Puppet users - Aug 2007 - Using case in class

OK, I started down this road a few months ago and got side tracked
with project work. I have a class called "install" that I want to use
with only machines on one protected subnet.  In my site.pp file, among
other node entries, I have -

node default {
    install
}

The class itself -

class install {
    case $domain {
        "test.example.com": {
             file: {"/etc/ssh/sshd_config":
                 owner => root,
                 group => root
             }
        }
    }
}


The clients are on the test.example.com domain and the Puppet server
is on the example.com domain.  My case statement isn''t working.  The
install class is executed no matter which subnet the client is on.
Thanks,
Kent

On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
> OK, I started down this road a few months ago and got side tracked with
> project work. I have a class called "install" that I want to use
with
> only machines on one protected subnet.  In my site.pp file, among other
> node entries, I have -
> 
> node default {
>     install
> }
> 
> The class itself -
> 
> class install {
>     case $domain {
>         "test.example.com": {
>              file: {"/etc/ssh/sshd_config":
>                  owner => root,
>                  group => root
>              }
>         }
>     }
> }
> 
You need to use $fqdn, not $domain, so something like:

case $fqdn {    
    "test.example.com": {      
      file {
 	...
	
Micah

On 8/20/07, micah <micah@riseup.net> wrote:
> On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
>
> > OK, I started down this road a few months ago and got side tracked
with
> > project work. I have a class called "install" that I want to
use with
> > only machines on one protected subnet.  In my site.pp file, among
other
> > node entries, I have -
> >
> > node default {
> >     install
> > }
> >
> > The class itself -
> >
> > class install {
> >     case $domain {
> >         "test.example.com": {
> >              file: {"/etc/ssh/sshd_config":
> >                  owner => root,
> >                  group => root
> >              }
> >         }
> >     }
> > }
> >
>
> You need to use $fqdn, not $domain, so something like:
>
> case $fqdn {
>     "test.example.com": {
>       file {
I tested this and got the same behavior, the class runs regardless of
what I place in the "test.example.com" slot.  Besides I don''t
want the
fqdn to be the distinguishing variable, I want the sub domain.  This
is the scenario, I have a subdomain in which all machines are first
installed.  The installs are automated with kickstart.  In the post
install portion of the kickstart config I have "puppetd -v -o" placed
in the rc.local file.  At first boot puppetd runs and
hardens/configures the server.  I have a reserved fqdn I use only for
installs.  This all works great if you want to do one machine at a
time.  I want to configure puppet so I can do multiple installs at the
same time, unattended.  Certs auto signed for the subdomain
test.example.com and a class that only runs for machines within this
subdomain.

Another way to put it, instead of

node testbox {
    install
}

I would like,

domain "test.example.com" {
    install
}

Thanks,
Kent

On 20/08/07, Kenton Brede <kbrede@gmail.com>
wrote:
>
> On 8/20/07, micah <micah@riseup.net> wrote:
> > On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
> >
> > > OK, I started down this road a few months ago and got side
tracked
> with
> > > project work. I have a class called "install" that I
want to use with
> > > only machines on one protected subnet.  In my site.pp file, among
> other
> > > node entries, I have -
> > >
> > > node default {
> > >     install
> > > }
> > >
> > > The class itself -
> > >
> > > class install {
> > >     case $domain {
> > >         "test.example.com": {
> > >              file: {"/etc/ssh/sshd_config":
> > >                  owner => root,
> > >                  group => root
> > >              }
> > >         }
> > >     }
> > > }
> > >
> >
> > You need to use $fqdn, not $domain, so something like:
> >
> > case $fqdn {
> >     "test.example.com": {
> >       file {
>
> I tested this and got the same behavior, the class runs regardless of
> what I place in the "test.example.com" slot.  Besides I
don''t want the
> fqdn to be the distinguishing variable, I want the sub domain.


But you''re contradicting yourself here. You say you want to distinguish
on
the subdomain, but use the domain fact. The domain fact will always return
''
example.com'' in your example. You need to use the fqdn fact, which will
return ''test.example.com'' in your example.

You talk about ''the class runs regardless'', but you are casing
a file
resource. Of course the class runs, the question is if the file resource
gets applied. From what you present here, it''s not entirely clear to me
whether the resource gets applied. Have you tested this? Or only looked at
the puppet output? Because the messages that puppet sends can be a tad
confusing (I know I have had problems interpreting this a number of times).


 This
> is the scenario, I have a subdomain in which all machines are first
> installed.  The installs are automated with kickstart.  In the post
> install portion of the kickstart config I have "puppetd -v -o"
placed
> in the rc.local file.  At first boot puppetd runs and
> hardens/configures the server.  I have a reserved fqdn I use only for
> installs.  This all works great if you want to do one machine at a
> time.  I want to configure puppet so I can do multiple installs at the
> same time, unattended.  Certs auto signed for the subdomain
> test.example.com and a class that only runs for machines within this
> subdomain.


Nice idea,  btw.


Another way to put it, instead of
>
> node testbox {
>     install
> }
>
> I would like,
>
> domain "test.example.com" {
>     install
> }
>
> Thanks,
> Kent
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>

Thijs


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On 8/20/07, Thijs Oppermann <thijso+puppet@gmail.com>
wrote:
> On 20/08/07, Kenton Brede <kbrede@gmail.com> wrote:
> > On 8/20/07, micah <micah@riseup.net> wrote:
> > > On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
> > >
> > > > OK, I started down this road a few months ago and got side
tracked
> with
> > > > project work. I have a class called "install" that
I want to use with
> > > > only machines on one protected subnet.  In my site.pp file,
among
> other
> > > > node entries, I have -
> > > >
> > > > node default {
> > > >     install
> > > > }
> > > >
> > > > The class itself -
> > > >
> > > > class install {
> > > >     case $domain {
> > > >         " test.example.com": {
> > > >              file: {"/etc/ssh/sshd_config":
> > > >                  owner => root,
> > > >                  group => root
> > > >              }
> > > >         }
> > > >     }
> > > > }
> > > >
> > >
> > > You need to use $fqdn, not $domain, so something like:
> > >
> > > case $fqdn {
> > >     "test.example.com ": {
> > >       file {
> >
> > I tested this and got the same behavior, the class runs regardless of
> > what I place in the "test.example.com" slot.  Besides I
don''t want the
> > fqdn to be the distinguishing variable, I want the sub domain.
>
>
> But you''re contradicting yourself here. You say you want to
distinguish on
> the subdomain, but use the domain fact. The domain fact will always return
''
> example.com'' in your example. You need to use the fqdn fact, which
will
> return ''test.example.com'' in your example.
example.com and test.example.com are both domains.

In this example "server.example.com" would be a fqdn in domain
"example.com" and "client.test.example.com" is a fqdn on
subdomain
"test.example.com."  Sorry for the confusion.  I should have been more
explicit.
> You talk about ''the class runs regardless'', but you are
casing a file
> resource. Of course the class runs, the question is if the file resource
> gets applied. From what you present here, it''s not entirely clear
to me
> whether the resource gets applied. Have you tested this?
Yes, the file resource gets applied regardless of the case statement.
I''ve tested and tested and tested..... :)  For example if I set owner
to "blah" it will get changed back to "root" regardless of
the various
permutations of "case" I''ve used.  Either I''m using
the case
conditional wrong or it simply doesn''t work the way I want to use it.
I tried moving the case statement to the site.pp file and wrap the
install class there and got the same results.
> Or only looked at
> the puppet output? Because the messages that puppet sends can be a tad
> confusing (I know I have had problems interpreting this a number of times).
I pretty much just look at the output for errors.
>
>
> >  This
> > is the scenario, I have a subdomain in which all machines are first
> > installed.  The installs are automated with kickstart.  In the post
> > install portion of the kickstart config I have "puppetd -v
-o" placed
> > in the rc.local file.  At first boot puppetd runs and
> > hardens/configures the server.  I have a reserved fqdn I use only for
> > installs.  This all works great if you want to do one machine at a
> > time.  I want to configure puppet so I can do multiple installs at the
> > same time, unattended.  Certs auto signed for the subdomain
> > test.example.com and a class that only runs for machines within this
> > subdomain.
>
>
> Nice idea,  btw.
It works real nice for one machine at a time.  I just have to remember
to remove the cert between installs on the puppetmaster.  Now if I
could just set this up for configuring multiple machines at the same
time based on subdomain, then it would really be useful.
Thanks,
Kent

On 21/08/07, Kenton Brede <kbrede@gmail.com>
wrote:
> On 8/20/07, Thijs Oppermann <thijso+puppet@gmail.com> wrote:
> > On 20/08/07, Kenton Brede <kbrede@gmail.com> wrote:
> > > On 8/20/07, micah <micah@riseup.net> wrote:
> > > > On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
> > > >
> > > > > OK, I started down this road a few months ago and got
side tracked
> > with
> > > > > project work. I have a class called "install"
that I want to use with
> > > > > only machines on one protected subnet.  In my site.pp
file, among
> > other
> > > > > node entries, I have -
> > > > >
> > > > > node default {
> > > > >     install
> > > > > }
> > > > >
> > > > > The class itself -
> > > > >
> > > > > class install {
> > > > >     case $domain {
> > > > >         " test.example.com": {
> > > > >              file: {"/etc/ssh/sshd_config":
> > > > >                  owner => root,
> > > > >                  group => root
> > > > >              }
> > > > >         }
> > > > >     }
> > > > > }
> > > > >
Ok, I haven''t really paid to close attention to this, because I was
assuming you just quickly typed this out as an example. If you
copy/pasted this from your manifest, you have a few errors in there
(that I hope would be caught by the parse). It should read something
like this:

node default {
  include install
}

class install {
     case $domain {
         "test.example.com": {
              file { "/etc/ssh/sshd_config":
                  owner => root,
                  group => root
              }
         }
     }
}

> > > >
> > > > You need to use $fqdn, not $domain, so something like:
> > > >
> > > > case $fqdn {
> > > >     "test.example.com ": {
> > > >       file {
> > >
> > > I tested this and got the same behavior, the class runs
regardless of
> > > what I place in the "test.example.com" slot.  Besides I
don''t want the
> > > fqdn to be the distinguishing variable, I want the sub domain.
> >
> >
> > But you''re contradicting yourself here. You say you want to
distinguish on
> > the subdomain, but use the domain fact. The domain fact will always
return ''
> > example.com'' in your example. You need to use the fqdn fact,
which will
> > return ''test.example.com'' in your example.
>
> example.com and test.example.com are both domains.
>
> In this example "server.example.com" would be a fqdn in domain
> "example.com" and "client.test.example.com" is a fqdn
on subdomain
> "test.example.com."  Sorry for the confusion.  I should have been
more
> explicit.
>
Have you verified that this is also how facter sees these?
> > You talk about ''the class runs regardless'', but you
are casing a file
> > resource. Of course the class runs, the question is if the file
resource
> > gets applied. From what you present here, it''s not entirely
clear to me
> > whether the resource gets applied. Have you tested this?
>
> Yes, the file resource gets applied regardless of the case statement.
> I''ve tested and tested and tested..... :)  For example if I set
owner
> to "blah" it will get changed back to "root" regardless
of the various
> permutations of "case" I''ve used.  Either I''m
using the case
> conditional wrong or it simply doesn''t work the way I want to use
it.
> I tried moving the case statement to the site.pp file and wrap the
> install class there and got the same results.
>
> > Or only looked at
> > the puppet output? Because the messages that puppet sends can be a tad
> > confusing (I know I have had problems interpreting this a number of
times).
>
> I pretty much just look at the output for errors.
>
> >
> >
> > >  This
> > > is the scenario, I have a subdomain in which all machines are
first
> > > installed.  The installs are automated with kickstart.  In the
post
> > > install portion of the kickstart config I have "puppetd -v
-o" placed
> > > in the rc.local file.  At first boot puppetd runs and
> > > hardens/configures the server.  I have a reserved fqdn I use only
for
> > > installs.  This all works great if you want to do one machine at
a
> > > time.  I want to configure puppet so I can do multiple installs
at the
> > > same time, unattended.  Certs auto signed for the subdomain
> > > test.example.com and a class that only runs for machines within
this
> > > subdomain.
> >
> >
> > Nice idea,  btw.
>
> It works real nice for one machine at a time.  I just have to remember
> to remove the cert between installs on the puppetmaster.  Now if I
> could just set this up for configuring multiple machines at the same
> time based on subdomain, then it would really be useful.
> Thanks,
> Kent
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>

On 8/21/07, Thijs Oppermann <thijso+puppet@gmail.com>
wrote:
> On 21/08/07, Kenton Brede <kbrede@gmail.com> wrote:
> > On 8/20/07, Thijs Oppermann <thijso+puppet@gmail.com> wrote:
> > > On 20/08/07, Kenton Brede <kbrede@gmail.com> wrote:
> > > > On 8/20/07, micah <micah@riseup.net> wrote:
> > > > > On Mon, 20 Aug 2007 13:55:06 -0500, Kenton Brede wrote:
> > > > >
> > > > > > OK, I started down this road a few months ago and
got side tracked
> > > with
> > > > > > project work. I have a class called
"install" that I want to use with
> > > > > > only machines on one protected subnet.  In my
site.pp file, among
> > > other
> > > > > > node entries, I have -
> > > > > >
> > > > > > node default {
> > > > > >     install
> > > > > > }
> > > > > >
> > > > > > The class itself -
> > > > > >
> > > > > > class install {
> > > > > >     case $domain {
> > > > > >         " test.example.com": {
> > > > > >              file:
{"/etc/ssh/sshd_config":
> > > > > >                  owner => root,
> > > > > >                  group => root
> > > > > >              }
> > > > > >         }
> > > > > >     }
> > > > > > }
> > > > > >
>
> Ok, I haven''t really paid to close attention to this, because I
was
> assuming you just quickly typed this out as an example. If you
> copy/pasted this from your manifest, you have a few errors in there
> (that I hope would be caught by the parse). It should read something
> like this:
>
> node default {
>   include install
> }
>
> class install {
>      case $domain {
>          "test.example.com": {
>               file { "/etc/ssh/sshd_config":
>                   owner => root,
>                   group => root
>               }
>          }
>      }
> }
>
>
> > > > >
> > > > > You need to use $fqdn, not $domain, so something like:
> > > > >
> > > > > case $fqdn {
> > > > >     "test.example.com ": {
> > > > >       file {
> > > >
> > > > I tested this and got the same behavior, the class runs
regardless of
> > > > what I place in the "test.example.com" slot. 
Besides I don''t want the
> > > > fqdn to be the distinguishing variable, I want the sub
domain.
> > >
> > >
> > > But you''re contradicting yourself here. You say you want
to distinguish on
> > > the subdomain, but use the domain fact. The domain fact will
always return ''
> > > example.com'' in your example. You need to use the fqdn
fact, which will
> > > return ''test.example.com'' in your example.
> >
> > example.com and test.example.com are both domains.
> >
> > In this example "server.example.com" would be a fqdn in
domain
> > "example.com" and "client.test.example.com" is a
fqdn on subdomain
> > "test.example.com."  Sorry for the confusion.  I should have
been more
> > explicit.
> >
>
> Have you verified that this is also how facter sees these?
Yep, that''s what facter sees.

Anyway after messing with this most of the morning I noticed the time
was off between the server and client.  I had ntpd set up but it
wasn''t running on the server.  I don''t think that should have
anything
to do with the case conditional but after fixing the time issue the
class with the case conditional started working as I wished.  I just
successfully installed and configured two machines concurrently and
unattended.  I''m a happy camper now.  Thanks all for your effort :)
Kent