Puppet users - May 2007 - Host information gathering

I''d like to keep the desired and current states of a machine regarding
it''s
configuration. 

Sometimes a chain of administrative commands is needed to get a special thing 
(re)configured on a machine, e.g. reconfig of a suncluster. This cannot be 
done with puppet in an easy way.  In the majority of cases, these commands 
change appropriate files, which reflect the current configuration. I''d
like
to get them stored in a central repository where they can be compared against 
an expected state. I''m using file integrity checkers (samhain and
bart).
These just tell that the checksum of a file changed, but know nothing about 
the content. 

I''ve thought about a ''config scan'' which runs on the
machine several times a
day and transfers the gathered data to a central repository.

Does anybody know a mechanism to accomplish this?

On May 7, 2007, at 12:29 AM, Frank Munsche wrote:
> I''d like to keep the desired and current states of a machine  
> regarding it''s
> configuration.
This could be interpreted two ways -- to what extent a machine''s  
current state matches its centrally configured state, or a picture of  
the complete current state.

The former is being worked on in the form of more complete client- 
side reporting, although I don''t yet have a timeframe for it.  The  
latter is either relatively easy or essentially impossible, depending  
on what you specifically want.
> Sometimes a chain of administrative commands is needed to get a  
> special thing
> (re)configured on a machine, e.g. reconfig of a suncluster. This  
> cannot be
> done with puppet in an easy way.  In the majority of cases, these  
> commands
> change appropriate files, which reflect the current configuration.  
> I''d like
> to get them stored in a central repository where they can be  
> compared against
> an expected state. I''m using file integrity checkers (samhain and
> bart).
> These just tell that the checksum of a file changed, but know  
> nothing about
> the content.
>
> I''ve thought about a ''config scan'' which runs on
the machine
> several times a
> day and transfers the gathered data to a central repository.
>
> Does anybody know a mechanism to accomplish this?
Jos Backus has been experimenting with the ''resource'' handler
and is
doing queries against the current package state of his machines.  You  
could use this same technique to query any other type, or all types,  
so, for instance, you could iterate across all types on all machines  
and get a full list of all instances of each type.

Except... You couldn''t really, because this would take roughly  
forever to do with files.  If you skipped files, it wouldn''t be that  
hard and probably wouldn''t take more than minutes per client.

You can look at ''ralsh'' in svn for an idea of how to perform
these
queries:

   ralsh --host <myclient> package

will list all packages on that host, in executable Puppet form (this  
is code that Jos just added to ralsh last week).  It''s not hard to  
extend that to produce yaml, for instance, instead of Puppet, which  
would make it easier to compute against.

  --
  Freedom of speech in Usenet means that when you shout
''Fire!'' in a
  crowded theatre, half the crowd stands up and shouts, ''Wrong
theatre!''
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On Mon, May 07, 2007 at 10:11:52AM -0500, Luke Kanies wrote:
[snip]
> You can look at ''ralsh'' in svn for an idea of how to
perform these
> queries:
> 
>    ralsh --host <myclient> package
> 
> will list all packages on that host, in executable Puppet form (this  
> is code that Jos just added to ralsh last week).  It''s not hard to
> extend that to produce yaml, for instance, instead of Puppet, which  
> would make it easier to compute against.
It could be as simple as changing the `to_manifest'' call in ralsh to
`to_yaml''
and adding `--param instance'' to the ralsh invocation. This would give
you
output like:

    --- !ruby/object:Puppet::TransObject 
    type: :package
    name: puppet
    collectable: false
    params: 
      :instance: puppet-0.22.4-3
      :ensure: :present
    tags: 
    - :package

and so on.

-- 
Jos Backus
jos at catnook.com