Puppet users - Nov 2011 - Collecting ressources for different hosts

Hello everyone,

I''m trying collect firewall rules from my nodes, so I can
automatically deploy them to my firewalls....

The problem here is, that my nodes are behind different firewalls, so
I need to collect the rules independently for each host.

I tried an approach like this:

Define a command.

define firewall::openservice( )
{
  $servicename = $name
  @@file { "/etc/pyroman/40_${hostname}_service_${name}.py":
    content => template("firewall-openservice.erb"),
    tag => "firewall-$firewall",
  }
}

$firewall is here set with a custom fact using the environment
variables, which holds the nodename of the firewall node.

I try to collect those rules on the firewall using this definition:

File <<| tag == "firewall-$hostname" |>>

(Yes, I''m using stored configs, collected resources work just fine on
other parts of my config).

But I don''t see any rule files appearing on the firewall node.

The problem for me now is: What is the best approach to debug this
issue? Is it even possible to do what I want to do? The things I find
on the net about collected resources, or in the puppet documentation,
are kinda thin, and I don''t seem to make any progress in this issue.
At the moment it just works to collect all rule files for all
firewalls, which leads to a lot of clutter in my config directory.

Any help would be greatly appreciated.

Regards,
Jens

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''ve never used the file resource along with stored configurations. But
the first thing I would do is to dig into the database the configurations are
stored. Something like this:

[root@myhost ~]# mysql -u puppet -p
Enter password: 
mysql> use puppet
mysql> select title,host_id from resources where title like
''check_swap%'' and exported = 1;
+-------------------+---------+
| title             | host_id |
+-------------------+---------+
| check_swap_h1     |       2 | 
| check_swap_h2     |       1 | 
+-------------------+---------+
2 rows in set (0.03 sec)

mysql>

In this example I was searching for some Nagios resources. You will have to
replace the ''check_swap'' with the name of your resources. If
you see your resources here, you can be sure your clients are reporting as
expected and you continue analyzing the agent run on the Puppet master (syslog).

Bernd
> -----Ursprüngliche Nachricht-----
> Von: puppet-users@googlegroups.com [mailto:puppet-
> users@googlegroups.com] Im Auftrag von Jens
> Gesendet: Dienstag, 22. November 2011 13:31
> An: Puppet Users
> Betreff: [Puppet Users] Collecting ressources for different hosts
> 
> Hello everyone,
> 
> I''m trying collect firewall rules from my nodes, so I can
> automatically deploy them to my firewalls....
> 
> The problem here is, that my nodes are behind different firewalls, so
> I need to collect the rules independently for each host.
> 
> I tried an approach like this:
> 
> Define a command.
> 
> define firewall::openservice( )
> {
>   $servicename = $name
>   @@file { "/etc/pyroman/40_${hostname}_service_${name}.py":
>     content => template("firewall-openservice.erb"),
>     tag => "firewall-$firewall",
>   }
> }
> 
> $firewall is here set with a custom fact using the environment
> variables, which holds the nodename of the firewall node.
> 
> I try to collect those rules on the firewall using this definition:
> 
> File <<| tag == "firewall-$hostname" |>>
> 
> (Yes, I''m using stored configs, collected resources work just fine
on
> other parts of my config).
> 
> But I don''t see any rule files appearing on the firewall node.
> 
> The problem for me now is: What is the best approach to debug this
> issue? Is it even possible to do what I want to do? The things I find
> on the net about collected resources, or in the puppet documentation,
> are kinda thin, and I don''t seem to make any progress in this
issue.
> At the moment it just works to collect all rule files for all
> firewalls, which leads to a lot of clutter in my config directory.
> 
> Any help would be greatly appreciated.
> 
> Regards,
> Jens
> 
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-
> users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.