Hi all, I''m Benjamin Sonntag, I''m one of the AlternC project developpers. AlternC is an opensource mass-hosting control panel software suite based on debian. We are working on a new version of this control panel, and we want to make the less and the best work we can for this version. So, as usual, we are using as much free software as we can, and we started to use puppet for the local or remote service configuration. Some parts are trivial, such as how to configure apache properly, enable vhosts, modules etc. but we finally found a great issue, and cannot decide if puppet is the solution or not, and which best way we can use to solve it : On mass-hosting system, we often have thousands of vhosts on apache2, and thousands of bind zone files. And of course, vhosts and zone files are all different. From now on, we will talk about vhosts, but the same problem applies to bind zones, virtual mailboxes or other mass-services. We currently don''t know how to handle so many vhosts through puppet. We saw that puppet can read node information in a ldap db, but puppet can only read NODE information, not vhosts parameters. As for today, is it (in your point of view) a clean way to do this with puppet ? We tried to found some way that may (or may not) work (some of these will be harder to implement though ...) * Use a template system in our code to generate vhosts files in puppet and upload them to the web nodes using puppet:// standard. * Generate puppet arrays in our code and use puppet recipes to read them and create the vhosts files. * Create a simple shell or perl script that will read the vhosts parameters from the central sql database and generate the vhosts, and use puppet only to upload this script to the web nodes. * add ruby code to puppet so that we can inject directly AST or objects to puppet, that will be converted to vhosts files on the web nodes. I didn''t find anything related to this in puppet trac doc, so do you have any advice about this ? Thanks a lot for your help, Best regards, Benjamin Sonntag AlternC team.
On May 7, 2007, at 2:29 PM, Benjamin Sonntag wrote:> Hi all, > > I''m Benjamin Sonntag, I''m one of the AlternC project developpers. > AlternC is an opensource mass-hosting control panel software suite > based > on debian. > > We are working on a new version of this control panel, and we want to > make the less and the best work we can for this version. > > So, as usual, we are using as much free software as we can, and we > started to use puppet for the local or remote service configuration.Great. Are you using Puppet''s XMLRPC interface, or are you actually using puppetmasterd?> Some parts are trivial, such as how to configure apache properly, > enable > vhosts, modules etc. but we finally found a great issue, and cannot > decide if puppet is the solution or not, and which best way we can use > to solve it : > > On mass-hosting system, we often have thousands of vhosts on apache2, > and thousands of bind zone files. And of course, vhosts and zone files > are all different. > From now on, we will talk about vhosts, but the same problem > applies to > bind zones, virtual mailboxes or other mass-services. > > We currently don''t know how to handle so many vhosts through > puppet. We > saw that puppet can read node information in a ldap db, but puppet can > only read NODE information, not vhosts parameters. As for today, is it > (in your point of view) a clean way to do this with puppet ?Puppet could be taught to read other kinds of resources. I''ve even though of having some kind of gateway so you could store your resources in LDAP or a database or whatever, and then use Puppet to convert them to managed resources (e.g., you''d define a ''vhost'' resource in Puppet, put a bunch of ''vhost'' instances in LDAP, then have some kind of query that pulled them all out of LDAP). That being said...> We tried to found some way that may (or may not) work (some of these > will be harder to implement though ...) > > * Use a template system in our code to generate vhosts files in puppet > and upload them to the web nodes using puppet:// standard.You''d likely want to do this using Puppet''s XMLRPC interface, rather than with file serving. You can only pull files down via the puppet proto, you can''t push them. Because most people are using puppetmasterd to do their central management, this is easier -- they create a ''vhost'' definition that wraps a ''file'' resource that uses a template to create the file they want, then the clients connect and get their configurations compiled. It sounds like you''ve got a database back-end for your data, so you likely aren''t using Puppet''s language anywhere nor puppetmasterd, so the answers aren''t as immediate.> * Generate puppet arrays in our code and use puppet recipes to read > them > and create the vhosts files.Urgh, I don''t recommend this.> * Create a simple shell or perl script that will read the vhosts > parameters from the central sql database and generate the vhosts, and > use puppet only to upload this script to the web nodes.This would certainly work, but it doesn''t provide much useful data -- no good reporting or logging, etc.> * add ruby code to puppet so that we can inject directly AST or > objects > to puppet, that will be converted to vhosts files on the web nodes.Something like this should actually be pretty straightforward. I''d need to know more about your architecture, but I''m assuming you''ve got some agent on the client, a central server that contacts that agent, and then the agent uses Puppet library calls (that is, not puppetd or the puppet executable) to do its work. I tried to figure it out from your web site, but I can''t seem to find many English docs. Depending on the actual architecture (e.g., whether you have a separate agent or you use Puppet''s agent, etc.), it should be pretty easy to turn an SQL query into Puppet objects. If you can tell me more about your architecture, I''d be glad to help you figure out the best way to do this. -- Susskind''s Rule of Thumb: Don''t ask what they think. Ask what they do. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Luke Kanies a écrit :> On May 7, 2007, at 2:29 PM, Benjamin Sonntag wrote: > > >> Hi all, >> >> I''m Benjamin Sonntag, I''m one of the AlternC project developpers. >> AlternC is an opensource mass-hosting control panel software suite >> based >> on debian. >> >> We are working on a new version of this control panel, and we want to >> make the less and the best work we can for this version. >> >> So, as usual, we are using as much free software as we can, and we >> started to use puppet for the local or remote service configuration. >> > > Great. Are you using Puppet''s XMLRPC interface, or are you actually > using puppetmasterd? >We are using puppetmasterd of course. I didn''t even know we can use directly the XMLRPC interface, since it seems to be a little bit "too internal" for us at this time :) Is there a kind of doc about this internal protocol ? (at least an API description ?)>> Some parts are trivial, such as how to configure apache properly, >> enable >> vhosts, modules etc. but we finally found a great issue, and cannot >> decide if puppet is the solution or not, and which best way we can use >> to solve it : >> >> On mass-hosting system, we often have thousands of vhosts on apache2, >> and thousands of bind zone files. And of course, vhosts and zone files >> are all different. >> From now on, we will talk about vhosts, but the same problem >> applies to >> bind zones, virtual mailboxes or other mass-services. >> >> We currently don''t know how to handle so many vhosts through >> puppet. We >> saw that puppet can read node information in a ldap db, but puppet can >> only read NODE information, not vhosts parameters. As for today, is it >> (in your point of view) a clean way to do this with puppet ? >> > > Puppet could be taught to read other kinds of resources. I''ve even > though of having some kind of gateway so you could store your > resources in LDAP or a database or whatever, and then use Puppet to > convert them to managed resources (e.g., you''d define a ''vhost'' > resource in Puppet, put a bunch of ''vhost'' instances in LDAP, then > have some kind of query that pulled them all out of LDAP). > > That being said... >Ok, I see ...>> We tried to found some way that may (or may not) work (some of these >> will be harder to implement though ...) >> >> * Use a template system in our code to generate vhosts files in puppet >> and upload them to the web nodes using puppet:// standard. >> > > You''d likely want to do this using Puppet''s XMLRPC interface, rather > than with file serving. You can only pull files down via the puppet > proto, you can''t push them. > > Because most people are using puppetmasterd to do their central > management, this is easier -- they create a ''vhost'' definition that > wraps a ''file'' resource that uses a template to create the file they > want, then the clients connect and get their configurations > compiled. It sounds like you''ve got a database back-end for your > data, so you likely aren''t using Puppet''s language anywhere nor > puppetmasterd, so the answers aren''t as immediate. > > >> * Generate puppet arrays in our code and use puppet recipes to read >> them >> and create the vhosts files. >> > > Urgh, I don''t recommend this. >ack>> * Create a simple shell or perl script that will read the vhosts >> parameters from the central sql database and generate the vhosts, and >> use puppet only to upload this script to the web nodes. >> > > This would certainly work, but it doesn''t provide much useful data -- > no good reporting or logging, etc. >yes, we knew that, puppet could be useless here, we could also put this script in alternc''s package in the web node ...> >> * add ruby code to puppet so that we can inject directly AST or >> objects >> to puppet, that will be converted to vhosts files on the web nodes. >> > > Something like this should actually be pretty straightforward. I''d > need to know more about your architecture, but I''m assuming you''ve > got some agent on the client, a central server that contacts that > agent, and then the agent uses Puppet library calls (that is, not > puppetd or the puppet executable) to do its work. I tried to figure > it out from your web site, but I can''t seem to find many English docs. > >yep, english doc is quite sparse for now ...> Depending on the actual architecture (e.g., whether you have a > separate agent or you use Puppet''s agent, etc.), it should be pretty > easy to turn an SQL query into Puppet objects. If you can tell me > more about your architecture, I''d be glad to help you figure out the > best way to do this. >ok, I see ... In fact, the information you just gave me is quite precious : So ... It''s possible to hack directly inside puppet ruby code to add functionalities so that we can create objects used by puppetd & so on. I don''t want to disturb you that much, we will first try to see if we can start using ruby language inside AlternC, because nothing is written in ruby for now (only python or php for the web part.). I like ruby language since it''s quite strict in the language world, but my co-developpers will certainly have a different point of view. We are currently building the v2 technical specs, as you may guess, no code is written at this time, (for the 2.0 of course, the 1.0 is badly written, and used by many french hosters ...) That''s why you didn''t found that much english info in our website. We will think about it more deeply before taking a decision, and we will come back to puppet-users ... See you (... soon I hope) Benjamin Sonntag AlternC
On May 7, 2007, at 3:32 PM, Benjamin Sonntag wrote:>> > We are using puppetmasterd of course. I didn''t even know we can use > directly the XMLRPC interface, since it seems to be a little bit "too > internal" for us at this time :)I assume you''re providing a web interface to your customers, which usually means you''re writing the results to a database. How do you turn that web interface into Puppet code for the puppetmaster?> Is there a kind of doc about this internal protocol ? (at least an API > description ?)Coincidentally, I''m currently writing the code to extract a reference for the network code. Note that I''m hoping to soon switch from XMLRPC to a RESTian interface, since it should be easier for everyone, but it should be a pretty transparent switch for any users of the interface, since I''ll maintain backward compatibility and will also provide clients for everything, so you shouldn''t need to even worry about the switch, other than choosing which to use. There''s a very simple example (mostly because it''s simple to use) in the SVN-based ralsh. Here''s how you perform a query against remote systems (copied directly from ralsh): client = Puppet::Network::Client.resource.new(:Server => host, :Port => Puppet[:puppetport]) unless client.read_cert raise "client.read_cert failed" end begin # They asked for a single resource. if name transbucket = [client.describe(type, name)] else # Else, list the whole thing out. transbucket = client.list(type) end rescue Puppet::Network::XMLRPCClientError => exc raise "client.list(#{type}) failed: #{exc.message}" end That gets a list of all instances of ''type'' and returns it as a TransBucket, which is the class Puppet uses to transfer configurations over the wire. You can convert this to Puppet objects with ''transbucket.to_type'', which you can then easily apply (thus effectively copying the resources from the remote system to the local system), or you can convert it to code which you could write to disk, etc. In this case, you''re probably more interested in the ''apply'' method, rather than ''list'' or ''describe''. In that case, you''d build your own TransBucket containing TransObjects (these class names will probably get fixed when I switch to REST), and then call ''apply'' on the remote system, which would effectively push your configuration to the client. It''s not quite as good as it could be -- you should get a transaction report back, whereas instead you only get ''success'', and I don''t have much in the way of tools to make it simple to generate the TransBuckets and TransObjects you want, but none of this stuff is all that hard.> In fact, the information you just gave me is quite precious : > So ... It''s possible to hack directly inside puppet ruby code to add > functionalities so that we can create objects used by puppetd & so on.Yes, quite easily.> I don''t want to disturb you that much, we will first try to see if we > can start using ruby language inside AlternC, because nothing is > written > in ruby for now (only python or php for the web part.). I like ruby > language since it''s quite strict in the language world, but my > co-developpers will certainly have a different point of view.Ok, but I don''t consider it much of a disturbance -- this is an area of Puppet''s functionality that''s really under-utilyzed right now, so I''d like to do what I can to make it more obvious and more used.> We are currently building the v2 technical specs, as you may guess, no > code is written at this time, (for the 2.0 of course, the 1.0 is badly > written, and used by many french hosters ...) > > That''s why you didn''t found that much english info in our website. We > will think about it more deeply before taking a decision, and we will > come back to puppet-users ...Okay. I should have a network reference up by the end of the day (GMT-6 time). -- It is curious that physical courage should be so common in the world and moral courage so rare. -- Mark Twain --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com