puppetplayer
2010-Aug-23 12:37 UTC
[Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
Hi all, i want to create a network and customer parentnodes to store network and/or customer specific attributes only at one place. Therefore i created following puppet client an parentnodes within LDAP: Network specific parentnode: dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com objectClass: top objectClass: DUAConfigProfile objectClass: puppetClient objectClass: TSYSConfigProfile defaultServerList: 192.168.100.101 defaultSearchBase: dc=zz,dc=example,dc=com authenticationMethod: simple followReferrals: TRUE defaultSearchScope: sub searchTimeLimit: 30 profileTTL: 43200 credentialLevel: proxy bindTimeLimit: 10 HostEntry: 100.101.110.111:first.entry.from.zz.profile HostEntry: 200.202.220.222:second.entry.from.zz.profile cn: 192_168_100_0 Customer specific parentnode: dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient description: Puppet Base Node ZZ puppetclass: base3 cn: zzbasenode parentnode: 192_168_100_0 and the Client: dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient objectClass: TSYSjumpsta objectClass: ieee802Device objectClass: iphost description: Puppet Client 2 ipHostNumber: 192.168.100.111 cn: puppetc2 parentnode: zzbasenode puppetclass: base1 HostEntry: 1.2.3.4:first.entry.from.hostconfig HostEntry: 2.3.4.5:second.entry.from.hostconfig And now, most attributes from LDAP are stored in the client catalog. But not all... You can see, that only the HostEntry Attribute from the PuppetClient "puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes from the network specific parentnode "192_168_100_0": var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml --- !ruby/object:Puppet::Node classes: - base1 - base3 environment: production expiration: 2010-08-23 14:41:45.603264 +02:00 name: puppetc2.zz.example.com parameters: :_timestamp: Mon Aug 23 14:11:45 +0200 2010 kernel: SunOS netmask: 255.255.255.0 cn: puppetc2 operatingsystemrelease: "5.10" fqdn: puppetc2.zz.example.com uniqueid: 0c3a86a6 parentnode: zzbasenode is_virtual: "false" virtual: zone ipaddress: 192.168.100.111 clientversion: 0.25.4 defaultServerList: 192.168.100.101 defaultSearchScope: sub kernelrelease: "5.10" rubysitedir: /opt/puppet/ruby/lib/ruby/site_ruby/1.8 ps: ps -ef hardwaremodel: i86pc netmask_e1000g1_3: 255.255.255.0 HostEntry: - 1.2.3.4:first.entry.from.hostconfig - 2.3.4.5:second.entry.from.hostconfig domain: zz.example.com netmask_lo0_3: 255.0.0.0 defaultSearchBase: dc=zz,dc=example,dc=com timezone: CEST id: root authenticationMethod: simple objectClass: - top - device - puppetClient - TSYSjumpstart - ieee802Device - iphost hardwareisa: i386 interfaces: lo0_3,e1000g1_3 searchTimeLimit: "30" puppetclass: base1 ipHostNumber: 192.168.100.111 kernelversion: Generic_141445-09 ipaddress_e1000g1_3: 192.168.100.111 path: /usr/sbin:/usr/bin:/usr/sfw/bin:/opt/puppet/ruby/bin:/sbin profileTTL: "43200" uptime: 51 min ipaddress_lo0_3: 127.0.0.1 network_e1000g1_3: 192.168.100.0 hostname: puppetc2 puppetversion: 0.25.4 environment: production credentialLevel: proxy bindTimeLimit: "10" description: Puppet Client 2 network_lo0_3: 127.0.0.0 sshrsakey: AAAB3...h2OWo+yi8 kernelmajversion: Generic_141445-09 facterversion: 1.5.7 operatingsystem: Solaris followReferrals: "TRUE" rubyversion: 1.8.7 sshdsakey: AAAAB3NzaC1kc3MAAACBA...JCNw= dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com time: 2010-08-23 14:11:45.601912 +02:00 But i want to put any "HostEntry" attribute into the catalog of puppetc2.zz.example.com Does anybody has an idea? regads puppetplayer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rob McBroom
2010-Aug-23 18:05 UTC
Re: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
I don''t know the answer to your question, but as an alternative, I believe you can specify more than one parentnode, so the node''s entry could contain parentnode: 192_168_100_0 parentnode: zzbasenode to inherit things from both. -- Rob McBroom <http://www.skurfer.com/> The magnitude of a problem does not affect its ownership. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
puppetplayer
2010-Aug-24 05:49 UTC
[Puppet Users] Re: Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
> I don''t know the answer to your question, but as an alternative, I believe you can specify more than one parentnode, so the node''s entry could contain > > parentnode: 192_168_100_0 > parentnode: zzbasenode > > to inherit things from both.Hi, thnak you for your answer. But that''s not the problem. I could define "parentnode: zzbasenode" in puppetc2 and "parentnode: 192_168_100_0" in zzbasnode Most entries from puppetc1, zzbasenode and 192_168_100_0 are included in the puppet catalog file ''puppetc2.zz.example.com.yaml'' Only those entries, that not exist at puppetc2 are included from zzbasenode. And only those entries, that are not defined in puppetc2 and zzbasenode are included from 192_168_100_0. Thats the problem. Is is possible to define expansible attributes by parentnodes? Example: HostEntry attruibutes are defined in puppetc1: HostEntry: 1.2.3.4:first.entry.from.hostconfig HostEntry: 2.3.4.5:second.entry.from.hostconfig and 192_168_100_0: HostEntry: 100.101.110.111:first.entry.from.zz.profile HostEntry: 200.202.220.222:second.entry.from.zz.profile but in the catalog file only the HostEntry attrbiutes from puppetc2 are visible. Other attributes from the network profile are included: defaultServerList: 192.168.100.101 followReferrals: TRUE ... defaultSearchBase: dc=zz,dc=example,dc=com Any idea? regards puppetplayer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rob McBroom
2010-Aug-25 15:22 UTC
Re: [Puppet Users] Re: Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
On Aug 24, 2010, at 1:49 AM, puppetplayer wrote:> Most entries from puppetc1, zzbasenode and 192_168_100_0 are included > in the puppet catalog file ''puppetc2.zz.example.com.yaml'' > Only those entries, that not exist at puppetc2 are included from > zzbasenode. > And only those entries, that are not defined in puppetc2 and > zzbasenode are included from 192_168_100_0. > Thats the problem.Ah, I see. I thought the problem was that attributes from the "grandparent" node weren''t getting passed down. Instead, it sounds like you want to combine values from parents rather than letting the "most local" setting override the others. This is a design decision (that I had nothing to do with) and I think they way it works now is best, personally. You might be better off using classes in your manifests instead of parent nodes in LDAP. That would give you a bit more control over what happens to inherited values. I added support for parent nodes to my LDAP setup, but have never once found a use for it because classes have always gotten the job done. -- Rob McBroom <http://www.skurfer.com/> Don''t try to tell me something is important to you if the whole of your “support” entails getting Congress to force *others* to spend time and money on it. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
puppetplayer
2010-Aug-26 07:23 UTC
[Puppet Users] Re: Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
Hi, thanks for your answer. Yes, most times it is the best way, to get only the "most local" variable. But the puppetclass attribute is also collected from the client and all defined basenodes. So i think there is a way to define attributes that are combined . Or not? regrads puppetplayer On 25 Aug., 17:22, Rob McBroom <mailingli...@skurfer.com> wrote:> On Aug 24, 2010, at 1:49 AM, puppetplayer wrote: > > > Most entries from puppetc1, zzbasenode and 192_168_100_0 are included > > in the puppet catalog file ''puppetc2.zz.example.com.yaml'' > > Only those entries, that not exist at puppetc2 are included from > > zzbasenode. > > And only those entries, that are not defined in puppetc2 and > > zzbasenode are included from 192_168_100_0. > > Thats the problem. > > Ah, I see. I thought the problem was that attributes from the "grandparent" node weren''t getting passed down. Instead, it sounds like you want to combine values from parents rather than letting the "most local" setting override the others. > > This is a design decision (that I had nothing to do with) and I think they way it works now is best, personally. > > You might be better off using classes in your manifests instead of parent nodes in LDAP. That would give you a bit more control over what happens to inherited values. I added support for parent nodes to my LDAP setup, but have never once found a use for it because classes have always gotten the job done. > > -- > Rob McBroom > <http://www.skurfer.com/> > > Don''t try to tell me something is important to you if the whole of your “support” entails getting Congress to force *others* to spend time and money on it.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rob McBroom
2010-Aug-26 18:58 UTC
Re: [Puppet Users] Re: Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
On Aug 26, 2010, at 3:23 AM, puppetplayer wrote:> But the puppetclass attribute is also collected from the client and > all defined basenodes. > So i think there is a way to define attributes that are combined . Or > not?I''m not sure what you''re trying to say here. Are you saying class attributes are combined with those from the parent and not overridden by the most local values? In any case, I wasn''t suggesting that class attributes in LDAP should work any differently, but classes in the manifests do. So don''t use parent nodes at all, just classes. Then the classes will all be combined, or if you want, they can inherit from other classes. When inheriting from a class, I know you can override a value, but I imagine there''s also a way to preserve that value and add to it (which sounds like what you''re after). Although if each class was responsible for a list of "HostEntry" values, I would think simply calling those classes in sequence would do the trick and you could forget about inheritance. -- Rob McBroom <http://www.skurfer.com/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
pinto.elia@gmail.com
2010-Aug-31 18:01 UTC
RE: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
-----Original Message----- From: puppetplayer Sent: 23/08/2010, 14:37 To: Puppet Users Subject: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes? Hi all, i want to create a network and customer parentnodes to store network and/or customer specific attributes only at one place. Therefore i created following puppet client an parentnodes within LDAP: Network specific parentnode: dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com objectClass: top objectClass: DUAConfigProfile objectClass: puppetClient objectClass: TSYSConfigProfile defaultServerList: 192.168.100.101 defaultSearchBase: dc=zz,dc=example,dc=com authenticationMethod: simple followReferrals: TRUE defaultSearchScope: sub searchTimeLimit: 30 profileTTL: 43200 credentialLevel: proxy bindTimeLimit: 10 HostEntry: 100.101.110.111:first.entry.from.zz.profile HostEntry: 200.202.220.222:second.entry.from.zz.profile cn: 192_168_100_0 Customer specific parentnode: dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient description: Puppet Base Node ZZ puppetclass: base3 cn: zzbasenode parentnode: 192_168_100_0 and the Client: dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient objectClass: TSYSjumpsta objectClass: ieee802Device objectClass: iphost description: Puppet Client 2 ipHostNumber: 192.168.100.111 cn: puppetc2 parentnode: zzbasenode puppetclass: base1 HostEntry: 1.2.3.4:first.entry.from.hostconfig HostEntry: 2.3.4.5:second.entry.from.hostconfig And now, most attributes from LDAP are stored in the client catalog. But not all... You can see, that only the HostEntry Attribute from the PuppetClient "puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes from the network specific parentnode "192_168_100_0": var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml --- !ruby/object:Puppet::Node classes: - base1 - base3 environment: production expiration: 20 E-mail troncato a 2,000 caratteri :::0:99e27beaa3e6afbe439312c752f74fbc:7d0:::: Il messaggio originale si trova sul server -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
pinto.elia@gmail.com
2010-Aug-31 18:01 UTC
RE: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?
-----Original Message----- From: puppetplayer Sent: 23/08/2010, 14:37 To: Puppet Users Subject: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes? Hi all, i want to create a network and customer parentnodes to store network and/or customer specific attributes only at one place. Therefore i created following puppet client an parentnodes within LDAP: Network specific parentnode: dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com objectClass: top objectClass: DUAConfigProfile objectClass: puppetClient objectClass: TSYSConfigProfile defaultServerList: 192.168.100.101 defaultSearchBase: dc=zz,dc=example,dc=com authenticationMethod: simple followReferrals: TRUE defaultSearchScope: sub searchTimeLimit: 30 profileTTL: 43200 credentialLevel: proxy bindTimeLimit: 10 HostEntry: 100.101.110.111:first.entry.from.zz.profile HostEntry: 200.202.220.222:second.entry.from.zz.profile cn: 192_168_100_0 Customer specific parentnode: dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient description: Puppet Base Node ZZ puppetclass: base3 cn: zzbasenode parentnode: 192_168_100_0 and the Client: dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com objectClass: top objectClass: device objectClass: puppetClient objectClass: TSYSjumpsta objectClass: ieee802Device objectClass: iphost description: Puppet Client 2 ipHostNumber: 192.168.100.111 cn: puppetc2 parentnode: zzbasenode puppetclass: base1 HostEntry: 1.2.3.4:first.entry.from.hostconfig HostEntry: 2.3.4.5:second.entry.from.hostconfig And now, most attributes from LDAP are stored in the client catalog. But not all... You can see, that only the HostEntry Attribute from the PuppetClient "puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes from the network specific parentnode "192_168_100_0": var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml --- !ruby/object:Puppet::Node classes: - base1 - base3 environment: production expiration: 20 E-mail troncato a 2,000 caratteri :::0:99e27beaa3e6afbe439312c752f74fbc:7d0:::: Il messaggio originale si trova sul server -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.