Can you wildcard a domain for a node name like the following?
node ''*.sub.example.com'' {
....
}
Thanks,
Kent
On Fri, 2007-04-13 at 11:59 -0500, Kenton Brede wrote:> Can you wildcard a domain for a node name like the following? > > node ''*.sub.example.com'' { > .... > }No, that''s not possible; you can define a default node that applies to any node that isn''t mentioned explicitly in your manifest: node default { ... } But if you want to match a subdomain, the easiest would be to set external_nodes in the puppetmaster config to point to a script that produces the list of classes; that script can then do any magic it wants to determine what classes map to a node. David
On 4/13/07, David Lutterkort <dlutter@redhat.com> wrote:> On Fri, 2007-04-13 at 11:59 -0500, Kenton Brede wrote: > > Can you wildcard a domain for a node name like the following? > > > > node ''*.sub.example.com'' { > > .... > > } > > No, that''s not possible; you can define a default node that applies to > any node that isn''t mentioned explicitly in your manifest: > node default { > ... > }That''s what I''m using now for testing my install class but ultimately I''ll want to use the default node for other purposes.> But if you want to match a subdomain, the easiest would be to set > external_nodes in the puppetmaster config to point to a script that > produces the list of classes; that script can then do any magic it wants > to determine what classes map to a node.I''m not entirely sure what you mean here. What I''m trying to do is set up a class dedicated to auto installs, putting in place a temporary config. All installs are done on one subdomain via kickstart, puppetd runs on first boot, server autosigns certs for the subdomain and testing of the box commences. After testing the box is moved to a different network and puppetd runs again, configuring the machine for production. My hope was to assign the IPs on the boxes via DHCP and then use the subdomain as the distinguishing characteristic to tie to the install class. For example all machines in the secured test network have a temporary sshd and firewall configuration, a minimalistic locked down state. Once the server is "certified" as secure it can be moved to the production network where it''s given it''s role by Puppet, which includes a new sshd and firewall configuration. I can auto sign certs based on subdomain. I can serve files to a subdomain. It seems logical to assign a class via subdomain. Thanks for any help. Kent -- "It may be true that the law cannot make a man love me, but it can stop him from lynching me, and I think that''s pretty important." - Martin Luther King Jr.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 15 April 2007 15:45, Kenton Brede wrote:> What I''m trying to do is set up a class dedicated to auto installs, > putting in place a temporary config. All installs are done on one > subdomain via kickstart, puppetd runs on first boot, server autosigns > certs for the subdomain and testing of the box commences. After > testing the box is moved to a different network and puppetd runs > again, configuring the machine for production. My hope was to assign > the IPs on the boxes via DHCP and then use the subdomain as the > distinguishing characteristic to tie to the install class.You can add a custom fact which does the distinguishing. Then you can use this to decide in the default node whether to push the install or something else.> I can auto sign certs based on subdomain. I can serve files to a > subdomain. It seems logical to assign a class via subdomain.Notwithstanding what I said above: yes is would be logical. Luke is planning a new tool for nodemapping which would be used instead of the "node" definitions in the manifests, where you can assign/include classes based on predicates formed from facter''s facts and configuration on the puppetmaster host. Regards, David - -- - - hallo... wie gehts heute? - - *hust* gut *rotz* *keuch* - - gott sei dank kommunizieren wir über ein septisches medium ;) -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGIlkY/Pp1N6Uzh0URAi32AJ9SJQ20qTyk5eKMwSz6RlfihhGf8QCgjOG9 WdEErLK6Xm6Oz2G1ObaU0eI=RFUO -----END PGP SIGNATURE-----