I have a few settings that change based on the network that a system is in, and I have a heterogeneous collection of networks (a few /24s, some /25s, a /29 and a couple /27s, and hey look a /16 in rfc1918 space and...). So I can''t do simple regex matches on dotted-quad IP notation and expect to get a complete story. What I''d like is something like, I dunno... $nameserver = $::ipaddress ? { cidr(''172.242.0.0/16'') => ''172.242.111.222'', cidr(''192.168.55.0/25'') => ''192.168.55.5'', cidr(''192.168.55.128/25'') => ''192.168.55.205'', ... } Or really any way to determine whether or not a particular IP string satisfies a given CIDR range. How do you people solve this sort of problem? -- "There should be a homonym exam before people are issued keyboards." -- George Moffitt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mohamed Lrhazi
2011-Jan-27 19:53 UTC
Re: [Puppet Users] CIDR-matching in puppet manifests?
Not sure if this would help you, but: I needed to generate a config file where some value (netbackup_media_server) depended on the ip of the client (ipaddress fact), so I did the following inside the template: # MANAGED BY PUPPET <% table=" 10.212.3.0/24 nbmedia2-503.example.com 10.212.3.70 10.212.5.0/24 nbmedia2-998.example.com 10.212.5.60 10.212.12.0/24 nbmedia2-512.example.com 10.212.12.66 192.168.63.0/24 nbmedia2-1000.example.com 192.168.1.67 192.168.2.0/26 nbmedia2-2.example.com 192.168.2.22 192.168.2.128/25 nbmedia2-22.example.com 192.168.2.134 " require ''ipaddr'' #netbackup_media_servers={} netbackup_media_server="" table.split(/\n/).each do | line | line=line.strip if line #puts line net,name,ip=line.split(/\s+/).map{|x| x.strip} #print net,name,ip if ! net.nil? #netbackup_media_servers[net]=[name,ip] net1 = IPAddr.new(net) if net1.include?(IPAddr.new(ipaddress)) netbackup_media_server = name break end end end end %> SERVER = <%= netbackup_master_server %> SERVER = <%= netbackup_media_server %> CLIENT_NAME = <%= fqdn %> SERVER_SENDS_MAIL = YES CLIENT_READ_TIMEOUT = 20000 CLIENT_CONNECT_TIMEOUT = 3600 LOCKED_FILE_ACTION = SKIP ALLOW_NON_RESERVED_PORTS = YES On Thu, Jan 27, 2011 at 2:36 PM, Nick Moffitt <nick@zork.net> wrote:> I have a few settings that change based on the network that a system is > in, and I have a heterogeneous collection of networks (a few /24s, some > /25s, a /29 and a couple /27s, and hey look a /16 in rfc1918 space > and...). So I can''t do simple regex matches on dotted-quad IP notation > and expect to get a complete story. > > What I''d like is something like, I dunno... > > $nameserver = $::ipaddress ? { > cidr(''172.242.0.0/16'') => ''172.242.111.222'', > cidr(''192.168.55.0/25'') => ''192.168.55.5'', > cidr(''192.168.55.128/25'') => ''192.168.55.205'', > ... > } > > Or really any way to determine whether or not a particular IP string > satisfies a given CIDR range. > > How do you people solve this sort of problem? > > -- > "There should be a homonym exam before people are > issued keyboards." -- George Moffitt > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mohamed Lrhazi
2011-Jan-27 19:55 UTC
Re: [Puppet Users] CIDR-matching in puppet manifests?
I guess my answer was: you can use ruby''s library ipaddr inside templates, not sure about manifests. On Thu, Jan 27, 2011 at 2:36 PM, Nick Moffitt <nick@zork.net> wrote:> I have a few settings that change based on the network that a system is > in, and I have a heterogeneous collection of networks (a few /24s, some > /25s, a /29 and a couple /27s, and hey look a /16 in rfc1918 space > and...). So I can''t do simple regex matches on dotted-quad IP notation > and expect to get a complete story. > > What I''d like is something like, I dunno... > > $nameserver = $::ipaddress ? { > cidr(''172.242.0.0/16'') => ''172.242.111.222'', > cidr(''192.168.55.0/25'') => ''192.168.55.5'', > cidr(''192.168.55.128/25'') => ''192.168.55.205'', > ... > } > > Or really any way to determine whether or not a particular IP string > satisfies a given CIDR range. > > How do you people solve this sort of problem? > > -- > "There should be a homonym exam before people are > issued keyboards." -- George Moffitt > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mohamed Lrhazi:> I guess my answer was: you can use ruby''s library ipaddr inside > templates, not sure about manifests.That is an interesting approach, and suggests possible inline_template() hacks. I note that of course Puppet itself can do CIDR tests in various conf file settings, so clearly the underlying ruby makes this possible. I''ll think about this code you''ve pasted. Thanks! -- "It is not very unreasonable that the rich should contribute to the public expense, not only in proportion to their revenue, but something more than in that proportion." -- Adam Smith, Wealth of Nations -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Martijn Grendelman
2011-Jan-28 14:48 UTC
Re: [Puppet Users] CIDR-matching in puppet manifests?
On 27-01-11 22:21, Nick Moffitt wrote:> Mohamed Lrhazi: >> I guess my answer was: you can use ruby''s library ipaddr inside >> templates, not sure about manifests. > > That is an interesting approach, and suggests possible inline_template() > hacks. I note that of course Puppet itself can do CIDR tests in various > conf file settings, so clearly the underlying ruby makes this possible. > > I''ll think about this code you''ve pasted. Thanks! >Would you be so kind to post the solution you cho(o)se in the end? I am interested in this too.. Thank you! Best regards, Martijn Grendelman -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Martijn Grendelman:> Would you be so kind to post the solution you cho(o)se in the end? I am > interested in this too.. Thank you!At the moment I''m attempting something like a case statement that does inline_template("<%= require ''ipaddr''; IPAddr.new(''$thecidr'').include?IPAddr.new(''$theip'') -%>") a whole lot, and compares the output at each step. Hideous, but it''s enough that I''ve kind of put it on the back burner for now. -- "Man, if everything were object-oriented then rsync could do this already. Of course, if everything were object-oriented I''d have a bushy moustache and be wearing flares, which would suck." -- Sean Neakums -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Well... Inline templates are a little bit dirty to do this, but they will work. We are doing something similar so we can set up the interfaces of a host based on the group it belongs too. We created a module called custom and there we added in the lib directory as part of the facts a bunch of ruby files. A ruby file for mapping (all the CIDRs). and then a few libraries to use the ipaddr ruby lib and do calculations etc. Then we generated facts, that will use those libraries based on the ip that is being passed to the fact. and generate information like network info, gw, netmask, etc. I hope this helps. On Jan 28, 7:12 am, Nick Moffitt <n...@zork.net> wrote:> Martijn Grendelman: > > > Would you be so kind to post the solution you cho(o)se in the end? I am > > interested in this too.. Thank you! > > At the moment I''m attempting something like a case statement that does > inline_template("<%= require ''ipaddr''; IPAddr.new(''$thecidr'').include?IPAddr.new(''$theip'') -%>") > a whole lot, and compares the output at each step. Hideous, but it''s > enough that I''ve kind of put it on the back burner for now. > > -- > "Man, if everything were object-oriented then rsync > could do this already. Of course, if everything were > object-oriented I''d have a bushy moustache and be > wearing flares, which would suck." -- Sean Neakums-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nick Moffitt
2011-Jan-28 17:22 UTC
Re: [Puppet Users] Re: CIDR-matching in puppet manifests?
Roberto Bouza:> Inline templates are a little bit dirty to do this, but they will > work.Yeah, it''s totally a stopgap.> A ruby file for mapping (all the CIDRs). and then a few libraries to > use the ipaddr ruby lib and do calculations etc.Yeah, my problem is that I''m not in a position where I can hand over a ruby module to the team that will ultimately be maintaining this system with me. I''ve got enough of a climb doing training on the puppet DSL without having to worry about people shooting themselves in the gun with ruby. -- "No, I ain''t got a fax machine! I also ain''t got an Apple IIc, polio, or a falcon!" -- Ray, Achewood 2006-11-22 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2011-Jan-28 18:56 UTC
Re: [Puppet Users] Re: CIDR-matching in puppet manifests?
On Fri, Jan 28, 2011 at 09:22, Nick Moffitt <nick@zork.net> wrote:> Roberto Bouza: > >> Inline templates are a little bit dirty to do this, but they will >> work. > > Yeah, it''s totally a stopgap.FWIW, a custom function that took two arguments (ip, cidr) would not be very hard to write, and would be a nice addition. You could have it more cleanly return a result that you could use in other code. (You can also do more clever things if you want.) That might be a less painful stopgap... http://docs.puppetlabs.com/guides/plugins_in_modules.html#note-on-usage-for-server-custom-functions Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <daniel@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Martijn Grendelman:> Would you be so kind to post the solution you cho(o)se in the end? I > am interested in this too.. Thank you!I''m afraid I chose a rather less glamorous solution to a very specific problem. It suddenly occurred to me that for the majority of my needs would be served by matching on facts like network_eth0 and netmask_eth0. I can reason about the ranges involved by matching on these, and do my own CIDR logic in-manifest for a lot of it. It''s not as powerful as the ruby IP address operations, but it gives me the functionality I need in a way that a newcomer to the system need only scowl over it for a short time. -- "There should be a homonym exam before people are issued keyboards." -- George Moffitt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Possibly Parallel Threads
- [Bug 3544] New: Support CIDR notation for host pattern matching
- CIDR address/masklen matching support for permitopen="host:port" restrictions?
- using memorysize fact in manifests
- DO NOT REPLY [Bug 5851] New: Name lookup failures and CIDR regression
- [Bug 840] New: Specifying CIDR when adding to a hash:ip entry is silently ignored