Nigel Kersten
2010-May-28 18:52 UTC
[Puppet Users] accessing client certname in manifests?
I mentioned we had a custom fact for the client certname in IRC the other day and someone poked fun at me as it''s apparently built in. For the life of me I can''t work out what variable it is. Anyone know? (our certnames bear no relationship to any other attribute, fqdn etc) -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, May 28, 2010 at 11:52 AM, Nigel Kersten <nigelk@google.com> wrote:> I mentioned we had a custom fact for the client certname in IRC the other > day and someone poked fun at me as it''s apparently built in.if that''s the case, then the following ticket needs to be closed. http://projects.puppetlabs.com/issues/3021> For the life of me I can''t work out what variable it is. Anyone know? > > (our certnames bear no relationship to any other attribute, fqdn etc) > > > > -- > nigel > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-May-28 19:02 UTC
Re: [Puppet Users] accessing client certname in manifests?
On Fri, May 28, 2010 at 12:00 PM, Dan Bode <dan@puppetlabs.com> wrote:> > > On Fri, May 28, 2010 at 11:52 AM, Nigel Kersten <nigelk@google.com> wrote: > >> I mentioned we had a custom fact for the client certname in IRC the other >> day and someone poked fun at me as it''s apparently built in. > > > if that''s the case, then the following ticket needs to be closed. > > http://projects.puppetlabs.com/issues/3021 >Yeah, I don''t think it is built in, and people just access fqdn or some other equivalent that happens to have the same value as the certname. I''d love it if someone proves me wrong though.> > > >> For the life of me I can''t work out what variable it is. Anyone know? >> >> (our certnames bear no relationship to any other attribute, fqdn etc) >> >> >> >> -- >> nigel >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Carl Caum
2010-May-28 19:04 UTC
Re: [Puppet Users] accessing client certname in manifests?
I can''t find it. I just use $fqdn mostly with the exception of a few DHCP boxes. On May 28, 2010, at 2:02 PM, Nigel Kersten wrote:> > > On Fri, May 28, 2010 at 12:00 PM, Dan Bode <dan@puppetlabs.com> wrote: > > > On Fri, May 28, 2010 at 11:52 AM, Nigel Kersten <nigelk@google.com> wrote: > I mentioned we had a custom fact for the client certname in IRC the other day and someone poked fun at me as it''s apparently built in. > > if that''s the case, then the following ticket needs to be closed. > > http://projects.puppetlabs.com/issues/3021 > > Yeah, I don''t think it is built in, and people just access fqdn or some other equivalent that happens to have the same value as the certname. > > I''d love it if someone proves me wrong though. > > > > For the life of me I can''t work out what variable it is. Anyone know? > > (our certnames bear no relationship to any other attribute, fqdn etc) > > > > -- > nigel > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > > -- > nigel > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2010-May-28 23:19 UTC
Re: [Puppet Users] accessing client certname in manifests?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kersten wrote:> I mentioned we had a custom fact for the client certname in IRC the > other day and someone poked fun at me as it''s apparently built in. > > For the life of me I can''t work out what variable it is. Anyone know? > > (our certnames bear no relationship to any other attribute, fqdn etc)It is not built-in - someone has misled you young man. Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://www.amazon.com/gp/product/1430219122/) * Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) * Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) * Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTABPZiFa/lDkFHAyAQLkywgAl1tn3QraNmZLn3Tsdt1Ymt7gOuVoISzX bz1BxW+QDWGVZZFw0hYZ8ob1kgiCgdkrZkLtjIzQbzJNR2yNY0PURqUvpGNpfoVi wB2O2JmtNu3v1mFovvHrSTtcruQ53VBpOaL2wdKcoPX+IF/sZbeQic1RTLS2S0YZ fa/iRRABidN7g5BSIiK5xPmRBbTuG25BngWs242p/vFeIbHOn57ix3dBVKZpZHnO DT0mt8uCYz2pEEVHVVDXwf4GL43jbATGRCgWuXKt0WATvwg06a8/njDmXTV45OEC 6FL2/yETt6sUk9snXyKyTWtTzKN++gXNadtPs+/LaJPwVHh0AHyzhQ==M0AA -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-May-28 23:33 UTC
Re: [Puppet Users] accessing client certname in manifests?
On Fri, May 28, 2010 at 4:19 PM, James Turnbull <james@lovedthanlost.net>wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nigel Kersten wrote: > > I mentioned we had a custom fact for the client certname in IRC the > > other day and someone poked fun at me as it''s apparently built in. > > > > For the life of me I can''t work out what variable it is. Anyone know? > > > > (our certnames bear no relationship to any other attribute, fqdn etc) > > It is not built-in - someone has misled you young man. >Anyone see any problems with doing it like this? require ''puppet'' Facter.add("certname") do setcode do Puppet[:config] = "/etc/puppet/puppet.conf" Puppet.parse_config Puppet[:certname] end end> > Regards > > James Turnbull > > - -- > Author of: > * Pro Linux Systems Administration > (http://www.amazon.com/gp/product/1430219122/) > * Pulling Strings with Puppet > (http://www.amazon.com/gp/product/1590599780/) > * Pro Nagios 2.0 > (http://www.amazon.com/gp/product/1590596099/) > * Hardening Linux > (http://www.amazon.com/gp/product/1590594444/) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBTABPZiFa/lDkFHAyAQLkywgAl1tn3QraNmZLn3Tsdt1Ymt7gOuVoISzX > bz1BxW+QDWGVZZFw0hYZ8ob1kgiCgdkrZkLtjIzQbzJNR2yNY0PURqUvpGNpfoVi > wB2O2JmtNu3v1mFovvHrSTtcruQ53VBpOaL2wdKcoPX+IF/sZbeQic1RTLS2S0YZ > fa/iRRABidN7g5BSIiK5xPmRBbTuG25BngWs242p/vFeIbHOn57ix3dBVKZpZHnO > DT0mt8uCYz2pEEVHVVDXwf4GL43jbATGRCgWuXKt0WATvwg06a8/njDmXTV45OEC > 6FL2/yETt6sUk9snXyKyTWtTzKN++gXNadtPs+/LaJPwVHh0AHyzhQ=> =M0AA > -----END PGP SIGNATURE----- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Matt Juszczak
2010-May-29 03:19 UTC
[Puppet Users] Puppet Package Management - how far do you go?
I have a "basenode" class which installs most of the packages needed on a specific server. For the database servers, we ensure mysql is installed, setup the directory structure, etc. But what about "one off" servers? For instance, I have a tools server, that sort of runs random one-off tools in production. Today, I had to install a bunch of python libraries on it to make something in my home directory work that I was trying to get working. Would you guys have installed those packages manually, knowing that you won''t ever really have to launch another server exactly like it, or would you have added those packages to puppet so that they would be installed should the box ever need to be re-configured from scratch? How far would you go to keep puppet and your system 100% in sync? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Ohad Levy
2010-May-29 03:25 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
from my experience, if you have the time to automate it - go ahead, most likely if you wont, it will come to bite you in the a*s later on :) Ohad On Sat, May 29, 2010 at 11:19 AM, Matt Juszczak <matt@atopia.net> wrote:> I have a "basenode" class which installs most of the packages needed on a > specific server. For the database servers, we ensure mysql is installed, > setup the directory structure, etc. > > But what about "one off" servers? For instance, I have a tools server, > that sort of runs random one-off tools in production. Today, I had to > install a bunch of python libraries on it to make something in my home > directory work that I was trying to get working. > > Would you guys have installed those packages manually, knowing that you > won''t ever really have to launch another server exactly like it, or would > you have added those packages to puppet so that they would be installed > should the box ever need to be re-configured from scratch? How far would > you go to keep puppet and your system 100% in sync? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2010-May-29 03:53 UTC
Re: [Puppet Users] accessing client certname in manifests?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kersten wrote:> >> Anyone see any problems with doing it like this? > >> require ''puppet'' > >> Facter.add("certname") do >> setcode do > Puppet[:config] = "/etc/puppet/puppet.conf" > Puppet.parse_config > Puppet[:certname] >> end >> end >Nope... Ours is: Facter.add("certname") do path = ''/usr/bin/puppet'' setcode do %x{#{path} --configprint certname}.chomp if File.exists?(path) end end Which is kind of ugly in parts and I''ve been meaning to rewrite it... :) James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTACPtSFa/lDkFHAyAQKsqAf8DNBlnJU1F8YXXqPYqMhZ81mMAko4w1zs htu4ATkZYGoLmFlaLd16mX34gHkpfjzaKViexwgDuZMtPhuU4QeN5P+jJ+OfzZHD lYTDocv0B+DGgr9wchBfudYDKmdBeIbTb9TvdwArYNycPHLyVX2ow9SXVKh04WZL NNhNVza41W60w2ZKFv0NV3b0IhO+nnt652BvtDz1ztXi06b+jnY2kxCmwjrtuMGj 6Ao6d8j7bNj+B/RZQujbrjhObD/DxK0zqc8JloO02ym+ZqD1r+g4qHzr2sk5KcZD XlLE7bhzHVgxFrOWtXNMUJ+u7gOoFnZJ5Pp2Go7DGGDFWXdvRUt5bw==08y1 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-May-29 03:58 UTC
Re: [Puppet Users] accessing client certname in manifests?
On Fri, May 28, 2010 at 8:53 PM, James Turnbull <james@lovedthanlost.net>wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nigel Kersten wrote: > > > >> Anyone see any problems with doing it like this? > > > >> require ''puppet'' > > > >> Facter.add("certname") do > >> setcode do > > Puppet[:config] = "/etc/puppet/puppet.conf" > > Puppet.parse_config > > Puppet[:certname] > >> end > >> end > > > > Nope... > > Ours is: > > Facter.add("certname") do > path = ''/usr/bin/puppet'' > setcode do > %x{#{path} --configprint certname}.chomp if File.exists?(path) > end > end > > Which is kind of ugly in parts and I''ve been meaning to rewrite it... :) >Heh. That''s kind of what we were doing, but it hit me it was a little silly given we''re running inside Puppet already.> > James > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBTACPtSFa/lDkFHAyAQKsqAf8DNBlnJU1F8YXXqPYqMhZ81mMAko4w1zs > htu4ATkZYGoLmFlaLd16mX34gHkpfjzaKViexwgDuZMtPhuU4QeN5P+jJ+OfzZHD > lYTDocv0B+DGgr9wchBfudYDKmdBeIbTb9TvdwArYNycPHLyVX2ow9SXVKh04WZL > NNhNVza41W60w2ZKFv0NV3b0IhO+nnt652BvtDz1ztXi06b+jnY2kxCmwjrtuMGj > 6Ao6d8j7bNj+B/RZQujbrjhObD/DxK0zqc8JloO02ym+ZqD1r+g4qHzr2sk5KcZD > XlLE7bhzHVgxFrOWtXNMUJ+u7gOoFnZJ5Pp2Go7DGGDFWXdvRUt5bw=> =08y1 > -----END PGP SIGNATURE----- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Carl.caum
2010-May-29 04:05 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
Personally I like to increase my chances of getting to the bar early. If you know you''re going to want to build the box again, automate it. If you need to ensure the box looks a certain way, automate it. If it takes the same amount of time to automate it as it does to not automate it, automate it. If it takes a little extra time to automate it but maybe someday somewhere you might want to do it again, automate it. So really, only don''t bother if automating means without a doubt it will cost you time, now or in the future, for one extra beer. On May 28, 2010, at 10:19 PM, Matt Juszczak <matt@atopia.net> wrote:> I have a "basenode" class which installs most of the packages needed > on a specific server. For the database servers, we ensure mysql is > installed, setup the directory structure, etc. > > But what about "one off" servers? For instance, I have a tools > server, that sort of runs random one-off tools in production. > Today, I had to install a bunch of python libraries on it to make > something in my home directory work that I was trying to get working. > > Would you guys have installed those packages manually, knowing that > you won''t ever really have to launch another server exactly like it, > or would you have added those packages to puppet so that they would > be installed should the box ever need to be re-configured from > scratch? How far would you go to keep puppet and your system 100% > in sync? > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com > . > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en > . >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Matt Juszczak
2010-May-29 04:15 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
Well, these servers are cloud servers, so nightly snapshots are taken. And it really is a one off box. If I need to duplicate it, I just spin up another image anyway. -----Original Message----- From: "Carl.caum" <carl.caum@gmail.com> Date: Fri, 28 May 2010 23:05:30 To: puppet-users@googlegroups.com<puppet-users@googlegroups.com> Subject: Re: [Puppet Users] Puppet Package Management - how far do you go? Personally I like to increase my chances of getting to the bar early. If you know you''re going to want to build the box again, automate it. If you need to ensure the box looks a certain way, automate it. If it takes the same amount of time to automate it as it does to not automate it, automate it. If it takes a little extra time to automate it but maybe someday somewhere you might want to do it again, automate it. So really, only don''t bother if automating means without a doubt it will cost you time, now or in the future, for one extra beer. On May 28, 2010, at 10:19 PM, Matt Juszczak <matt@atopia.net> wrote:> I have a "basenode" class which installs most of the packages needed > on a specific server. For the database servers, we ensure mysql is > installed, setup the directory structure, etc. > > But what about "one off" servers? For instance, I have a tools > server, that sort of runs random one-off tools in production. > Today, I had to install a bunch of python libraries on it to make > something in my home directory work that I was trying to get working. > > Would you guys have installed those packages manually, knowing that > you won''t ever really have to launch another server exactly like it, > or would you have added those packages to puppet so that they would > be installed should the box ever need to be re-configured from > scratch? How far would you go to keep puppet and your system 100% > in sync? > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com > . > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en > . >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2010-May-29 07:06 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
Matt Juszczak <matt@atopia.net> writes:> I have a "basenode" class which installs most of the packages needed on a > specific server. For the database servers, we ensure mysql is installed, > setup the directory structure, etc. > > But what about "one off" servers?There is no such thing.[1]> For instance, I have a tools server, that sort of runs random one-off tools > in production.Just you wait: one day it will turn out you have to handle "medical in confidence" data, and you need some one-off tools dealing with some of it, and your auditors will insist that it can''t be on the same machine as anything else without the other tools also being audited and secured... No such thing as one off. Just "only one of ''em right now". Then you buy another data center. ;) [...]> Would you guys have installed those packages manually, knowing that you > won''t ever really have to launch another server exactly like it, or would > you have added those packages to puppet so that they would be installed > should the box ever need to be re-configured from scratch?From long experience, you should store *everything* you write in version control, build using the OS packaging tools, and deploy them through the CMS. Done right this should only slow you down a tiny bit getting a random script out, and it will sure speed you when it turns out this was the project that needs it.> How far would you go to keep puppet and your system 100% in sync?Well, three minutes writing and committing "install this Python stuff" in my puppet manifests doesn''t seem to bad to me, especially since the odds that it costs you anything much to /keep/ it installed on the "random tools" server are pretty slim. That said: as far as is cost-effective. Some jobs, like partitioning disks and building file systems, don''t live in puppet because they are better handled by people, or by other tools. Daniel I can''t give you anything but a rule of thumb about which jobs fit into which bucket, though. Which, without my thumb, probably isn''t too much help :) Footnotes: [1] This is not strictly true: some servers declared to be "one off" are really one-off servers. Some turn out to be required long beyond their predicted life, or to be duplicated, or whatever. I never mastered the trick of predicting which is which. :) -- ✣ Daniel Pittman ✉ daniel@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-May-29 14:16 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
On Fri, May 28, 2010 at 8:19 PM, Matt Juszczak <matt@atopia.net> wrote:> I have a "basenode" class which installs most of the packages needed on a > specific server. For the database servers, we ensure mysql is installed, > setup the directory structure, etc. > > But what about "one off" servers? For instance, I have a tools server, > that sort of runs random one-off tools in production. Today, I had to > install a bunch of python libraries on it to make something in my home > directory work that I was trying to get working.> Would you guys have installed those packages manually, knowing that you > won''t ever really have to launch another server exactly like it,Ah, but it doesn''t only matter if you have to build *another* server exactly like it, it matters because you should be able to *rebuild* the same box in case of disaster at any time :) or would you have added those packages to puppet so that they would be> installed should the box ever need to be re-configured from scratch? How > far would you go to keep puppet and your system 100% in sync? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rohan McGovern
2010-May-31 01:04 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
On Saturday 29 May 2010, ext Matt Juszczak wrote:> I have a "basenode" class which installs most of the packages > needed on a specific server. For the database servers, we ensure > mysql is installed, setup the directory structure, etc. > > But what about "one off" servers? For instance, I have a tools > server, that sort of runs random one-off tools in production. > Today, I had to install a bunch of python libraries on it to make > something in my home directory work that I was trying to get > working. > > Would you guys have installed those packages manually, knowing > that you won''t ever really have to launch another server exactly > like it, or would you have added those packages to puppet so that > they would be installed should the box ever need to be > re-configured from scratch? How far would you go to keep puppet > and your system 100% in sync?I haven''t been putting "one-off servers" into puppet. For example, my puppet server itself isn''t managed by puppet. I already regret this (a small amount) for this reason: if I''d used puppet then the setup of the server(s) would implicitly be documented. As it is, I either have to spend additional time documenting the setup of these servers (and that documentation could become out of date), or I have to be the only person who knows how the servers are set up. -- Rohan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Greg Maples
2010-May-31 01:54 UTC
Re: [Puppet Users] Puppet Package Management - how far do you go?
To each their own, of course but between having a set of puppet scripts and checking everything into svn/cvs, the puppet work functions as documentation for later. I''ve been caught more than once coming back to a system after a year or so trying urgently to remember its specifics. On Sun, May 30, 2010 at 6:04 PM, Rohan McGovern <rohan.mcgovern@nokia.com> wrote:> On Saturday 29 May 2010, ext Matt Juszczak wrote: >> I have a "basenode" class which installs most of the packages >> needed on a specific server. For the database servers, we ensure >> mysql is installed, setup the directory structure, etc. >> >> But what about "one off" servers? For instance, I have a tools >> server, that sort of runs random one-off tools in production. >> Today, I had to install a bunch of python libraries on it to make >> something in my home directory work that I was trying to get >> working. >> >> Would you guys have installed those packages manually, knowing >> that you won''t ever really have to launch another server exactly >> like it, or would you have added those packages to puppet so that >> they would be installed should the box ever need to be >> re-configured from scratch? How far would you go to keep puppet >> and your system 100% in sync? > > I haven''t been putting "one-off servers" into puppet. For example, > my puppet server itself isn''t managed by puppet. > > I already regret this (a small amount) for this reason: if I''d used > puppet then the setup of the server(s) would implicitly be > documented. As it is, I either have to spend additional time > documenting the setup of these servers (and that documentation > could become out of date), or I have to be the only person who > knows how the servers are set up. > > -- > Rohan > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
John Warburton
2010-Jun-01 04:09 UTC
Re: [Puppet Users] accessing client certname in manifests?
On 29 May 2010 09:33, Nigel Kersten <nigelk@google.com> wrote:> > On Fri, May 28, 2010 at 4:19 PM, James Turnbull <james@lovedthanlost.net>wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Nigel Kersten wrote: >> > I mentioned we had a custom fact for the client certname in IRC the >> > other day and someone poked fun at me as it''s apparently built in. >> > >> > For the life of me I can''t work out what variable it is. Anyone know? >> > >> > (our certnames bear no relationship to any other attribute, fqdn etc) >> >> It is not built-in - someone has misled you young man. >> > > Anyone see any problems with doing it like this? > > > require ''puppet'' > > Facter.add("certname") do > setcode do > Puppet[:config] = "/etc/puppet/puppet.conf" > Puppet.parse_config > Puppet[:certname] > end > end > > This is nice. Can we go the whole hog and provide all configurationoptions as facts? Could have a unique name space of something like CONF_variable --> CONF_certname For now, I''d like to use Nigel''s code to bulk load these options, and it got me thinking that the configuration file location must be known by the client as well. How do I get it? Cheers John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2010-Jun-01 04:17 UTC
Re: [Puppet Users] accessing client certname in manifests?
John Warburton wrote:> > This is nice. Can we go the whole hog and provide all configuration > options as facts? Could have a unique name space of something like > CONF_variable --> CONF_certnameI though I logged a feature request for this a while ago but damned if I can find it now - so feel free to log one.> For now, I''d like to use Nigel''s code to bulk load these options, and it > got me thinking that the configuration file location must be known by > the client as well. How do I get it?It''s much like Nigel''s code and has some hard-coded options. If you know where it is on your hosts you can use Nigel''s code and iterate over the options and output them as facts pretty easily. Regards James Turnbull -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
John Warburton
2010-Jun-01 04:32 UTC
Re: [Puppet Users] accessing client certname in manifests?
On 1 June 2010 14:17, James Turnbull <james@puppetlabs.com> wrote:> John Warburton wrote: > > > > This is nice. Can we go the whole hog and provide all configuration > > options as facts? Could have a unique name space of something like > > CONF_variable --> CONF_certname > > I though I logged a feature request for this a while ago but damned if I > can find it now - so feel free to log one. > > I''ve updated http://projects.puppetlabs.com/issues/3021 to expand itsscope. If a new request is needed, I''ll do that John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-Jun-01 14:18 UTC
Re: [Puppet Users] accessing client certname in manifests?
On Mon, May 31, 2010 at 9:17 PM, James Turnbull <james@puppetlabs.com>wrote:> John Warburton wrote: > > > > This is nice. Can we go the whole hog and provide all configuration > > options as facts? Could have a unique name space of something like > > CONF_variable --> CONF_certname > > I though I logged a feature request for this a while ago but damned if I > can find it now - so feel free to log one. > > > For now, I''d like to use Nigel''s code to bulk load these options, and it > > got me thinking that the configuration file location must be known by > > the client as well. How do I get it? > > It''s much like Nigel''s code and has some hard-coded options. If you > know where it is on your hosts you can use Nigel''s code and iterate over > the options and output them as facts pretty easily. >The *only* reason I''m hard-coding the config file is so that when non-root users run ''facter'' they get the same results. Otherwise I wouldn''t bother.> > Regards > > James Turnbull > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2010-Jun-04 20:52 UTC
Re: [Puppet Users] accessing client certname in manifests?
On Fri, May 28, 2010 at 4:33 PM, Nigel Kersten <nigelk@google.com> wrote:> > > On Fri, May 28, 2010 at 4:19 PM, James Turnbull <james@lovedthanlost.net>wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Nigel Kersten wrote: >> > I mentioned we had a custom fact for the client certname in IRC the >> > other day and someone poked fun at me as it''s apparently built in. >> > >> > For the life of me I can''t work out what variable it is. Anyone know? >> > >> > (our certnames bear no relationship to any other attribute, fqdn etc) >> >> It is not built-in - someone has misled you young man. >> > > Anyone see any problems with doing it like this? > > require ''puppet'' > > Facter.add("certname") do > setcode do > Puppet[:config] = "/etc/puppet/puppet.conf" > Puppet.parse_config > Puppet[:certname] > end > end > > Doing this will break local ''puppet'' runs for us at least.Remove the Puppet.parse_config line.....> > > > >> >> Regards >> >> James Turnbull >> >> - -- >> Author of: >> * Pro Linux Systems Administration >> (http://www.amazon.com/gp/product/1430219122/) >> * Pulling Strings with Puppet >> (http://www.amazon.com/gp/product/1590599780/) >> * Pro Nagios 2.0 >> (http://www.amazon.com/gp/product/1590596099/) >> * Hardening Linux >> (http://www.amazon.com/gp/product/1590594444/) >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (Darwin) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iQEVAwUBTABPZiFa/lDkFHAyAQLkywgAl1tn3QraNmZLn3Tsdt1Ymt7gOuVoISzX >> bz1BxW+QDWGVZZFw0hYZ8ob1kgiCgdkrZkLtjIzQbzJNR2yNY0PURqUvpGNpfoVi >> wB2O2JmtNu3v1mFovvHrSTtcruQ53VBpOaL2wdKcoPX+IF/sZbeQic1RTLS2S0YZ >> fa/iRRABidN7g5BSIiK5xPmRBbTuG25BngWs242p/vFeIbHOn57ix3dBVKZpZHnO >> DT0mt8uCYz2pEEVHVVDXwf4GL43jbATGRCgWuXKt0WATvwg06a8/njDmXTV45OEC >> 6FL2/yETt6sUk9snXyKyTWtTzKN++gXNadtPs+/LaJPwVHh0AHyzhQ=>> =M0AA >> -----END PGP SIGNATURE----- >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > > -- > nigel >-- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.