Puppet users - Oct 2010 - Checking and setting svc properties in Solaris

Hello folks,
I''ve been looking into how I might check (and possibly set) svc
properties via puppet.
The closest I''ve found, is the provider/service/smf stuff.
However, that seems to only allow enabling and disabling of services.
NOT of configuring properties.

Is there some way I dont know of, how to do that?

If not, and I need to write something... under which module/plugin/
whatever should I attempt to write one?

To give an example of what I want to do:


1. Check if
  `svcprop -p defaults/tcp_wrappers inetd`  == true


2. If NOT.. either complain loudly, or automatically fix it.

It isn''t exactly a service... it''s a configuration, or
property,
associated with a service.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

If you own the manifest already, you can set properties there

Otherwise, you can do what we do and use an exec - not efficient, but it
works

    exec { ''syslog_remote'':
        command => "svccfg -s svc:/system/system-log setprop
config/log_from_remote = $syslog_from_remote \
            || { svccfg -s svc:/system/system-log addpg config application;
svccfg -s svc:/system/system-log setprop config/log_from_remote = boolean:
$syslog_from_remote; }",
        unless  => "svccfg -s svc:/system/system-log listprop
config/log_from_remote 2>&1 | grep \"^config/log_from_remote *
boolean *
$syslog_from_remote\"",
        notify  => Service[''syslogd''],
        path    => ''/usr/sbin:/bin:/usr/bin'',
    }

John

On 7 October 2010 08:21, Philip Brown <phil.googlenews@bolthole.com>
wrote:
> Hello folks,
> I''ve been looking into how I might check (and possibly set) svc
> properties via puppet.
> The closest I''ve found, is the provider/service/smf stuff.
> However, that seems to only allow enabling and disabling of services.
> NOT of configuring properties.
>
> Is there some way I dont know of, how to do that?
>
> If not, and I need to write something... under which module/plugin/
> whatever should I attempt to write one?
>
> To give an example of what I want to do:
>
>
> 1. Check if
>  `svcprop -p defaults/tcp_wrappers inetd`  == true
>
>
> 2. If NOT.. either complain loudly, or automatically fix it.
>
> It isn''t exactly a service... it''s a configuration, or
property,
> associated with a service.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
John Warburton
Ph: 0417 299 600
Email: jwarburton@gmail.com

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Oct 6, 4:53 pm, John Warburton <jwarbur...@gmail.com>
wrote:
> If you own the manifest already, you can set properties there
>
> Otherwise, you can do what we do and use an exec - not efficient, but it
> works
>
Hmm.

Interesting.

Disclaimer: I''m a puppet newbie. So two followup questions:
1. Where does the snippet below belong. Does that go straight into
site.pp?

2. Does it log something if a change was needed?

Does the "notify" bit handle that?

(i also dont understand the bit about owning the manifest. if you are
referring to "manifests/site.pp", then where ELSE do you put it? :-/ )

>     exec { ''syslog_remote'':
>         command => "svccfg -s svc:/system/system-log setprop
> config/log_from_remote = $syslog_from_remote \
>             || { svccfg -s svc:/system/system-log addpg config application;
> svccfg -s svc:/system/system-log setprop config/log_from_remote = boolean:
> $syslog_from_remote; }",
>         unless  => "svccfg -s svc:/system/system-log listprop
> config/log_from_remote 2>&1 | grep \"^config/log_from_remote *
boolean *
> $syslog_from_remote\"",
>         notify  => Service[''syslogd''],
>         path    => ''/usr/sbin:/bin:/usr/bin'',
>     }
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Philip

1. The snippet came from our security module in a "jass" class, which
our
Solaris servers include:
class security {
    case $operatingsystem {
        Solaris: {
            include jass

All our servers include the security module, set in the node classifier
(equiv to site.pp).
http://projects.puppetlabs.com/projects/puppet/wiki/External_Nodes

2. Notify is to tell the syslogd service to be restarted by puppet, as
something has changed.
http://docs.puppetlabs.com/references/latest/metaparameter.html

All puppet runs will log to where you tell it to. We simply capture stdout
as we run puppet on clients in a shell script wrapper from cron. The results
are also logged back to the puppet server

3. "Owning" the manifest - sorry I was loose with my terms. I meant
the SMF
XML manifest. If you own that, ie it isn''t a system XML manifest and
have it
fully under puppet control, then maybe that would be a better place to
manage properties. We do that with our home compiled apache and sshd

If you want to be able to have different properties on different classes of
hosts, you can use templates when managing the XML file in puppet

If you want to be able to switch properties on/off at will on the same
server, that functionality isn''t in the puppet SMF handler (yet). You
can
"watch" http://projects.puppetlabs.com/issues/4144 to show more people
than
me are interested...

Regards

John

On 8 October 2010 03:10, Philip Brown <phil.googlenews@bolthole.com>
wrote:
>
>
> On Oct 6, 4:53 pm, John Warburton <jwarbur...@gmail.com> wrote:
> > If you own the manifest already, you can set properties there
> >
> > Otherwise, you can do what we do and use an exec - not efficient, but
it
> > works
> >
>
> Hmm.
>
> Interesting.
>
> Disclaimer: I''m a puppet newbie. So two followup questions:
> 1. Where does the snippet below belong. Does that go straight into
> site.pp?
>
> 2. Does it log something if a change was needed?
>
> Does the "notify" bit handle that?
>
> (i also dont understand the bit about owning the manifest. if you are
> referring to "manifests/site.pp", then where ELSE do you put it?
:-/ )
>
>
> >     exec { ''syslog_remote'':
> >         command => "svccfg -s svc:/system/system-log setprop
> > config/log_from_remote = $syslog_from_remote \
> >             || { svccfg -s svc:/system/system-log addpg config
> application;
> > svccfg -s svc:/system/system-log setprop config/log_from_remote >
boolean:
> > $syslog_from_remote; }",
> >         unless  => "svccfg -s svc:/system/system-log listprop
> > config/log_from_remote 2>&1 | grep
\"^config/log_from_remote * boolean *
> > $syslog_from_remote\"",
> >         notify  => Service[''syslogd''],
> >         path    => ''/usr/sbin:/bin:/usr/bin'',
> >     }
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
John Warburton
Ph: 0417 299 600
Email: jwarburton@gmail.com

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.