Puppet users - Aug 2010 - Is it possible to use hierarchic LDAP entries for puppet clients and parentnodes?

Hi all,
i want to create a network and customer parentnodes to store network
and/or customer specific attributes only at one place.

Therefore i created following puppet client an parentnodes within
LDAP:

Network specific parentnode:
  dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: DUAConfigProfile
  objectClass: puppetClient
  objectClass: TSYSConfigProfile
  defaultServerList: 192.168.100.101
  defaultSearchBase: dc=zz,dc=example,dc=com
  authenticationMethod: simple
  followReferrals: TRUE
  defaultSearchScope: sub
  searchTimeLimit: 30
  profileTTL: 43200
  credentialLevel: proxy
  bindTimeLimit: 10
  HostEntry: 100.101.110.111:first.entry.from.zz.profile
  HostEntry: 200.202.220.222:second.entry.from.zz.profile
  cn: 192_168_100_0

Customer specific parentnode:
  dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  description: Puppet Base Node ZZ
  puppetclass: base3
  cn: zzbasenode
  parentnode: 192_168_100_0

and the Client:
  dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  objectClass: TSYSjumpsta
  objectClass: ieee802Device
  objectClass: iphost
  description: Puppet Client 2
  ipHostNumber: 192.168.100.111
  cn: puppetc2
  parentnode: zzbasenode
  puppetclass: base1
  HostEntry: 1.2.3.4:first.entry.from.hostconfig
  HostEntry: 2.3.4.5:second.entry.from.hostconfig

And now, most attributes from LDAP are stored in the client catalog.
But not all...
You can see, that only the HostEntry Attribute from the PuppetClient
"puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes
from the network specific parentnode "192_168_100_0":
var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml
   --- !ruby/object:Puppet::Node
   classes:
   - base1
   - base3
   environment: production
   expiration: 2010-08-23 14:41:45.603264 +02:00
   name: puppetc2.zz.example.com
   parameters:
     :_timestamp: Mon Aug 23 14:11:45 +0200 2010
     kernel: SunOS
     netmask: 255.255.255.0
     cn: puppetc2
     operatingsystemrelease: "5.10"
     fqdn: puppetc2.zz.example.com
     uniqueid: 0c3a86a6
     parentnode: zzbasenode
     is_virtual: "false"
     virtual: zone
     ipaddress: 192.168.100.111
     clientversion: 0.25.4
     defaultServerList: 192.168.100.101
     defaultSearchScope: sub
     kernelrelease: "5.10"
     rubysitedir: /opt/puppet/ruby/lib/ruby/site_ruby/1.8
     ps: ps -ef
     hardwaremodel: i86pc
     netmask_e1000g1_3: 255.255.255.0
     HostEntry:
     - 1.2.3.4:first.entry.from.hostconfig
     - 2.3.4.5:second.entry.from.hostconfig
     domain: zz.example.com
     netmask_lo0_3: 255.0.0.0
     defaultSearchBase: dc=zz,dc=example,dc=com
     timezone: CEST
     id: root
     authenticationMethod: simple
     objectClass:
     - top
     - device
     - puppetClient
     - TSYSjumpstart
     - ieee802Device
     - iphost
     hardwareisa: i386
     interfaces: lo0_3,e1000g1_3
     searchTimeLimit: "30"
     puppetclass: base1
     ipHostNumber: 192.168.100.111
     kernelversion: Generic_141445-09
     ipaddress_e1000g1_3: 192.168.100.111
     path: /usr/sbin:/usr/bin:/usr/sfw/bin:/opt/puppet/ruby/bin:/sbin
     profileTTL: "43200"
     uptime: 51 min
     ipaddress_lo0_3: 127.0.0.1
     network_e1000g1_3: 192.168.100.0
     hostname: puppetc2
     puppetversion: 0.25.4
     environment: production
     credentialLevel: proxy
     bindTimeLimit: "10"
     description: Puppet Client 2
     network_lo0_3: 127.0.0.0
     sshrsakey: AAAB3...h2OWo+yi8     kernelmajversion: Generic_141445-09
     facterversion: 1.5.7
     operatingsystem: Solaris
     followReferrals: "TRUE"
     rubyversion: 1.8.7
     sshdsakey: AAAAB3NzaC1kc3MAAACBA...JCNw=     dn:
cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com
   time: 2010-08-23 14:11:45.601912 +02:00

But i want to put any "HostEntry" attribute into the catalog of
puppetc2.zz.example.com

Does anybody has an idea?

regads
puppetplayer

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I don''t know the answer to your question, but as an alternative, I
believe you can specify more than one parentnode, so the node''s entry
could contain

    parentnode: 192_168_100_0
    parentnode: zzbasenode

to inherit things from both.

-- 
Rob McBroom
<http://www.skurfer.com/>

The magnitude of a problem does not affect its ownership.


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

> I don''t know the answer to your question, but as an alternative, I
believe you can specify more than one parentnode, so the node''s entry
could contain
>
>     parentnode: 192_168_100_0
>     parentnode: zzbasenode
>
> to inherit things from both.
Hi,
thnak you for your answer. But that''s not the problem.
I could define
"parentnode: zzbasenode" in puppetc2 and
"parentnode: 192_168_100_0" in zzbasnode
Most entries from puppetc1, zzbasenode and 192_168_100_0 are included
in the puppet catalog file ''puppetc2.zz.example.com.yaml''
Only those entries, that not exist at puppetc2 are included from
zzbasenode.
And only those entries, that are not defined in puppetc2 and
zzbasenode are included from 192_168_100_0.
Thats the problem.
Is is possible to define expansible attributes by parentnodes?

Example:
HostEntry attruibutes are defined in puppetc1:
  HostEntry: 1.2.3.4:first.entry.from.hostconfig
  HostEntry: 2.3.4.5:second.entry.from.hostconfig
and 192_168_100_0:
  HostEntry: 100.101.110.111:first.entry.from.zz.profile
  HostEntry: 200.202.220.222:second.entry.from.zz.profile
but in the catalog file only the HostEntry attrbiutes from puppetc2
are visible.
Other attributes from the network profile are included:
  defaultServerList: 192.168.100.101
  followReferrals: TRUE
  ...
  defaultSearchBase: dc=zz,dc=example,dc=com

Any idea?

regards
puppetplayer

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 24, 2010, at 1:49 AM, puppetplayer wrote:
> Most entries from puppetc1, zzbasenode and 192_168_100_0 are included
> in the puppet catalog file ''puppetc2.zz.example.com.yaml''
> Only those entries, that not exist at puppetc2 are included from
> zzbasenode.
> And only those entries, that are not defined in puppetc2 and
> zzbasenode are included from 192_168_100_0.
> Thats the problem.
Ah, I see. I thought the problem was that attributes from the
"grandparent" node weren''t getting passed down. Instead, it
sounds like you want to combine values from parents rather than letting the
"most local" setting override the others.

This is a design decision (that I had nothing to do with) and I think they way
it works now is best, personally.

You might be better off using classes in your manifests instead of parent nodes
in LDAP. That would give you a bit more control over what happens to inherited
values. I added support for parent nodes to my LDAP setup, but have never once
found a use for it because classes have always gotten the job done.

-- 
Rob McBroom
<http://www.skurfer.com/>

Don''t try to tell me something is important to you if the whole of your
“support” entails getting Congress to force *others* to spend time and money on
it.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,
thanks for your answer.
Yes, most times it is the best way, to get only the "most local"
variable.
But the puppetclass attribute is also collected from the client and
all defined basenodes.
So i think there is a way to define attributes that are combined . Or
not?

regrads
puppetplayer

On 25 Aug., 17:22, Rob McBroom <mailingli...@skurfer.com>
wrote:
> On Aug 24, 2010, at 1:49 AM, puppetplayer wrote:
>
> > Most entries from puppetc1, zzbasenode and 192_168_100_0 are included
> > in the puppet catalog file
''puppetc2.zz.example.com.yaml''
> > Only those entries, that not exist at puppetc2 are included from
> > zzbasenode.
> > And only those entries, that are not defined in puppetc2 and
> > zzbasenode are included from 192_168_100_0.
> > Thats the problem.
>
> Ah, I see. I thought the problem was that attributes from the
"grandparent" node weren''t getting passed down. Instead, it
sounds like you want to combine values from parents rather than letting the
"most local" setting override the others.
>
> This is a design decision (that I had nothing to do with) and I think they
way it works now is best, personally.
>
> You might be better off using classes in your manifests instead of parent
nodes in LDAP. That would give you a bit more control over what happens to
inherited values. I added support for parent nodes to my LDAP setup, but have
never once found a use for it because classes have always gotten the job done.
>
> --
> Rob McBroom
> <http://www.skurfer.com/>
>
> Don''t try to tell me something is important to you if the whole of
your “support” entails getting Congress to force *others* to spend time and
money on it.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 26, 2010, at 3:23 AM, puppetplayer wrote:
> But the puppetclass attribute is also collected from the client and
> all defined basenodes.
> So i think there is a way to define attributes that are combined . Or
> not?
I''m not sure what you''re trying to say here. Are you saying
class attributes are combined with those from the parent and not overridden by
the most local values?

In any case, I wasn''t suggesting that class attributes in LDAP should
work any differently, but classes in the manifests do.

So don''t use parent nodes at all, just classes. Then the classes will
all be combined, or if you want, they can inherit from other classes. When
inheriting from a class, I know you can override a value, but I imagine
there''s also a way to preserve that value and add to it (which sounds
like what you''re after).

Although if each class was responsible for a list of "HostEntry"
values, I would think simply calling those classes in sequence would do the
trick and you could forget about inheritance.

-- 
Rob McBroom
<http://www.skurfer.com/>


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-----Original Message-----
From: puppetplayer
Sent:  23/08/2010, 14:37 
To: Puppet Users
Subject: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet
clients and parentnodes?


Hi all,
i want to create a network and customer parentnodes to store network
and/or customer specific attributes only at one place.

Therefore i created following puppet client an parentnodes within
LDAP:

Network specific parentnode:
  dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: DUAConfigProfile
  objectClass: puppetClient
  objectClass: TSYSConfigProfile
  defaultServerList: 192.168.100.101
  defaultSearchBase: dc=zz,dc=example,dc=com
  authenticationMethod: simple
  followReferrals: TRUE
  defaultSearchScope: sub
  searchTimeLimit: 30
  profileTTL: 43200
  credentialLevel: proxy
  bindTimeLimit: 10
  HostEntry: 100.101.110.111:first.entry.from.zz.profile
  HostEntry: 200.202.220.222:second.entry.from.zz.profile
  cn: 192_168_100_0

Customer specific parentnode:
  dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  description: Puppet Base Node ZZ
  puppetclass: base3
  cn: zzbasenode
  parentnode: 192_168_100_0

and the Client:
  dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  objectClass: TSYSjumpsta
  objectClass: ieee802Device
  objectClass: iphost
  description: Puppet Client 2
  ipHostNumber: 192.168.100.111
  cn: puppetc2
  parentnode: zzbasenode
  puppetclass: base1
  HostEntry: 1.2.3.4:first.entry.from.hostconfig
  HostEntry: 2.3.4.5:second.entry.from.hostconfig

And now, most attributes from LDAP are stored in the client catalog.
But not all...
You can see, that only the HostEntry Attribute from the PuppetClient
"puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes
from the network specific parentnode "192_168_100_0":
var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml
   --- !ruby/object:Puppet::Node
   classes:
   - base1
   - base3
   environment: production
   expiration: 20
E-mail troncato a 2,000 caratteri
:::0:99e27beaa3e6afbe439312c752f74fbc:7d0::::
Il messaggio originale si trova sul server

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-----Original Message-----
From: puppetplayer
Sent:  23/08/2010, 14:37 
To: Puppet Users
Subject: [Puppet Users] Is it possible to use hierarchic LDAP entries for puppet
clients and parentnodes?


Hi all,
i want to create a network and customer parentnodes to store network
and/or customer specific attributes only at one place.

Therefore i created following puppet client an parentnodes within
LDAP:

Network specific parentnode:
  dn: cn=192_168_100_0,ou=profile,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: DUAConfigProfile
  objectClass: puppetClient
  objectClass: TSYSConfigProfile
  defaultServerList: 192.168.100.101
  defaultSearchBase: dc=zz,dc=example,dc=com
  authenticationMethod: simple
  followReferrals: TRUE
  defaultSearchScope: sub
  searchTimeLimit: 30
  profileTTL: 43200
  credentialLevel: proxy
  bindTimeLimit: 10
  HostEntry: 100.101.110.111:first.entry.from.zz.profile
  HostEntry: 200.202.220.222:second.entry.from.zz.profile
  cn: 192_168_100_0

Customer specific parentnode:
  dn: cn=zzbasenode,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  description: Puppet Base Node ZZ
  puppetclass: base3
  cn: zzbasenode
  parentnode: 192_168_100_0

and the Client:
  dn: cn=puppetc2,ou=HostConfig,dc=zz,dc=example,dc=com
  objectClass: top
  objectClass: device
  objectClass: puppetClient
  objectClass: TSYSjumpsta
  objectClass: ieee802Device
  objectClass: iphost
  description: Puppet Client 2
  ipHostNumber: 192.168.100.111
  cn: puppetc2
  parentnode: zzbasenode
  puppetclass: base1
  HostEntry: 1.2.3.4:first.entry.from.hostconfig
  HostEntry: 2.3.4.5:second.entry.from.hostconfig

And now, most attributes from LDAP are stored in the client catalog.
But not all...
You can see, that only the HostEntry Attribute from the PuppetClient
"puppetc2" is stored in the yaml file, an not the HostEntry attrbiutes
from the network specific parentnode "192_168_100_0":
var/puppet/yaml/node$ cat puppetc2.zz.example.com.yaml
   --- !ruby/object:Puppet::Node
   classes:
   - base1
   - base3
   environment: production
   expiration: 20
E-mail troncato a 2,000 caratteri
:::0:99e27beaa3e6afbe439312c752f74fbc:7d0::::
Il messaggio originale si trova sul server

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.