
> >
> > > > I was evaluating the use of the puppet with the single
purpose to
> > > > generate a handful of httpd.conf files for several apache
instances.
> > > > Unfortunately my deployment environment is very restrictive
and I can
> > > > not use puppetd on the target hosts - I wanted however take
advantage
> > > > of puppet DSL to describe the system (few dozen of instances
with
> ever-
> > > > changing ports) and generate stuff I need on the external
box,
> > > > deploying configuration via ssh afterwards on the clients.
> >
> > > > If someone has faced similar situation - what pointers would
you
> > > > suggest?
> >
> > > I believe I would do the following:
> > > I would skip the needing for apache in this case. the out of the
box
> > > puppetmaster runs a webbrick that runs on port 8141 and seems to
cover
> > > what you are looking for. In this case, you are wanting to make
sure
> > > that it only listens/talks on 127.0.0.1 and then sync out the
puppet
> > > directories.
> >
> > > --
> > > Stephen J Smoogen. -- BSD/GNU/Linux
> > > How far that little candle throws his beams! So shines a good
deed
> > > in a naughty world. = Shakespeare. "The Merchant of
Venice"
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I can''t pull. Rsync way could be the way to go, with the client
pretending to be its own server as Stephen has outlined previously.

Many thanks for the explanation, will give it a try.

Regards, Thomas

On Mar 11, 6:05 pm, Andrew Shafer <and...@reductivelabs.com>
wrote:
> Can you not have anything installed? or you just can''t pull?
>
> In order for Puppet to really work you need to parametrize the
configuration
> with the ''facts''.
>
> The most straight forward ways to accomplish that is to have the
fact''s
> pulled to the master, or to run the puppet executable on the clients.
>
> You can do something like rsync the puppet manifests to the client and run
> them there. People do that on 1000s of machines.
>
> Your idea ''could'' work but it''s not a workflow
I''m aware of other people
> using. You basically need to trick your ''deployment box''
with the facts from
> the other boxes, fully evaluate the manifests and then copy the results.
> That might end up adding more complexity than it eliminates.
>
> 0.02
>
>
>
> On Wed, Mar 11, 2009 at 12:54 AM, thomas <thomas.bik...@gmail.com>
wrote:
>
> > Thanks! Here it goes:
>
> > - there are between 30 and 40 Apache instances (on 20-30 physical
> > servers) that I need to supply with htppd.conf, mod_security.conf and
> > the keys.
> > - all instances are running in pairs for fail-over some are used just
> > as ssl endpoints, some as reverse proxies, some host custom modules
> > - all I can do on these machines is to push via ssh - can not install
> > puppet to pull (unfortunately)
>
> > I wanted to use puppet just to manage/generate files I need to push to
> > the target hosts (this would have been ideal, since I could group my
> > stuff, use inheritance, etc ...)
> > My idea was to have a "deployment box" where I will create
my puppet
> > DSL files describing servers, services and topology, than using
> > "puppet" executable generate files, and push them over.
>
> > Questions I have at this stage:
> > - can I do this at all with puppet?
> > - any pointers to .pp scripting?
> > - how can I loop through all nodes executing .pp script?
> > - how can I select just one host when running "puppet"?
>
> > ( For sure I am trying to use puppet not at all in the way it meant to
> > be in the first place, degrading it to ant/maven type of utility,
> > hence my question if this is possible at all)
>
> > Thomas
>
> > On Mar 10, 11:25 pm, Andrew Shafer <and...@reductivelabs.com>
wrote:
> > > It depends on what you are trying to do exactly, but you can run
''puppet''
> > > stand alone without the master.
>
> > > The only thing that gets tricky is if you have interhost
configurations
> > that
> > > you want to manage.
>
> > > You can also use the master as a file server for the stand alone
puppet
> > > executable.
>
> > > If you can explain a little bit more about what you are trying to
> > accomplish
> > > and your constraints, you''ll hopefully get a better
answer.
>
> > > Cheers,
> > > Andrew
>
> > > On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<smo...@gmail.com
> > >wrote:
>
> > > > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com>
> > wrote:
>
> > > > > Hello,
>
> > > > > I was evaluating the use of the puppet with the single
purpose to
> > > > > generate a handful of httpd.conf files for several
apache instances.
> > > > > Unfortunately my deployment environment is very
restrictive and I can
> > > > > not use puppetd on the target hosts - I wanted however
take advantage
> > > > > of puppet DSL to describe the system (few dozen of
instances with
> > ever-
> > > > > changing ports) and generate stuff I need on the
external box,
> > > > > deploying configuration via ssh afterwards on the
clients.
>
> > > > > If someone has faced similar situation - what pointers
would you
> > > > > suggest?
>
> > > > I believe I would do the following:
> > > > I would skip the needing for apache in this case. the out of
the box
> > > > puppetmaster runs a webbrick that runs on port 8141 and
seems to cover
> > > > what you are looking for. In this case, you are wanting to
make sure
> > > > that it only listens/talks on 127.0.0.1 and then sync out
the puppet
> > > > directories.
>
> > > > --
> > > > Stephen J Smoogen. -- BSD/GNU/Linux
> > > > How far that little candle throws his beams! So shines a
good deed
> > > > in a naughty world. = Shakespeare. "The Merchant of
Venice"
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

No, you don''t need the client to pretend it is a server.

Just run puppet by itself.

You won''t use puppetmasterd and puppetd, just puppet, it acts like an
interpreter stand alone.


On Wed, Mar 11, 2009 at 2:57 PM, thomas <thomas.bikeev@gmail.com> wrote:
>
> I can''t pull. Rsync way could be the way to go, with the client
> pretending to be its own server as Stephen has outlined previously.
>
> Many thanks for the explanation, will give it a try.
>
> Regards, Thomas
>
> On Mar 11, 6:05 pm, Andrew Shafer <and...@reductivelabs.com> wrote:
> > Can you not have anything installed? or you just can''t pull?
> >
> > In order for Puppet to really work you need to parametrize the
> configuration
> > with the ''facts''.
> >
> > The most straight forward ways to accomplish that is to have the
fact''s
> > pulled to the master, or to run the puppet executable on the clients.
> >
> > You can do something like rsync the puppet manifests to the client and
> run
> > them there. People do that on 1000s of machines.
> >
> > Your idea ''could'' work but it''s not a
workflow I''m aware of other people
> > using. You basically need to trick your ''deployment
box'' with the facts
> from
> > the other boxes, fully evaluate the manifests and then copy the
results.
> > That might end up adding more complexity than it eliminates.
> >
> > 0.02
> >
> >
> >
> > On Wed, Mar 11, 2009 at 12:54 AM, thomas
<thomas.bik...@gmail.com>
> wrote:
> >
> > > Thanks! Here it goes:
> >
> > > - there are between 30 and 40 Apache instances (on 20-30 physical
> > > servers) that I need to supply with htppd.conf, mod_security.conf
and
> > > the keys.
> > > - all instances are running in pairs for fail-over some are used
just
> > > as ssl endpoints, some as reverse proxies, some host custom
modules
> > > - all I can do on these machines is to push via ssh - can not
install
> > > puppet to pull (unfortunately)
> >
> > > I wanted to use puppet just to manage/generate files I need to
push to
> > > the target hosts (this would have been ideal, since I could group
my
> > > stuff, use inheritance, etc ...)
> > > My idea was to have a "deployment box" where I will
create my puppet
> > > DSL files describing servers, services and topology, than using
> > > "puppet" executable generate files, and push them over.
> >
> > > Questions I have at this stage:
> > > - can I do this at all with puppet?
> > > - any pointers to .pp scripting?
> > > - how can I loop through all nodes executing .pp script?
> > > - how can I select just one host when running "puppet"?
> >
> > > ( For sure I am trying to use puppet not at all in the way it
meant to
> > > be in the first place, degrading it to ant/maven type of utility,
> > > hence my question if this is possible at all)
> >
> > > Thomas
> >
> > > On Mar 10, 11:25 pm, Andrew Shafer
<and...@reductivelabs.com> wrote:
> > > > It depends on what you are trying to do exactly, but you can
run
> ''puppet''
> > > > stand alone without the master.
> >
> > > > The only thing that gets tricky is if you have interhost
> configurations
> > > that
> > > > you want to manage.
> >
> > > > You can also use the master as a file server for the stand
alone
> puppet
> > > > executable.
> >
> > > > If you can explain a little bit more about what you are
trying to
> > > accomplish
> > > > and your constraints, you''ll hopefully get a better
answer.
> >
> > > > Cheers,
> > > > Andrew
> >
> > > > On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen <
> smo...@gmail.com
> > > >wrote:
> >
> > > > > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com>
> > > wrote:
> >
> > > > > > Hello,
> >
> > > > > > I was evaluating the use of the puppet with the
single purpose to
> > > > > > generate a handful of httpd.conf files for several
apache
> instances.
> > > > > > Unfortunately my deployment environment is very
restrictive and I
> can
> > > > > > not use puppetd on the target hosts - I wanted
however take
> advantage
> > > > > > of puppet DSL to describe the system (few dozen of
instances with
> > > ever-
> > > > > > changing ports) and generate stuff I need on the
external box,
> > > > > > deploying configuration via ssh afterwards on the
clients.
> >
> > > > > > If someone has faced similar situation - what
pointers would you
> > > > > > suggest?
> >
> > > > > I believe I would do the following:
> > > > > I would skip the needing for apache in this case. the
out of the
> box
> > > > > puppetmaster runs a webbrick that runs on port 8141 and
seems to
> cover
> > > > > what you are looking for. In this case, you are wanting
to make
> sure
> > > > > that it only listens/talks on 127.0.0.1 and then sync
out the
> puppet
> > > > > directories.
> >
> > > > > --
> > > > > Stephen J Smoogen. -- BSD/GNU/Linux
> > > > > How far that little candle throws his beams! So shines
a good deed
> > > > > in a naughty world. = Shakespeare. "The Merchant
of Venice"
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I''ve run my laptop and standlone systems with puppet for a long time,
and here''s my impressions from problems I fixed from what I
recall. Things may have changed in later versions.

Configurations may as well be generic, you can use hosts or groups,
but without puppetmaster the entire config goes to every client.

Runtime is huge, 100% for a full minute or two while the configuration
is compiled and executed.

Poor reporting, NO locking or caching data stored into
/var/puppet. Every run starts from scratch. I ended up logging to
syslog.

You must manage the deployment of configurations, and
timing/copying/locking issues all pose a problem, especially if you
want Puppet to update itself. You also must maintain a local file
repository or use text editing hacks.

No schedules, you can''t assign certain items to run at certain times,
or more importantly inhibit items from executing each and every time.

There was a mailing list thread where I was asking for input on how to
reduce my runtime, and I ended up using a puppetmaster on localhost to
try and retain state data.

That being said, don''t take me as negative. I adore puppet and its so
much better than CFEngine was. There are just drawbacks to running
isolated locally rather than using the puppetmaster model it was
designed for.

Good luck!

On Wed, Mar 11, 2009 at 07:14:03PM -0600, Andrew Shafer
wrote:
> No, you don''t need the client to pretend it is a server.
> 
> Just run puppet by itself.
> 
> You won''t use puppetmasterd and puppetd, just puppet, it acts like
an
> interpreter stand alone.
> 
> 
> On Wed, Mar 11, 2009 at 2:57 PM, thomas <thomas.bikeev@gmail.com>
wrote:
> 
> >
> > I can''t pull. Rsync way could be the way to go, with the
client
> > pretending to be its own server as Stephen has outlined previously.
> >
> > Many thanks for the explanation, will give it a try.
> >
> > Regards, Thomas
> >
> > On Mar 11, 6:05 pm, Andrew Shafer <and...@reductivelabs.com>
wrote:
> > > Can you not have anything installed? or you just can''t
pull?
> > >
> > > In order for Puppet to really work you need to parametrize the
> > configuration
> > > with the ''facts''.
> > >
> > > The most straight forward ways to accomplish that is to have the
fact''s
> > > pulled to the master, or to run the puppet executable on the
clients.
> > >
> > > You can do something like rsync the puppet manifests to the
client and
> > run
> > > them there. People do that on 1000s of machines.
> > >
> > > Your idea ''could'' work but it''s not a
workflow I''m aware of other people
> > > using. You basically need to trick your ''deployment
box'' with the facts
> > from
> > > the other boxes, fully evaluate the manifests and then copy the
results.
> > > That might end up adding more complexity than it eliminates.
> > >
> > > 0.02
> > >
> > >
> > >
> > > On Wed, Mar 11, 2009 at 12:54 AM, thomas
<thomas.bik...@gmail.com>
> > wrote:
> > >
> > > > Thanks! Here it goes:
> > >
> > > > - there are between 30 and 40 Apache instances (on 20-30
physical
> > > > servers) that I need to supply with htppd.conf,
mod_security.conf and
> > > > the keys.
> > > > - all instances are running in pairs for fail-over some are
used just
> > > > as ssl endpoints, some as reverse proxies, some host custom
modules
> > > > - all I can do on these machines is to push via ssh - can
not install
> > > > puppet to pull (unfortunately)
> > >
> > > > I wanted to use puppet just to manage/generate files I need
to push to
> > > > the target hosts (this would have been ideal, since I could
group my
> > > > stuff, use inheritance, etc ...)
> > > > My idea was to have a "deployment box" where I
will create my puppet
> > > > DSL files describing servers, services and topology, than
using
> > > > "puppet" executable generate files, and push them
over.
> > >
> > > > Questions I have at this stage:
> > > > - can I do this at all with puppet?
> > > > - any pointers to .pp scripting?
> > > > - how can I loop through all nodes executing .pp script?
> > > > - how can I select just one host when running
"puppet"?
> > >
> > > > ( For sure I am trying to use puppet not at all in the way
it meant to
> > > > be in the first place, degrading it to ant/maven type of
utility,
> > > > hence my question if this is possible at all)
> > >
> > > > Thomas
> > >
> > > > On Mar 10, 11:25 pm, Andrew Shafer
<and...@reductivelabs.com> wrote:
> > > > > It depends on what you are trying to do exactly, but
you can run
> > ''puppet''
> > > > > stand alone without the master.
> > >
> > > > > The only thing that gets tricky is if you have
interhost
> > configurations
> > > > that
> > > > > you want to manage.
> > >
> > > > > You can also use the master as a file server for the
stand alone
> > puppet
> > > > > executable.
> > >
> > > > > If you can explain a little bit more about what you are
trying to
> > > > accomplish
> > > > > and your constraints, you''ll hopefully get a
better answer.
> > >
> > > > > Cheers,
> > > > > Andrew
> > >
> > > > > On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<
> > smo...@gmail.com
> > > > >wrote:
> > >
> > > > > > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com>
> > > > wrote:
> > >
> > > > > > > Hello,
> > >
> > > > > > > I was evaluating the use of the puppet with
the single purpose to
> > > > > > > generate a handful of httpd.conf files for
several apache
> > instances.
> > > > > > > Unfortunately my deployment environment is
very restrictive and I
> > can
> > > > > > > not use puppetd on the target hosts - I
wanted however take
> > advantage
> > > > > > > of puppet DSL to describe the system (few
dozen of instances with
> > > > ever-
> > > > > > > changing ports) and generate stuff I need on
the external box,
> > > > > > > deploying configuration via ssh afterwards on
the clients.
> > >
> > > > > > > If someone has faced similar situation - what
pointers would you
> > > > > > > suggest?
> > >
> > > > > > I believe I would do the following:
> > > > > > I would skip the needing for apache in this case.
the out of the
> > box
> > > > > > puppetmaster runs a webbrick that runs on port
8141 and seems to
> > cover
> > > > > > what you are looking for. In this case, you are
wanting to make
> > sure
> > > > > > that it only listens/talks on 127.0.0.1 and then
sync out the
> > puppet
> > > > > > directories.
> > >
> > > > > > --
> > > > > > Stephen J Smoogen. -- BSD/GNU/Linux
> > > > > > How far that little candle throws his beams! So
shines a good deed
> > > > > > in a naughty world. = Shakespeare. "The
Merchant of Venice"
> > >
> >
> 
> > 

------------------------------------------------------------------
Russell Adams                            RLAdams@AdamsInfoServ.com

PGP Key ID:     0x1160DCB3           http://www.adamsinfoserv.com/

Fingerprint:    1723 D8CA 4280 1EC9 557F  66E8 1154 E018 1160 DCB3

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Yes. I''ve done something similar for creating turn-key systems.
Do a kickstart of the host and as part of the kickstart, retrieve a puppet
manifest from CVS/Subversion.
Then run the ''puppet'' binary against the manifest to do the
final host
specific config on the turn-key system.
Works great and produces a fully configured, ready to go Linux appliance.

Geoff


On 11/03/2009, thomas <thomas.bikeev@gmail.com>
wrote:
>
>
> Thanks! Here it goes:
>
> - there are between 30 and 40 Apache instances (on 20-30 physical
> servers) that I need to supply with htppd.conf, mod_security.conf and
> the keys.
> - all instances are running in pairs for fail-over some are used just
> as ssl endpoints, some as reverse proxies, some host custom modules
> - all I can do on these machines is to push via ssh - can not install
> puppet to pull (unfortunately)
>
> I wanted to use puppet just to manage/generate files I need to push to
> the target hosts (this would have been ideal, since I could group my
> stuff, use inheritance, etc ...)
> My idea was to have a "deployment box" where I will create my
puppet
> DSL files describing servers, services and topology, than using
> "puppet" executable generate files, and push them over.
>
> Questions I have at this stage:
> - can I do this at all with puppet?
> - any pointers to .pp scripting?
> - how can I loop through all nodes executing .pp script?
> - how can I select just one host when running "puppet"?
>
> ( For sure I am trying to use puppet not at all in the way it meant to
> be in the first place, degrading it to ant/maven type of utility,
> hence my question if this is possible at all)
>
> Thomas
>
>
>
> On Mar 10, 11:25 pm, Andrew Shafer <and...@reductivelabs.com> wrote:
> > It depends on what you are trying to do exactly, but you can run
''puppet''
> > stand alone without the master.
> >
> > The only thing that gets tricky is if you have interhost
configurations
> that
> > you want to manage.
> >
> > You can also use the master as a file server for the stand alone
puppet
> > executable.
> >
> > If you can explain a little bit more about what you are trying to
> accomplish
> > and your constraints, you''ll hopefully get a better answer.
> >
> > Cheers,
> > Andrew
> >
> > On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen
<smo...@gmail.com
> >wrote:
> >
> >
> >
> >
> >
> > > On Tue, Mar 10, 2009 at 1:28 PM, thomas
<thomas.bik...@gmail.com>
> wrote:
> >
> > > > Hello,
> >
> > > > I was evaluating the use of the puppet with the single
purpose to
> > > > generate a handful of httpd.conf files for several apache
instances.
> > > > Unfortunately my deployment environment is very restrictive
and I can
> > > > not use puppetd on the target hosts - I wanted however take
advantage
> > > > of puppet DSL to describe the system (few dozen of instances
with
> ever-
> > > > changing ports) and generate stuff I need on the external
box,
> > > > deploying configuration via ssh afterwards on the clients.
> >
> > > > If someone has faced similar situation - what pointers would
you
> > > > suggest?
> >
> > > I believe I would do the following:
> > > I would skip the needing for apache in this case. the out of the
box
> > > puppetmaster runs a webbrick that runs on port 8141 and seems to
cover
> > > what you are looking for. In this case, you are wanting to make
sure
> > > that it only listens/talks on 127.0.0.1 and then sync out the
puppet
> > > directories.
> >
> > > --
> > > Stephen J Smoogen. -- BSD/GNU/Linux
> > > How far that little candle throws his beams! So shines a good
deed
> > > in a naughty world. = Shakespeare. "The Merchant of
Venice"
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---