Puppet users - May 2007 - Re: UPDATE automated installation of puppet into s olaris 10 zones

>> You''re right, if the package content from the global zone is  
>> reflected in all zones, the necessary files are already there.
>>
>> Typically I try to keep additional installed packages as  
>> independent as possible. So all additional software packages have  
>> the following parameters set in the pkginfo file:
>>
>> SUNW_PKG_ALLZONES=false
>> SUNW_PKG_THISZONE=true
>>
>> This ensures a discrete package installation within a given zone.
>>
>> I'' ve just changed this for the packages ruby, facter and
puppet
>> to  "SUNW_PKG_ALLZONES=true" . So these are in the right
place
>> after a zone init.
>>
>> Normally, the postinstallation script of the puppet package  
>> registers puppet into smf and starts puppetd. Unfortunately the pkg  
>> installation scripts are not called when a zone is created. So
I''ve
>> to call them trough the puppetd of the global zone.
>>
>> Anyway, if I would do the exec you mentioned, there would be no  
>> need to change the package content. I''ll try this next.
>It''d be great if you documented this on the wiki, whatever you end
up
>using.

Ok, I''ll do this as soon as I''ve finished the tests.

>> By the way, are there plans to use the zonemgr as a interface  
>> instead of the native zoneadm / zonecfg ?
>> The state-change of a zone from "running" to
"installed"  can be
>> handled more cleanly by zonemgr which does shut down the zone  
>> instead of ''zoneadm halt''
>>
>> Zonemgr has also much more functionality for zone administration  
>> and reconfiguration than zoneadm / zonecfg.
>>
>> Zonemgr is a ksh script not yet integrated into Solaris 10 but  
>> available for download (stable version 1.8)
>>
>> http://www.opensolaris.org/os/project/zonemgr
>I didn''t know that zonemgr exists; I wrote the zone support for a  
>company I haven''t worked with in a year, and I have no idea if they
>even use Puppet any more.
>Now that providers support optional commands, this should be pretty  
>easy to support, but I''d need the exact commands to run in all  
>cases.  A patch would be best, of course, and would actually get it  
>done much faster.

I found the zonemgr no more than a week ago and don''t know the whole
stuff
yet. But it seems well documented:
http://opensolaris.org/os/project/zonemgr/documentation/zonemgr18help/ 
I''ll play around with the tool to find out would make sense to be
managed by
puppet.
Unfortunately I''m not familiar with ruby yet-(

Cheers, frank

On May 3, 2007, at 5:52 AM, Frank.Munsche@izb.de wrote:
> I found the zonemgr no more than a week ago and don''t know the  
> whole stuff
> yet. But it seems well documented:
> http://opensolaris.org/os/project/zonemgr/documentation/zonemgr18help/
> I''ll play around with the tool to find out would make sense to be
> managed by
> puppet.
> Unfortunately I''m not familiar with ruby yet-(
It''s never too late to learn. :)

  --
  You''ve achieved success in your field when you don''t know
whether what
  you''re doing is work or play.  -- Warren Beatty
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On 5/4/07, Luke Kanies <luke@madstop.com> wrote:
> On May 3, 2007, at 5:52 AM, Frank.Munsche@izb.de wrote:
>
> > I found the zonemgr no more than a week ago and don''t know
the
> > whole stuff
> > yet. But it seems well documented:
> > http://opensolaris.org/os/project/zonemgr/documentation/zonemgr18help/
> > I''ll play around with the tool to find out would make sense
to be
> > managed by
> > puppet.
> > Unfortunately I''m not familiar with ruby yet-(
>
> It''s never too late to learn. :)
>
>   --
>   You''ve achieved success in your field when you don''t
know whether what
>   you''re doing is work or play.  -- Warren Beatty
>   ---------------------------------------------------------------------
>   Luke Kanies | http://reductivelabs.com | http://madstop.com
>
I doubt zonemgr will be of much use in installing packages unless you
only want to use Blastwave ones.

To bootstrap installation of puppet in a new zone you can do this if
you have "Whole root" zones as opposed to "Spare root"
zones:

global# cat -<<EOF | zlogin myzone "cat - >
/var/sadm/install/admin/noask"
> mail> instance=overwrite
> partial=nocheck
> runlevel=nocheck
> idepend=nocheck
> rdepend=nocheck
> space=ask
> setuid=nocheck
> conflict=nocheck
> action=nocheck
> basedir=default
> EOF
global# cat puppet.pkg | zlogin myzone "pkgadd -G -n -a noask -d /dev/stdin
all"

What this does is first create a package admin file
/var/sadmin/install/noask that eliminates most questions asked by
pkgadd, then adds the package. It assumes that your puppet package is
in datastream format *not* file system format.

If the puppet package contains a service manifest that is disabled by
default (good practice) then you can run:

global# zlogin myzone "svcadm enable puppet"

-- 
matthew
http://wadofstuff.blogspot.com

On Friday 04 May 2007 07:16, Matthew Flanagan wrote:
> On 5/4/07, Luke Kanies <luke@madstop.com> wrote:
> > On May 3, 2007, at 5:52 AM, Frank.Munsche@izb.de wrote:
> > > I found the zonemgr no more than a week ago and don''t
know the
> > > whole stuff
> > > yet. But it seems well documented:
> > >
http://opensolaris.org/os/project/zonemgr/documentation/zonemgr18help/
> > > I''ll play around with the tool to find out would make
sense to be
> > > managed by
> > > puppet.
> > > Unfortunately I''m not familiar with ruby yet-(
> >
> > It''s never too late to learn. :)
> >
> >   --
> >   You''ve achieved success in your field when you
don''t know whether what
> >   you''re doing is work or play.  -- Warren Beatty
> >  
---------------------------------------------------------------------
> >   Luke Kanies | http://reductivelabs.com | http://madstop.com
>
> I doubt zonemgr will be of much use in installing packages unless you
> only want to use Blastwave ones.
You''re right. I considered to change zonemgr''s code to provide
custom
packages, but this is probably a bad idea.
>
> To bootstrap installation of puppet in a new zone you can do this if
> you have "Whole root" zones as opposed to "Spare root"
zones:
>
> global# cat -<<EOF | zlogin myzone "cat - >
/var/sadm/install/admin/noask"
>
> > mail> > instance=overwrite
> > partial=nocheck
> > runlevel=nocheck
> > idepend=nocheck
> > rdepend=nocheck
> > space=ask
> > setuid=nocheck
> > conflict=nocheck
> > action=nocheck
> > basedir=default
> > EOF
>
> global# cat puppet.pkg | zlogin myzone "pkgadd -G -n -a noask -d
/dev/stdin
> all"
>
I''ve never tried a pkgadd from stdin, but as it is a streams pkg it
should
work perfectly. Cool! 
It seems possible to put a custom adminfile into the package. Anyway, if there 
are more than one to install, a central ''noask'' makes sense.

> What this does is first create a package admin file
> /var/sadmin/install/noask that eliminates most questions asked by
> pkgadd, then adds the package. It assumes that your puppet package is
> in datastream format *not* file system format.
>
> If the puppet package contains a service manifest that is disabled by
> default (good practice) then you can run:
>
> global# zlogin myzone "svcadm enable puppet"