Puppet users - Apr 2007 - Issues with Puppet on FreeBSD / Creating a Recipe

Hi,

I am running an environment with 15 FreeBSD servers on which I want to 
maintain ports, rc.conf settings, and assorted configuration in 
/usr/local/etc/.  Looked around the existing Puppet docs, I got a 
puppetmaster and a test client to work and install a package as 
specified in the site manifest.  This is very basic but awesome!


I want to create a puppet FreeBSD HowTo that addresses a few deeper 
FreeBSD management issues.  I know that people have been using puppet 
with FreeBSD for some time, so I request your help in creating this 
document.

      
How have you guys dealt with:

- Ports build options.  Ports are replicated well via the "require 
package" tool in the site manifest.  Frequently, you want to build a 
port with certain options as specified in the menu in "make config" 
(nice blue dialog).  Naturally, you want all your machines to build this 
package the same way.  How do you make sure all your ports are built 
using configurations you want?

- Port dependencies which have build options.  When you build 
dependencies of ports, you are also prompted with the make config dialog 
if options are available.  How do you make sure that those dependencies 
are also configured with the correct build options?

- Perl modules not in CPAN.  There are tons of modules not in CPAN, and 
in general, building modules in CPAN is a highly interactive process 
with all kinds of prompts, dependency builds, etc.  You want all the 
managed machines to have the same modules.  How do you manage these 
modules and your Perl environment in general?


These are the biggest FreeBSD-specific issues I can see right now.  Feel 
free to add any to this list that I missed.

Which items above have you had experience with?  Looking forward to 
building this doc.


Thanks,

Anthony Volodkin


PS. Luke, I love FreeBSD as much as many, but this is super on-the-mark: 
http://madstop.com/articles/2006/04/05/freebsd-is-an-embarrassment
 :)

On 4/9/07, Anthony Volodkin <anthonyv@brainlink.com>
wrote:
> I want to create a puppet FreeBSD HowTo that addresses a few deeper
> FreeBSD management issues.  I know that people have been using puppet
> with FreeBSD for some time, so I request your help in creating this
> document.
I''m not using puppet on FreeBSD (yet?) but here are some ideas for you:
> - Ports build options.  Ports are replicated well via the "require
> package" tool in the site manifest.  Frequently, you want to build a
> port with certain options as specified in the menu in "make
config"
> (nice blue dialog).  Naturally, you want all your machines to build this
> package the same way.  How do you make sure all your ports are built
> using configurations you want?
There are a few ways to do this, but they all boil down to: set you
build options in the environment and use make''s batch option. One way
to do that would be to:
1. Define the build options you want in /etc/make.conf
2. Install the port with `portinstall --batch net/nss_ldap`, for example.
( portinstall comes from the portupgrade port. )
> - Port dependencies which have build options.  When you build
> dependencies of ports, you are also prompted with the make config dialog
> if options are available.  How do you make sure that those dependencies
> are also configured with the correct build options?
I don''t remember how well I tested the above procedure when the port
has many dependencies, but if I recall it will build all the
dependencies in batch mode as well.

I use a combination of `pkg_add -r`, when the binary is sufficient,
and `portinstall --batch` when I need options compiled in that the
binary doesn''t have.
> These are the biggest FreeBSD-specific issues I can see right now.  Feel
> free to add any to this list that I missed.
As I''m sure you will discover fairly quickly, puppet doesn''t
allow you
to edit files on-the-fly. So unless you can build your conf files
(rc.conf, make.conf, hosts.conf, etc.) completely for every host using
templates, you may run into problems. Because, of course, FreeBSD like
to keep all it''s configuration options in one rc.conf.
> PS. Luke, I love FreeBSD as much as many, but this is super on-the-mark:
> http://madstop.com/articles/2006/04/05/freebsd-is-an-embarrassment
I hadn''t seen that before, but it looks like a fairly typical rant
from somebody who doesn''t know how to use the best tools for the job.

I''ve been experimenting with Ubuntu, CentOS, OS X, and OpenBSD lately
and by far my least favorite package manager is apt-get. By far my
most favorite is FreeBSD''s ports.

But that''s a discussion for another thread...

-- 
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

On Apr 9, 2007, at 10:24 AM, Atom Powers wrote:
> On 4/9/07, Anthony Volodkin <anthonyv@brainlink.com> wrote:
>> I want to create a puppet FreeBSD HowTo that addresses a few deeper
>> FreeBSD management issues.  I know that people have been using puppet
>> with FreeBSD for some time, so I request your help in creating this
>> document.
>
> I''m not using puppet on FreeBSD (yet?) but here are some ideas for
> you:
Would you be willing to create a page with this information on the wiki?

It''s still b0rked so you''ll have to wait until we get it
fixed, but
we''re building a SupportedPlatforms page to link to per-OS pages  
where people can help maintain info about using Puppet on particular  
OSes.

  --
  Neonle will continue to be rude, and will nretend that you had a small
  stroke which makes you unable to say or see the letter "n".  Stunid
  nractical joke, if you ask me.  Bunch of noon-heads, huh?
                  -- Fred Barling, Humorscope
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On 4/16/07, Luke Kanies <luke@madstop.com> wrote:
> On Apr 9, 2007, at 10:24 AM, Atom Powers wrote:
>
> > On 4/9/07, Anthony Volodkin <anthonyv@brainlink.com> wrote:
> >> I want to create a puppet FreeBSD HowTo that addresses a few
deeper
> >> FreeBSD management issues.  I know that people have been using
puppet
> >> with FreeBSD for some time, so I request your help in creating
this
> >> document.
> >
> > I''m not using puppet on FreeBSD (yet?) but here are some
ideas for
> > you:
>
> Would you be willing to create a page with this information on the wiki?
Depending on where my server management team wants to go we may or may
not even using Puppet on the FreeBSD hosts. I won''t know for a while
yet, but if we do we will post something to the wiki when we have
something to post.

-- 
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

Luke,

Yep, doing it on the wiki would be great!

I spent some time working on it this weekend and here is where I am:

- Created a package set using a FreeBSD build server.
- Put these resulting packages onto a "package server" with Apache.
- Setup puppet master on a machine
- Configured slave systems/nodes so that when they install packages they 
ONLY come from the newly-create package server.
- Configured puppet to manage a few of the simple static text files 
across these systems.

Here is where I need help:

- How do you manage config files with minor differences, i.e. IP addressess?
- How do you manage rc.conf files?  I recognize puppet can''t currently 
edit files, but what kind of equivalent functionality can be built to 
achieve a similar effect
- How do you manage perl modules that are not in FreeBSD ports?

Otherwise, puppet has been tons of fun!

-Anthony
>>> I want to create a puppet FreeBSD HowTo that addresses a few deeper
>>> FreeBSD management issues.  I know that people have been using
puppet
>>> with FreeBSD for some time, so I request your help in creating this
>>> document.
>>>       
> Would you be willing to create a page with this information on the wiki?
>
> It''s still b0rked so you''ll have to wait until we get it
fixed, but
> we''re building a SupportedPlatforms page to link to per-OS pages  
> where people can help maintain info about using Puppet on particular  
> OSes.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 17 April 2007 16:47, Anthony Volodkin wrote:
> Here is where I need help:
>
> - How do you manage config files with minor differences, i.e. IP
> addressess?
with templates
> - How do you manage rc.conf files?  I recognize puppet can''t 
> currently edit files, but what kind of equivalent functionality can be
> built to achieve a similar effect
probably also with templates or by concatenation/scriptexecution on the 
client.
> - How do you manage perl modules that are not in FreeBSD ports?
use exec resources with the cpan shell or equivalent. If you''re into
ruby, a
cpan provider for the package type would be even greater.
> Otherwise, puppet has been tons of fun!
Good. Keep rockin''!


Regards, David
- -- 
- - hallo... wie gehts heute?
- - *hust* gut *rotz* *keuch*
- - gott sei dank kommunizieren wir über ein septisches medium ;)
 -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGJP93/Pp1N6Uzh0URAtnGAJ4/MzPR0dJbzoKpjpCMrOg/c3oUzwCgobze
CWhaJW0pqzCk9IXW0ghdt20=6FaU
-----END PGP SIGNATURE-----

On 17/04/07, Anthony Volodkin <anthonyv@brainlink.com>
wrote:
> - Created a package set using a FreeBSD build server.
> - Put these resulting packages onto a "package server" with
Apache.
> - Configured slave systems/nodes so that when they install packages they
> ONLY come from the newly-create package server.
> - Configured puppet to manage a few of the simple static text files
> across these systems.
Could you share the details of how you''re doing this?

I am doing something very similar, I set the environment variable
PACKAGESITE then use pkg_add -r to install packages. But it only works
with ftp, it would be nice to use http and to know how other people
are dealing with freebsd packages and puppet.
> Here is where I need help:
>
> - How do you manage config files with minor differences, i.e. IP
addressess?
Templates.
> - How do you manage rc.conf files?  I recognize puppet can''t
currently
> edit files, but what kind of equivalent functionality can be built to
> achieve a similar effect
I use the append_if_no_such_line recipe from the SimpleTextRecipes
article on the wiki.
> - How do you manage perl modules that are not in FreeBSD ports?
Fortunately there are ports for all the perl modules I need on the
FreeBSD hosts I manage.

Hi,


Questions + HOWTO draft on managing packages below:
>> - How do you manage config files with minor differences, i.e. IP
>> addressess?
>>     
More specifically: lots of my systems have config files where the values 
are (Base IP Address of the machine + 3), or other similar offset, as 
the systems have multiple IP addresses.

How is that implemented in templates?  I found this, which was handy but 
doesn''t solve the above problem: 
http://www.reductivelabs.com/trac/puppet/wiki/NetworkInterfacesTemplate


Example configs?  Someone out there *MUST* be doing this!
> - How do you manage rc.conf files?  I recognize puppet can''t 
> currently edit files, but what kind of equivalent functionality can be
> built to achieve a similar effect
>   
> probably also with templates or by concatenation/scriptexecution on the 
> client.
>   
Does anyone have sample configs of this to share?  This is tricky stuff.
>> - How do you manage perl modules that are not in FreeBSD ports?
>>     
>
> use exec resources with the cpan shell or equivalent. If you''re
into ruby, a
> cpan provider for the package type would be even greater.
>   
Same here.  Example configs/manifests?

----

Below is part of a quick draft of the HOWTO on managing packages and etc 
on FreeBSD using puppet that I am putting together.  Getting the 
packages working right is a big part of making puppet on FreeBSD 
useful.  Feel free to throw this on a wiki and respond with corrections 
if there are better ways of doing a few steps below.

Creating a FreeBSD package server and making other systems use it.

1. Get a machine where you will compile your packages YOUR way.  This is 
the build server.

a. portsnap fetch # download ports snapshot
b. portsnap update # deploy ports snapshot in your tree
c. Build stuff using portinstall -p <package/port name> or make package 
(if via ports) and select all your options. 

Editing a few repeating options is handy as well.  Here is what lives in 
my make.conf:

WITHOUT_X11=yes # it''s a server!
WITHOUT_ISPELL=yes # assorted software
WITHOUT_DAV=yes # apache
BUILD_OPTIMIZED=yes # for MYSQL
WITH_OPENSSL=yes # other packages
WITH_LINUXTHREADS=yes # for MYSQL
WITH_APACHE2=yes
APACHE_PORT=www/apache22

This applies to a variety of packages.  When preparing my system, I''ve 
also copied the contents /var/db/ports/ from several of my systems on 
the build server.  This directory contains saved port configuration - 
very handy!

2. Once all your stuff is built, generate a list of the installed packages:

pkg_info -oa | grep / | sort > package_list

3. Find all the package files, as they are often scattered around the 
ports tree:

mkdir packages
find /usr/ports -type f \*.tbz | xargs -I% move % packages/

So now you have a list of all the stuff installed, and the actual 
packages in question. Great!

3. Setup a HTTP mirror with these packages.  Create a HTTP vhost with 
your web server of choice such that: http://host/All/ contains all the 
packages.

Go to the All directory and run:

#bash+perl required
find . -type l | xargs rm;
for i in `find . -type f|sort -r| sed -E "s/^\.\\///"`;
do echo $i | perl -e ''while(<>) { 
s/(.*?)-(.*?)-(.*?)-(.*?)-.*tbz$/$1-$2-$3-$4/; 
s/(.*?)-(.*?)-(.*?)-.*tbz$/$1-$2-$3/; s/(.*?)-(.*?)-.*tbz$/$1-$2/; 
s/(.*?)-.*tbz$/$1/; print $_; }'' | xargs -I% ln -s $i %.tbz;
done;

The above will first clear all symlinks from the directory, then scan 
the filenames of package files and make symlinks from simplified names, 
i.e.: bash.tbz will point to bash-r2342.tbz package file.  This is 
needed to make pkg_add / portinstall work in certain situations such as 
"portinstall bash", will look for "bash.tbz" and not
"bash-version.tbz".

Also create a symlink such that http://host/Latest refers to the same 
directory as http://host/All

4. Configure your slave/node systems to ALWAYS use YOUR packages:

/etc/profile:
# for pkg_add
PACKAGESITE=http://host/All

/usr/local/etc/pkgtools.conf, for portupgrade/portinstall - edit two 
sections:

  USE_PKGS_ONLY = [
        ''*'',
  ]
 
    PKG_SITES = [
        ''http://host.com/'',
  ]

Note that you shouldn''t put /All/ or /Latest/ in the URL above.

5. On your slave systems, install portinstall using pkg_add:

pkg_add -rv portinstall

Then using portinstall, load the rest of the packages using the list you 
generated earlier:

#bash required
for PKG in `cat /root/package_list`; do PKGLOG=`echo $PKG | sed -E 
''s/\//_/''`; portinstall -l
/root/install_logs/$PKGLOG_install.txt -PP
$PKG; done

This also puts the result of each package''s install into
/install_logs/,
and corrects the log filename by removing the /.

6. In addition to installing on new systems, you can even switch your 
existing systems to your packages via portupgrade.  Caution is of course 
required and you''d probably want all these systems to be the same 
version of FreeBSD 6.2 (for ex), but it''s doable and useful.


Feedback/comments are not just welcome, they are DEMANDED! :)

-Anthony

在 18 April , 2007，05:48，Anthony Volodkin 写道：
> Feedback/comments are not just welcome, they are DEMANDED! :)
>
> -Anthony
This tutorial looks great — I wonder if you could help us with it.   
If you'd be willing to maintain this on the wiki, it would probably  
help a lot of people get off the ground.

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

在 18 April , 2007，05:48，Anthony Volodkin 写道：
> Example configs?  Someone out there *MUST* be doing this!
>
>> - How do you manage rc.conf files?  I recognize puppet can't
>> currently edit files, but what kind of equivalent functionality  
>> can be
>> built to achieve a similar effect
>>
>> probably also with templates or by concatenation/scriptexecution  
>> on the
>> client.
>>
>
> Does anyone have sample configs of this to share?  This is tricky  
> stuff.
I don't have any configs myself, but I wonder if you've had a look at  
the ERB documentation?

	http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/

You can create an ERB template that describes a generic daemon start/ 
stop behavior and then fill in the variable data through the  
template.  That may not be feasible with more complicated services,  
but if the files vary slightly and somewhat uniformly, templates are  
probably right for the job.


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

Would be happy to run it on the wiki when available. I need a few more 
FreeBSD heads to see how they handled the other outstanding issues. :)

-Anthony

Benjamin C. Kite wrote:
> 在 18 April , 2007，05:48，Anthony Volodkin 写é“：
>
>   
>> Feedback/comments are not just welcome, they are DEMANDED! :)
>>
>> -Anthony
>>     
>
> This tutorial looks great — I wonder if you could help us with it.   
> If you''d be willing to maintain this on the wiki, it would
probably
> help a lot of people get off the ground.
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>   
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

在 19 April , 2007，13:58，Anthony Volodkin 写道：
>
> Would be happy to run it on the wiki when available. I need a few  
> more FreeBSD heads to see how they handled the other outstanding  
> issues. :)
>
> -Anthony
Sweet, thanks.


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users