habanero
2011-Sep-23 14:04 UTC
[Puppet Users] ldap ENC extension to use environment parent node
Hi, We currently use ldap ENC to set server role variables and extlookup to set domain or environment variables. I have a suggestion regarding ldap use as an ENC - if a node within ldap has the environment attribute set then it should inherit/mixin (if available) from a node named after it''s environment. It could be populated with only puppetVar type attributes so that any environment wide variables could be set within the environment node and all nodes in the environment (despite having different parents) would inherit/mixin the variables. It could perhaps be further extended so that a domain or any other grouping of nodes (if in existence) as an ldap node could be polled - the ultimate goal being to use ldap as a single point of truth - inheritance precedence could be set in much the same way as extlookup to the host/role/domain/environment level. I appreciate that not everyone uses ldap as their ENC - but we have found it extremely valuable, I also envisage that there is another (perhaps better) way of achieving the same - so any suggestions welcome. Many thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Rob McBroom
2011-Sep-26 13:02 UTC
Re: [Puppet Users] ldap ENC extension to use environment parent node
On Sep 23, 2011, at 10:04 AM, habanero wrote:> I have a suggestion regarding ldap use as an ENC - if a node within > ldap has the environment attribute set then it should inherit/mixin > (if available) from a node named after it''s environment.I don’t know how it will behave in practice, but in the LDAP schema, parentNode is defined as multi-value. So you should be able to define an additional parent node named after the environment. -- Rob McBroom <http://www.skurfer.com/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
habanero
2011-Sep-26 14:43 UTC
[Puppet Users] Re: ldap ENC extension to use environment parent node
On Sep 26, 2:02 pm, Rob McBroom <mailingli...@skurfer.com> wrote:> I don’t know how it will behave in practice, but in the LDAP schema, parentNode is defined as multi-value. So you should be able to define an additional parent node named after the environment.Hmm, my puppet.schema contains this for the parentNode definition: attributetype ( 1.3.6.1.4.1.34380.1.1.3.9 NAME ''parentNode'' DESC ''Puppet Parent Node'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) I think I remember seeing a bug related to this for old versions of puppet - like 0.24, i''m running 2.6.2 on Debian squeeze so the schema has long had SINGLE-VALUE specified for parentNode, actually I found the bug (now closed) http://www.mail-archive.com/puppet-bugs@googlegroups.com/msg03745.html It would be ideal but from the above post it looks like it won''t work even if I reversed the schema change... thanks for replying though! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
habanero
2011-Sep-27 09:28 UTC
[Puppet Users] Re: ldap ENC extension to use environment parent node
From the lack of response I''m guessing that this post either hasn''t been read much or people don''t have a similar setup so aren''t bothered - but I was wondering if anyone feels this to be worthy of a feature request? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.