Hi there, I''m facing a problem that I think it''s common enough to be solved directly by puppet or at least have a best practice recommended: building a config file from snippets. I''m thinking for example about a dns zone and hosts inside that zone, ldap server and ldap databases, samba server and samba shares, a firewall config and firewall rules,... The first part of the list (ldap server, samba server, firewall config) seems to map to the concept of class in puppet, while the second part (DNS host, ldap database, samba share, firewall rule) seems to map to puppet types or definitions related to the first group. I''ve searched a bit, and have found that people use to solve this creating a set of files on disk and concatenating them using some script [1] or even having a definition that takes care of this stuff [2]. The questions are: Is there any best practice regarding this or any other way to do it? Do you think puppet should provide direct support for this? Best regards Jose [1] http://snurl.com/1uh2o [2] http://snurl.com/1uh2n _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 01 December 2007, José González Gómez wrote:> Hi there, > > I'm facing a problem that I think it's common enough to be solved directly > by puppet or at least have a best practice recommended: building a config > file from snippets. I'm thinking for example about a dns zone and hosts > inside that zone, ldap server and ldap databases, samba server and samba > shares, a firewall config and firewall rules,... The first part of the list > (ldap server, samba server, firewall config) seems to map to the concept of > class in puppet, while the second part (DNS host, ldap database, samba > share, firewall rule) seems to map to puppet types or definitions related > to the first group. > > I've searched a bit, and have found that people use to solve this creating > a set of files on disk and concatenating them using some script [1] or even > having a definition that takes care of this stuff [2]. > > The questions are: Is there any best practice regarding this or any other > way to do it? Do you think puppet should provide direct support for this? > > Best regards > Jose > > [1] http://snurl.com/1uh2o > [2] http://snurl.com/1uh2nUsing concatenated_file from [2] works very well for me. Being the author of that Define, I might be biased though. The "best practice" of course would be to model the contents of each config file as Resources and create a native ParsedFile provided Type handling the format in question. Regards, David - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHU8FC/Pp1N6Uzh0URAuSOAKCXMHLdprQ31lG5190kU5IR13P/hQCcDg5p dheoyNJGxrychVWKp4eqonY=jWFr -----END PGP SIGNATURE----- _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
"José González Gómez" <jgonzalez.openinput@gmail.com> writes:> I''m facing a problem that I think it''s common enough to be solved directly > by puppet or at least have a best practice recommended: building a config > file from snippets.ERB supports fairly complex for loops around structured data. Has anyone played with that in puppet? seph
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 04 December 2007, seph wrote:> "José González Gómez" <jgonzalez.openinput@gmail.com> writes: > > I''m facing a problem that I think it''s common enough to be solved > > directly by puppet or at least have a best practice recommended: building > > a config file from snippets. > > ERB supports fairly complex for loops around structured data. Has > anyone played with that in puppet?Yes, it works. Yes, it is fscking ugly and will break in the worst possible moment. Regards, David - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHVbP0/Pp1N6Uzh0URAu7oAJ9RPNxux5ixAjdwDSt8jqqC8M7l+QCfe5A7 Wni/WqBXuwu6M+aDPqLmJYE=qFTY -----END PGP SIGNATURE-----
I still have scripts left over from my old cfengine days that I use to create my puppet config. Basically, the way I do this it is like this: 1) my config is stored in a sqlite database created from scratch on each run from a script - I find it much easier to express relationships as a series of sql statements 2) the db contains tables such as users, hosts, interfaces, services, aliases, domains, networks, etc 3) the db then exports a number of config specific views 4) based on the db I create configuration files like postfix's main.cf, dhcpd.conf, djbdns data file, /etc/hosts, etc that are then dumped in the relevant module either as a file copied over directly from the module or as a template 5) I have defines to do the hard work for most of the modules and the config script then creates the base classes calling the various defines It's not particularly pretty but it works and my base config does not have any dependencies which is my main reason for not using ldap - I will eventually also generate ldap data, but my config db will still be the source. /peter On 04/12/2007, David Schmitt <david@schmitt.edv-bus.at> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tuesday 04 December 2007, seph wrote: > > "José González Gómez" <jgonzalez.openinput@gmail.com> writes: > > > I'm facing a problem that I think it's common enough to be solved > > > directly by puppet or at least have a best practice recommended: > building > > > a config file from snippets. > > > > ERB supports fairly complex for loops around structured data. Has > > anyone played with that in puppet? > > Yes, it works. Yes, it is fscking ugly and will break in the worst possible > moment. > > > > Regards, David > - -- > The primary freedom of open source is not the freedom from cost, but the > free- > dom to shape software to do what you want. This freedom is /never/ exercised > without cost, but is available /at all/ only by accepting the very different > costs associated with open source, costs not in money, but in time and > effort. > - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFHVbP0/Pp1N6Uzh0URAu7oAJ9RPNxux5ixAjdwDSt8jqqC8M7l+QCfe5A7 > Wni/WqBXuwu6M+aDPqLmJYE> =qFTY > -----END PGP SIGNATURE----- > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >-- /peter _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On Dec 4, 2007 12:09 PM, David Schmitt <david@schmitt.edv-bus.at> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tuesday 04 December 2007, seph wrote: > > "José González Gómez" <jgonzalez.openinput@gmail.com> writes: > > > I''m facing a problem that I think it''s common enough to be solved > > > directly by puppet or at least have a best practice recommended: building > > > a config file from snippets. > > > > ERB supports fairly complex for loops around structured data. Has > > anyone played with that in puppet? > > Yes, it works. Yes, it is fscking ugly and will break in the worst possible > moment. >It is also impossible to work with if you have cfengine and puppet hosts sharing the same templates. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
On Dec 5, 2007, at 1:06 PM, Atom Powers wrote:> It is also impossible to work with if you have cfengine and puppet > hosts sharing the same templates.Eeenteresting. I don''t know if it''s scary, good, or what, but it''s interesting, anyway. -- You only have to be open minded if you''re wrong. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com