It seems to me that when you have a master server and a client computer, the master doesn''t really need to know the implementation details of the client computer. It''s kinda like a browser from my perspective...the server is just telling the browser what needs to be drawn on the local side. Does the puppet model work like this? If not, I guess what I read didn''t make that clear for me. There is lots of good detail on the wiki and I''m understanding more and more. Thanks for your patience as I figure this out. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Jul 6, 2007, at 2:50 PM, barsalou wrote:> It seems to me that when you have a master server and a client > computer, the master doesn''t really need to know the implementation > details of the client computer. > > It''s kinda like a browser from my perspective...the server is just > telling the browser what needs to be drawn on the local side. > > Does the puppet model work like this? If not, I guess what I read > didn''t make that clear for me.It really depends on your configuration. You could write manifests that never used any facts from the client, or you could write some that relied heavily on them. Puppet''s presumption is that you do need that client information, so the client always passes it in when asking for its configuration. -- It is better to sleep on things beforehand than lie awake about them afterward. -- Baltasar Gracian --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On 7/6/2007 2:50 PM, barsalou wrote:> It seems to me that when you have a master server and a client > computer, the master doesn''t really need to know the implementation > details of the client computer. > > It''s kinda like a browser from my perspective...the server is just > telling the browser what needs to be drawn on the local side. > > Does the puppet model work like this? If not, I guess what I read > didn''t make that clear for me.I''m pretty sure the answer is no, it doesn''t work like that. Referring to http://reductivelabs.com/trac/puppet/wiki/SimplestPuppetInstallRecipe , "Once the signed cert is in place, the client should ask for its configuration; the server will compile it (and log that it has done so) and pass the compiled configuration to the client." So the web analogy isn''t really appropriate. In that case, the client/server conversation goes: C: "I need to see the contents of file X." S: "Here it is." (or possibly "No, you can''t see that." or any other variant) In the puppet case, the conversation goes: C: "How do I need to be configured?" S: "You need to have these packages installed, these specific permissions on the following files, and these crontab entries. Make sure these processes are running. Mount this filesystem, too. You also need to get rid of these packages, remove these other files, and kill these user accounts if they exist. And by the way, here''s the SSH key for a system we just brought online." Another way of putting it is that whether or not the master needs to know the configuration of a given client, I can''t think of any good reason why one client should ever be able to request any configuration other than its own. And in that case, the master might as well just compile the client''s configuration and send it on its way. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
Quoting Mike Renfro <renfro@tntech.edu>:> On 7/6/2007 2:50 PM, barsalou wrote: >> It seems to me that when you have a master server and a client >> computer, the master doesn''t really need to know the implementation >> details of the client computer.And specifically what I''m talking about here is how a package gets installed. I assume the server tells the client to install package X, but the implementation of that is client specific....is this way off? This sort of addresses the solaris issue that was brought up, I think.>> >> It''s kinda like a browser from my perspective...the server is just >> telling the browser what needs to be drawn on the local side. >> >> Does the puppet model work like this? If not, I guess what I read >> didn''t make that clear for me. > > I''m pretty sure the answer is no, it doesn''t work like that. Referring > to http://reductivelabs.com/trac/puppet/wiki/SimplestPuppetInstallRecipe > , "Once the signed cert is in place, the client should ask for its > configuration; the server will compile it (and log that it has done so) > and pass the compiled configuration to the client." > > So the web analogy isn''t really appropriate. In that case, the > client/server conversation goes: > > C: "I need to see the contents of file X." > S: "Here it is." (or possibly "No, you can''t see that." or any other > variant) > > In the puppet case, the conversation goes: > > C: "How do I need to be configured?" > S: "You need to have these packages installed, these specific > permissions on the following files, and these crontab entries. Make sure > these processes are running. Mount this filesystem, too. You also need > to get rid of these packages, remove these other files, and kill these > user accounts if they exist. And by the way, here''s the SSH key for a > system we just brought online." >This still leaves the way open for the client to be the one responsible for implementing the package install, correct? or how a crontab entry gets modified? So the server side doesn''t really know HOW these things are going to get done, but does direct the client WHAT needs to be done. How am I doing?> Another way of putting it is that whether or not the master needs to > know the configuration of a given client, I can''t think of any good > reason why one client should ever be able to request any configuration > other than its own. And in that case, the master might as well just > compile the client''s configuration and send it on its way. >Thanks Mike. Between what Luke is saying and this, the picture is getting clearer....I hope. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Jul 6, 2007, at 3:22 PM, barsalou wrote:> > And specifically what I''m talking about here is how a package gets > installed. I assume the server tells the client to install package X, > but the implementation of that is client specific....is this way off?Ahh, I see what you''re getting at. You want to know what turns "package" into "dpkg -l" or whatever the local equivalent is. This is definitely all client-side, and the server shouldn''t need to know anything about it (which is good, because it can''t). All of the work is done with providers; for instance, you can look in lib/puppet/ provider/package/ for all of the existing package providers. These are mostly just thin wrappers around the package commands. Does that answer your question?> This still leaves the way open for the client to be the one > responsible > for implementing the package install, correct? or how a crontab entry > gets modified? > > So the server side doesn''t really know HOW these things are going to > get done, but does direct the client WHAT needs to be done. > > How am I doing?Yep, you''ve got it -- the server provides the what, and the client provides the how. How can we document this in a way that''s clear? Anyway want to take a crack at it? -- It is absurd to divide people into good and bad. People are either charming or tedious. -- Oscar Wilde --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Quoting Luke Kanies <luke@madstop.com>:> On Jul 6, 2007, at 3:22 PM, barsalou wrote: >> >> And specifically what I''m talking about here is how a package gets >> installed. I assume the server tells the client to install package X, >> but the implementation of that is client specific....is this way off? > > Ahh, I see what you''re getting at. You want to know what turns > "package" into "dpkg -l" or whatever the local equivalent is. > > This is definitely all client-side, and the server shouldn''t need to > know anything about it (which is good, because it can''t). All of the > work is done with providers; for instance, you can look in lib/puppet/ > provider/package/ for all of the existing package providers. These > are mostly just thin wrappers around the package commands. > > Does that answer your question? >Yes.>> This still leaves the way open for the client to be the one >> responsible >> for implementing the package install, correct? or how a crontab entry >> gets modified? >> >> So the server side doesn''t really know HOW these things are going to >> get done, but does direct the client WHAT needs to be done. >> >> How am I doing? > > Yep, you''ve got it -- the server provides the what, and the client > provides the how. > > How can we document this in a way that''s clear? Anyway want to take > a crack at it?One thing is for sure, clarity comes from experience, but I have introduced puppet to a few other admin friends of mine, and as we talk about it, I''ll throw up some ideas about how we see it. Obviously the way it is documented has worked well for others, so don''t take my lack of ability to understand as a deficiency on the documentation ability to inform. :) I tend to be a picture thinker, so sometimes the words just get all jumbled up until I can create a picture in my head. You folks have done a great job in setting me straight. Thanks for the encouragement and help. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.