Hello, I''ve recently begun looking at Puppet as an alternative to Cfengine and I have a couple of questions. 1) Besides the information posted on the Puppet website, are there any critical differences between Puppet and Cfengine? 2) Does Puppet allow for client-specific file text manipulation. For instance, in Cfengine I can add a line of text to a file if the line doesn''t exist instead of replacing the entire file, is this possible with Puppet out of the box, or would I need to write a plugin/exec script? Thank you, Trevor _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
2006/12/14, Trevor Vaughan <peiriannydd@gmail.com>:> > Hello, > > I''ve recently begun looking at Puppet as an alternative to Cfengine and I > have a couple of questions. > > 1) Besides the information posted on the Puppet website, are there any > critical differences between Puppet and Cfengine? > > 2) Does Puppet allow for client-specific file text manipulation. For > instance, in Cfengine I can add a line of text to a file if the line doesn''t > exist instead of replacing the entire file, is this possible with Puppet out > of the box, or would I need to write a plugin/exec script?Actually, there is already a plugin available: http://prmweb.hezmatt.org/recipes/show/1 Thank you,> > Trevor > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users > > >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Of course, the one section of the site I didn''t mange to get to! Thanks Koen, Trevor On 12/14/06, Koen Vereeken <koen.vereeken@gmail.com> wrote:> > > > 2006/12/14, Trevor Vaughan <peiriannydd@gmail.com>: > > > > Hello, > > > > I''ve recently begun looking at Puppet as an alternative to Cfengine and > > I have a couple of questions. > > > > 1) Besides the information posted on the Puppet website, are there any > > critical differences between Puppet and Cfengine? > > > > 2) Does Puppet allow for client-specific file text manipulation. For > > instance, in Cfengine I can add a line of text to a file if the line doesn''t > > exist instead of replacing the entire file, is this possible with Puppet out > > of the box, or would I need to write a plugin/exec script? > > > Actually, there is already a plugin available: > http://prmweb.hezmatt.org/recipes/show/1 > > > > Thank you, > > > > Trevor > > > > _______________________________________________ > > Puppet-users mailing list > > Puppet-users@madstop.com > > https://mail.madstop.com/mailman/listinfo/puppet-users > > > > > > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users > > >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On Dec 14, 2006, at 6:39 AM, Trevor Vaughan wrote:> Hello, > > I''ve recently begun looking at Puppet as an alternative to Cfengine > and I have a couple of questions. > > 1) Besides the information posted on the Puppet website, are there > any critical differences between Puppet and Cfengine?Having just come back from LISA where I was asked this question about every 10 minutes... Most of this is covered on the cfengine comparison page, I expect, but I''ll probably rewrite that soon to incorporate anything missing. Probably the biggest difference is that Puppet and the Puppet community are open -- I don''t think I''m "right", and I''m always looking for input on how to make Puppet better. Puppet is still developing quickly, and I expect it to continue to do so for a long time, while cfengine has not changed significantly in many years. If you write a new plugin for Puppet, I''m very likely to incorporate it into the trunk; if you submit a patch, I''m highly likely to incorporate it; if you think some significant aspect of it should be different and are willing to spend some time on the code, you''ll probably become a committer. Of course, you were probably more interested in technical differences. The biggest difference is that Puppet encourages you to think about resources, not scripts -- think about users, groups, packages, and filesystem mounts, not file contents or shellcommands. Even when Puppet allows the use of exec, you''re better off if you wrap that into a definition so it looks like a resource type. Puppet already supports many important types, and it''s very easy to add new types, and it''s usually easy to add new providers for a given type. Puppet already has providers for 17 different package managers, and new ones can be added in just a few lines of code.> 2) Does Puppet allow for client-specific file text manipulation. > For instance, in Cfengine I can add a line of text to a file if the > line doesn''t exist instead of replacing the entire file, is this > possible with Puppet out of the box, or would I need to write a > plugin/exec script?As already pointed out, you can use exec in a way that closely resembles cfengine''s functionality, but I don''t plan on adding anything that approaches the complexity of editfiles, because it''s very difficult to use and its primary use is to hack around resources that cfengine can''t manage natively. You''ll usually find that you can either use templates to easily get what you want, or you can write a simple type to manage your resource far more reliably and supportably. Is that answer enough? Do you have any more questions? -- I never think of the future. It comes soon enough. --Albert Einstein --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Luke, Thanks for the response. This list has been refreshingly responsive to my questions and it''s impressive that you take interest in responding to as many inquiries as possible. I believe that you answered all of my questions but, of course, now I have more. My basic need is for something like the following: Person A gives me a /etc/hosts file that I HAVE to use and that they may alter at any time. I can''t change their modifications, but I need to make sure that my particular entries are in the hosts file along with theirs. Also, I can''t change the supply chain flow of control so there''s no chance of grabbing the file and modding it before deployment. Now, I believe that the plugins mentioned before cover what I need to do, but it would be nice to know if I could do something like this with templating. I suppose the full picture version would be that I want to update my local spam lists from various spam watch sites but I have a few entries that I want to make sure are in there and I want to let the pull processes work as developed with only puppet doing configuration changes. I was just trying to make it more generic for the sake of ''enterprise'' or ''university'' goals. Does that make sense? Thanks, Trevor On 12/14/06, Luke Kanies <luke@madstop.com> wrote:> > On Dec 14, 2006, at 6:39 AM, Trevor Vaughan wrote: > > > Hello, > > > > I''ve recently begun looking at Puppet as an alternative to Cfengine > > and I have a couple of questions. > > > > 1) Besides the information posted on the Puppet website, are there > > any critical differences between Puppet and Cfengine? > > Having just come back from LISA where I was asked this question about > every 10 minutes... Most of this is covered on the cfengine > comparison page, I expect, but I''ll probably rewrite that soon to > incorporate anything missing. > > Probably the biggest difference is that Puppet and the Puppet > community are open -- I don''t think I''m "right", and I''m always > looking for input on how to make Puppet better. Puppet is still > developing quickly, and I expect it to continue to do so for a long > time, while cfengine has not changed significantly in many years. If > you write a new plugin for Puppet, I''m very likely to incorporate it > into the trunk; if you submit a patch, I''m highly likely to > incorporate it; if you think some significant aspect of it should be > different and are willing to spend some time on the code, you''ll > probably become a committer. > > Of course, you were probably more interested in technical differences. > > The biggest difference is that Puppet encourages you to think about > resources, not scripts -- think about users, groups, packages, and > filesystem mounts, not file contents or shellcommands. Even when > Puppet allows the use of exec, you''re better off if you wrap that > into a definition so it looks like a resource type. > > Puppet already supports many important types, and it''s very easy to > add new types, and it''s usually easy to add new providers for a given > type. Puppet already has providers for 17 different package > managers, and new ones can be added in just a few lines of code. > > > 2) Does Puppet allow for client-specific file text manipulation. > > For instance, in Cfengine I can add a line of text to a file if the > > line doesn''t exist instead of replacing the entire file, is this > > possible with Puppet out of the box, or would I need to write a > > plugin/exec script? > > As already pointed out, you can use exec in a way that closely > resembles cfengine''s functionality, but I don''t plan on adding > anything that approaches the complexity of editfiles, because it''s > very difficult to use and its primary use is to hack around resources > that cfengine can''t manage natively. You''ll usually find that you > can either use templates to easily get what you want, or you can > write a simple type to manage your resource far more reliably and > supportably. > > Is that answer enough? Do you have any more questions? > > -- > I never think of the future. It comes soon enough. --Albert Einstein > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On 14/12/06 11:03 -0500, Trevor Vaughan wrote: <snip>> I suppose the full picture version would be that I want to update my local > spam lists from various spam watch sites but I have a few entries that I > want to make sure are in there and I want to let the pull processes work asHmmmm, are you trying to put a DNSBL type thing under Puppet? Personally, I would use make(1) to generate the DNSBL zone, rsync(1) to transfer the data and Puppet to manage the cron jobs for running make and rsync. Something similar for access(5) maps. Devdas Bhagat
On Dec 14, 2006, at 10:03 AM, Trevor Vaughan wrote:> Luke, > > Thanks for the response. This list has been refreshingly > responsive to my questions and it''s impressive that you take > interest in responding to as many inquiries as possible. > > I believe that you answered all of my questions but, of course, now > I have more. > > My basic need is for something like the following: > > Person A gives me a /etc/hosts file that I HAVE to use and that > they may alter at any time. I can''t change their modifications, > but I need to make sure that my particular entries are in the hosts > file along with theirs. Also, I can''t change the supply chain flow > of control so there''s no chance of grabbing the file and modding it > before deployment.Puppet works with this by default -- all Puppet types default to only managing the resources you specify. Thus, you can specify that certain hosts should be present or absent, and Puppet will basically just ignore the rest of the contents of the file. So, you should be able to just use the ''host'' type and not worry about it. Of course, I would do testing, and make sure it behaves as you expect, but this is exactly how it should work.> Now, I believe that the plugins mentioned before cover what I need > to do, but it would be nice to know if I could do something like > this with templating.Templating will only work for you if the file your clients give you can be stored on the server, rather than on the client. Templates are all stored on the server, whereas Puppet types all perform their actions on the client.> I suppose the full picture version would be that I want to update > my local spam lists from various spam watch sites but I have a few > entries that I want to make sure are in there and I want to let the > pull processes work as developed with only puppet doing > configuration changes. I was just trying to make it more generic > for the sake of ''enterprise'' or ''university'' goals.Yeah, that shouldn''t be a problem. I''m currently implementing the code that will allow you to delete unmanaged resources if you want, but at this point, Puppet just ignores any resources you don''t mention. -- The only difference between the Democrats and the Republicans is that the Democrats allow the poor to be corrupt, too. -- Oscar Levant --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Yow, it looks like I need to be more specific. Ok, I''m given a University built machine by the University IT gods and I''m told that: 1) I can''t delete their configurations 2) I can add configuration (more hosts, iptables rules, whatever 3) My changes might be blown away by their changes and I''ll just have to deal Consider a lab of these and you don''t really want to be munging this stuff together by hand. So, that''s what I''m trying to work with and why I''m looking at puppet. Basically, all I have to do is re-load the puppet client and configuration and everything goes back to the way that I want it without having to touch every machine. This is especially important when bringing in new machines since I don''t have the resources to actually build them all by hand. It would be nice if I could manage the entire process but that''s not allowed by "The Rules". Sorry for the run around, I didn''t expect it to get so convoluted. Thanks, Trevor On 12/14/06, Luke Kanies <luke@madstop.com> wrote:> > On Dec 14, 2006, at 10:03 AM, Trevor Vaughan wrote: > > > Luke, > > > > Thanks for the response. This list has been refreshingly > > responsive to my questions and it''s impressive that you take > > interest in responding to as many inquiries as possible. > > > > I believe that you answered all of my questions but, of course, now > > I have more. > > > > My basic need is for something like the following: > > > > Person A gives me a /etc/hosts file that I HAVE to use and that > > they may alter at any time. I can''t change their modifications, > > but I need to make sure that my particular entries are in the hosts > > file along with theirs. Also, I can''t change the supply chain flow > > of control so there''s no chance of grabbing the file and modding it > > before deployment. > > Puppet works with this by default -- all Puppet types default to only > managing the resources you specify. Thus, you can specify that > certain hosts should be present or absent, and Puppet will basically > just ignore the rest of the contents of the file. > > So, you should be able to just use the ''host'' type and not worry > about it. Of course, I would do testing, and make sure it behaves as > you expect, but this is exactly how it should work. > > > Now, I believe that the plugins mentioned before cover what I need > > to do, but it would be nice to know if I could do something like > > this with templating. > > Templating will only work for you if the file your clients give you > can be stored on the server, rather than on the client. Templates > are all stored on the server, whereas Puppet types all perform their > actions on the client. > > > I suppose the full picture version would be that I want to update > > my local spam lists from various spam watch sites but I have a few > > entries that I want to make sure are in there and I want to let the > > pull processes work as developed with only puppet doing > > configuration changes. I was just trying to make it more generic > > for the sake of ''enterprise'' or ''university'' goals. > > Yeah, that shouldn''t be a problem. I''m currently implementing the > code that will allow you to delete unmanaged resources if you want, > but at this point, Puppet just ignores any resources you don''t mention. > > -- > The only difference between the Democrats and the Republicans is that > the Democrats allow the poor to be corrupt, too. -- Oscar Levant > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Devdas, I definitely looked at that approach, but I really didn''t want to do pre-processing on a server, I wanted to be able to do everything on the client without maintaining anything but puppet configurations. It''s an option if the puppet way doesn''t work. Thanks, Trevor On 12/14/06, Devdas Bhagat <devdas@dvb.homelinux.org> wrote:> > On 14/12/06 11:03 -0500, Trevor Vaughan wrote: > <snip> > > I suppose the full picture version would be that I want to update my > local > > spam lists from various spam watch sites but I have a few entries that I > > want to make sure are in there and I want to let the pull processes work > as > > Hmmmm, are you trying to put a DNSBL type thing under Puppet? > Personally, I would use make(1) to generate the DNSBL zone, rsync(1) to > transfer the data and Puppet to manage the cron jobs for running make > and rsync. > > Something similar for access(5) maps. > > Devdas Bhagat > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On Dec 14, 2006, at 10:40 AM, Trevor Vaughan wrote:> Yow, it looks like I need to be more specific. > > Ok, I''m given a University built machine by the University IT gods > and I''m told that: > > 1) I can''t delete their configurations > 2) I can add configuration (more hosts, iptables rules, whatever > 3) My changes might be blown away by their changes and I''ll just > have to deal > > Consider a lab of these and you don''t really want to be munging > this stuff together by hand. So, that''s what I''m trying to work > with and why I''m looking at puppet. Basically, all I have to do is > re-load the puppet client and configuration and everything goes > back to the way that I want it without having to touch every > machine. This is especially important when bringing in new > machines since I don''t have the resources to actually build them > all by hand. > > It would be nice if I could manage the entire process but that''s > not allowed by "The Rules". > > Sorry for the run around, I didn''t expect it to get so convoluted.Hmm, you weren''t as specific as this to start, but I didn''t think it was all that convoluted. You can do this pretty easily with Puppet, and this is exactly what will happen by default -- the hosts et al you specify will be added/ managed by Puppet, and everything else will be left alone. -- There are three social classes in America: upper middle class, middle class, and lower middle class. --Judith Martin --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On 14/12/06 11:42 -0500, Trevor Vaughan wrote:> Devdas, > > I definitely looked at that approach, but I really didn''t want to do > pre-processing on a server, I wanted to be able to do everything on the > client without maintaining anything but puppet configurations. >Is there _any_ reason why you can''t manage the Makefiles with Puppet? The rsync is simply because of the sheer size of the files you will transfer. Again, rbldnsd is your friend when it comes to DNSBLs. Devdas Bhagat
Luke and Devdas, Thanks for the input, I''ll see how things go! Trevor _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users