Puppet users - Dec 2007 - How does one use a module?

Greetings -

Maybe I''m a bit slow, but I''ve been trying to understand how
to use a
module for the better part of a day and I''m not getting it.
Here''s
what I''ve done:

Using puppet 0.23.2

1. Downloaded the shorewall module from David Schmitt''s git repo
(Thanks David!!!!) and placed it in the directory
/var/lib/puppet/modules (using the rpm version of
puppet/puppetmaster).

2. Edited fileserver.conf, adding
    [modules]
   path /var/lib/puppet/modules
   allow 192.168.100.0/24

3. Created a class based on the wiki [1] with local modifications:


class cbi-shorewall {
## base interface
shorewall::shorewall-interface { ''xenbr0'': }

## still accept packages from CBI, even if the firewall is stopped
shorewall::shorewall-routestopped { ''cbi'':
        host            =>      "159.189.177.16",

<snip> . . . . .  </snip>

         ''allicmp-to-host'':
                source          =>      ''all'',
                destination     =>      ''$FW'',
                order           =>      40020,
                action          =>     
''AllowICMPs/ACCEPT'';
        ''allow ssh'':
                source          =>      ''net'',
                protocol        =>      ''tcp'',
                destinationport =>      ''22'',
                order           =>      40080,
                action          =>      ''ACCEPT'',
                destination     =>      "$FW";
 }

}


4. Included the shorewall class (cbi-shorewall) in my node declaration:

node cbi-xlhp1 inherits servers {
        include
                cbi-shorewall,
                yumrepos-sle10
}


I don''t see any mention of the class being called when I run
''puppetd
-t --debug'' and the shorewall modifications aren''t made.  What
am I
doing wrong?



[1] http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall




Thanks,
Jeff

Jeff Falgout schrieb:
> Greetings -
> 
> Maybe I''m a bit slow, but I''ve been trying to understand
how to use a
> module for the better part of a day and I''m not getting it.
Here''s
> what I''ve done:
> 
> Using puppet 0.23.2
> 
> 1. Downloaded the shorewall module from David Schmitt''s git repo
> (Thanks David!!!!) and placed it in the directory
> /var/lib/puppet/modules (using the rpm version of
> puppet/puppetmaster).
According to the FHS /var/lib(/puppet/modules) is a place for programs 
to store their persistent data. Therefore many of my modules will create 
directories and files there, deleting everything else there is.

I would recommend /srv/puppet/modules/ as a place to store the actual 
modules.
> 2. Edited fileserver.conf, adding
>     [modules]
>    path /var/lib/puppet/modules
>    allow 192.168.100.0/24
The "path" for this mount should be inferred by puppet from the 
modulepath. You only need to set you ACLs here. Speaking of the module 
path: is it set to include the directory where you placed the module?
> 3. Created a class based on the wiki [1] with local modifications:
> 
> 
> class cbi-shorewall {
> ## base interface
> shorewall::shorewall-interface { ''xenbr0'': }
> 
> ## still accept packages from CBI, even if the firewall is stopped
> shorewall::shorewall-routestopped { ''cbi'':
>         host            =>      "159.189.177.16",
> 
> <snip> . . . . .  </snip>
> 
>          ''allicmp-to-host'':
>                 source          =>      ''all'',
>                 destination     =>      ''$FW'',
>                 order           =>      40020,
>                 action          =>     
''AllowICMPs/ACCEPT'';
>         ''allow ssh'':
>                 source          =>      ''net'',
>                 protocol        =>      ''tcp'',
>                 destinationport =>      ''22'',
>                 order           =>      40080,
>                 action          =>      ''ACCEPT'',
>                 destination     =>      "$FW";
>  }
> 
> }
When I took the code from the wiki, I cleaned it up a bit and removed 
the redundant "shorewall-" prefix. It look like I failed to adjust the
wiki page accordingly, which I did now.

Reviewing the wiki page I also note that the git reference is not 
totally accurate. I fixed that too.
> 4. Included the shorewall class (cbi-shorewall) in my node declaration:
> 
> node cbi-xlhp1 inherits servers {
>         include
>                 cbi-shorewall,
>                 yumrepos-sle10
> }
> 
> 
> I don''t see any mention of the class being called when I run
''puppetd
> -t --debug'' and the shorewall modifications aren''t made. 
What am I
> doing wrong?
Here comes the painful part: since putting the module in my repo I 
didn''t come around integrating it into my setup, it is therefore 
untested. If you can send me a minimal failing --debug output, I''m 
pretty sure we can work out any kinks I introduced into Ghislain''s 
original code.

If you''re interested in collaborating more closely on this module, 
please take a look at [2], where there are instructions in preparation 
for a general module-collaboration-workflow.

> [1] http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
[2] http://reductivelabs.com/trac/puppet/wiki/CommonModules

Regards, DavidS

On Dec 5, 2007 12:36 AM, David Schmitt <david@schmitt.edv-bus.at>
wrote:
> Jeff Falgout schrieb:
> > Greetings -
> >
> > Maybe I''m a bit slow, but I''ve been trying to
understand how to use a
> > module for the better part of a day and I''m not getting it.
Here''s
> > what I''ve done:
> >
> > Using puppet 0.23.2
> >
> > 1. Downloaded the shorewall module from David Schmitt''s git
repo
> > (Thanks David!!!!) and placed it in the directory
> > /var/lib/puppet/modules (using the rpm version of
> > puppet/puppetmaster).
>
> According to the FHS /var/lib(/puppet/modules) is a place for programs
> to store their persistent data. Therefore many of my modules will create
> directories and files there, deleting everything else there is.
>
> I would recommend /srv/puppet/modules/ as a place to store the actual
> modules.
Ok - I''ll move the module storage. Makes sense.
>
> > 2. Edited fileserver.conf, adding
> >     [modules]
> >    path /var/lib/puppet/modules
> >    allow 192.168.100.0/24
>
> The "path" for this mount should be inferred by puppet from the
> modulepath. You only need to set you ACLs here. Speaking of the module
> path: is it set to include the directory where you placed the module?
>
> > 3. Created a class based on the wiki [1] with local modifications:
> >
> >
> > class cbi-shorewall {
> > ## base interface
<snip> .
. . . .

</snip>
>
> When I took the code from the wiki, I cleaned it up a bit and removed
> the redundant "shorewall-" prefix. It look like I failed to
adjust the
> wiki page accordingly, which I did now.
>
> Reviewing the wiki page I also note that the git reference is not
> totally accurate. I fixed that too.
>
> > 4. Included the shorewall class (cbi-shorewall) in my node
declaration:
> >
> > node cbi-xlhp1 inherits servers {
> >         include
> >                 cbi-shorewall,
> >                 yumrepos-sle10
> > }
> >
> >
> > I don''t see any mention of the class being called when I run
''puppetd
> > -t --debug'' and the shorewall modifications aren''t
made.  What am I
> > doing wrong?
>
> Here comes the painful part: since putting the module in my repo I
> didn''t come around integrating it into my setup, it is therefore
> untested. If you can send me a minimal failing --debug output, I''m
> pretty sure we can work out any kinks I introduced into Ghislain''s
> original code.
Not painful at all - I was trying to figure out how you got it working
and relieved to know you didn''t

I''m still struggling with the basics. Where do I put my recipe that
uses the module? With all of my other recipies? How is the module
called? I haven''t been able to find a step by step reference on using
your first module. Is 0.24 required?
>
> If you''re interested in collaborating more closely on this module,
> please take a look at [2], where there are instructions in preparation
> for a general module-collaboration-workflow.
>
I''ll look through wiki page and try to get a grasp of it. I am very
interested in how the module setup works in general and shorewall
specifically (I need to deploy shorewall to 100+ machines).
>
> > [1] http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
> [2] http://reductivelabs.com/trac/puppet/wiki/CommonModules
>
> Regards, DavidS
>
Thanks for your help,

Jeff

On 12/5/2007 12:50 PM, Jeff Falgout wrote:
> I''m still struggling with the basics. Where do I put my recipe
that
> uses the module? With all of my other recipies? How is the module 
> called? I haven''t been able to find a step by step reference on
using
> your first module. Is 0.24 required?
At the risk of excessive blogwhoring, I''ve got something resembling a 
step-by-step reference posted at 
http://blogs.cae.tntech.edu/mwr/2007/08/02/the-new-file-server-puppet-and-modules/

And no, 0.24 isn''t required for modules to work. I''m on 0.23.1
still.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 05 December 2007, Jeff Falgout wrote:
> > Here comes the painful part: since putting the module in my repo I
> > didn''t come around integrating it into my setup, it is
therefore
> > untested. If you can send me a minimal failing --debug output,
I''m
> > pretty sure we can work out any kinks I introduced into
Ghislain''s
> > original code.
>
> Not painful at all - I was trying to figure out how you got it working
> and relieved to know you didn''t
>
> I''m still struggling with the basics. Where do I put my recipe
that
> uses the module? With all of my other recipies? How is the module
> called? I haven''t been able to find a step by step reference on
using
> your first module. Is 0.24 required?
That''s because Modules are actualyl quite dumb :) see 
http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation for details.
> > If you''re interested in collaborating more closely on this
module,
> > please take a look at [2], where there are instructions in preparation
> > for a general module-collaboration-workflow.
>
> I''ll look through wiki page and try to get a grasp of it. I am
very
> interested in how the module setup works in general and shorewall
> specifically (I need to deploy shorewall to 100+ machines).
yay :) good luck and have fun!
> > > [1] http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
> >
> > [2] http://reductivelabs.com/trac/puppet/wiki/CommonModules

Regards, DavidS

- -- 
The primary freedom of open source is not the freedom from cost, but the free-
dom to shape software to do what you want. This freedom is /never/ exercised
without cost, but is available /at all/ only by accepting the very different
costs associated with open source, costs not in money, but in time and effort.
- -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHV8Cm/Pp1N6Uzh0URAt68AJsGKFp1SAP2o8gmvFta+Li3l2ic/wCeLImd
tDvD66cSKyM/Vw0y16/DEnI=NBcy
-----END PGP SIGNATURE-----

Thanks David,

On Dec 6, 2007 2:28 AM, David Schmitt <david@schmitt.edv-bus.at>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wednesday 05 December 2007, Jeff Falgout wrote:
> > > Here comes the painful part: since putting the module in my repo
I
> > > didn''t come around integrating it into my setup, it is
therefore
> > > untested. If you can send me a minimal failing --debug output,
I''m
> > > pretty sure we can work out any kinks I introduced into
Ghislain''s
> > > original code.
> >
> > Not painful at all - I was trying to figure out how you got it working
> > and relieved to know you didn''t
> >
> > I''m still struggling with the basics. Where do I put my
recipe that
> > uses the module? With all of my other recipies? How is the module
> > called? I haven''t been able to find a step by step reference
on using
> > your first module. Is 0.24 required?
>
> That''s because Modules are actualyl quite dumb :) see
> http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation for details.
>
> > > If you''re interested in collaborating more closely on
this module,
> > > please take a look at [2], where there are instructions in
preparation
> > > for a general module-collaboration-workflow.
> >
> > I''ll look through wiki page and try to get a grasp of it. I
am very
> > interested in how the module setup works in general and shorewall
> > specifically (I need to deploy shorewall to 100+ machines).
>
> yay :) good luck and have fun!
>
Ok - here''s what I''ve do so far:

1. moved the modules directory to /etc/puppet (the default)
2. created the file modules.pp in $confdir/manifests with the contents
   import "shorewall"
3. to site.pp, added ''import "modules.pp"''
4. created a node definition which has the shorewall "stuff" from the
wiki [1]
5. Restart puppetmaster (just to be sure everything is fine) and get
the following in the puppetmaster log:


Thu Dec 13 18:25:31 MST 2007 Puppet (notice): Reparsing /etc/puppet/puppet.conf
Thu Dec 13 18:31:46 MST 2007 Puppet (err): Could not parse; using old
configuration: Unknown function dirname at
/etc/puppet/modules/shorewall/manifests/init.pp:49
Thu Dec 13 18:31:46 MST 2007 Puppet (err): undefined method
`findclass'' for nil:NilClass
Thu Dec 13 18:31:47 MST 2007 mount[files] (notice): File source
/var/lib/puppet/files/cbi/common/xen/xend.init does not exist
Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
configuration: Unknown function dirname at
/etc/puppet/modules/shorewall/manifests/init.pp:49
Thu Dec 13 18:32:06 MST 2007 Puppet (notice): Reopening log files
Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
configuration: Unknown function dirname at
/etc/puppet/modules/shorewall/manifests/init.pp:49


Here''s the relevent portion of the init.pp:

 # private
        define entry ($line) {
                $target = "/var/lib/puppet/modules/shorewall/${name}"
                $dir = dirname($target)      <<<<< ----------
line 49
                file { $target:
                        content => "${line}\n",
                        mode => 0600, owner => root, group => root,
                        notify => Exec["concat_${dir}"],
                }
        }


What should "dirname" be doing here?




[1]  http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall

>
> Regards, DavidS
>
> - --

Thanks again,
Jeff

On Dec 13, 2007 6:53 PM, Jeff Falgout <jtfalgout@gmail.com> wrote:
>
>
> Thu Dec 13 18:25:31 MST 2007 Puppet (notice): Reparsing
/etc/puppet/puppet.conf
> Thu Dec 13 18:31:46 MST 2007 Puppet (err): Could not parse; using old
> configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
> Thu Dec 13 18:31:46 MST 2007 Puppet (err): undefined method
> `findclass'' for nil:NilClass
> Thu Dec 13 18:31:47 MST 2007 mount[files] (notice): File source
> /var/lib/puppet/files/cbi/common/xen/xend.init does not exist
> Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
> Thu Dec 13 18:32:06 MST 2007 Puppet (notice): Reopening log files
> Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
>
>
> Here''s the relevent portion of the init.pp:
>
>  # private
>         define entry ($line) {
>                 $target =
"/var/lib/puppet/modules/shorewall/${name}"
>                 $dir = dirname($target)      <<<<<
---------- line 49
>                 file { $target:
>                         content => "${line}\n",
>                         mode => 0600, owner => root, group =>
root,
>                         notify => Exec["concat_${dir}"],
>                 }
>         }
>
>
> What should "dirname" be doing here?
>
Looks like it want''s to execute the system command
''dirname''. Do
modules inherit the path set in site.pp? Should dirname be inside an
exec?

>
>
>
> [1]  http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
>
>
> >
> > Regards, DavidS
> >
> > - --
>
>
> Thanks again,
> Jeff
>

On 12/13/07, Jeff Falgout <jtfalgout@gmail.com>
wrote:
>
> On Dec 13, 2007 6:53 PM, Jeff Falgout <jtfalgout@gmail.com> wrote:
>
> >
> >
> > Thu Dec 13 18:25:31 MST 2007 Puppet (notice): Reparsing
> /etc/puppet/puppet.conf
> > Thu Dec 13 18:31:46 MST 2007 Puppet (err): Could not parse; using old
> > configuration: Unknown function dirname at
> > /etc/puppet/modules/shorewall/manifests/init.pp:49
> > Thu Dec 13 18:31:46 MST 2007 Puppet (err): undefined method
> > `findclass'' for nil:NilClass
> > Thu Dec 13 18:31:47 MST 2007 mount[files] (notice): File source
> > /var/lib/puppet/files/cbi/common/xen/xend.init does not exist
> > Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> > configuration: Unknown function dirname at
> > /etc/puppet/modules/shorewall/manifests/init.pp:49
> > Thu Dec 13 18:32:06 MST 2007 Puppet (notice): Reopening log files
> > Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> > configuration: Unknown function dirname at
> > /etc/puppet/modules/shorewall/manifests/init.pp:49
> >
> >
> > Here''s the relevent portion of the init.pp:
> >
> >  # private
> >         define entry ($line) {
> >                 $target =
"/var/lib/puppet/modules/shorewall/${name}"
> >                 $dir = dirname($target)      <<<<<
---------- line 49
> >                 file { $target:
> >                         content => "${line}\n",
> >                         mode => 0600, owner => root, group =>
root,
> >                         notify => Exec["concat_${dir}"],
> >                 }
> >         }
> >
> >
> > What should "dirname" be doing here?
> >
>
> Looks like it want''s to execute the system command
''dirname''. Do
> modules inherit the path set in site.pp? Should dirname be inside an
> exec?

You can''t arbitrarily shell out inside a puppet manifest, everything
either
needs to be part of the manifest language, a custom define (again part of
the language), or a custom plugin (external ruby used to extend the
language).  I think this is one of David''s modules (or based upon his
work).
 He makes frequent use of plugins (custom functions) which definitely falls
into the advanced usage category.

There''s not really an easy fix here since this example using the
dirname
function.
 You can get plugins working (which is pretty well documented and should be
easier with 0.24.0).




>
> >
> >
> > [1]  http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
> >
> >
> > >
> > > Regards, DavidS
> > >
> > > - --
> >
> >
> > Thanks again,
> > Jeff
> >
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>


-- 
stickm@gmail.com
-==< Stick >==-


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 14 December 2007, Jeff Falgout wrote:
> Thanks David,
>
> On Dec 6, 2007 2:28 AM, David Schmitt <david@schmitt.edv-bus.at>
wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wednesday 05 December 2007, Jeff Falgout wrote:
> > > > Here comes the painful part: since putting the module in my
repo I
> > > > didn''t come around integrating it into my setup, it
is therefore
> > > > untested. If you can send me a minimal failing --debug
output, I''m
> > > > pretty sure we can work out any kinks I introduced into
Ghislain''s
> > > > original code.
> > >
> > > Not painful at all - I was trying to figure out how you got it
working
> > > and relieved to know you didn''t
> > >
> > > I''m still struggling with the basics. Where do I put my
recipe that
> > > uses the module? With all of my other recipies? How is the module
> > > called? I haven''t been able to find a step by step
reference on using
> > > your first module. Is 0.24 required?
> >
> > That''s because Modules are actualyl quite dumb :) see
> > http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation for
details.
> >
> > > > If you''re interested in collaborating more closely
on this module,
> > > > please take a look at [2], where there are instructions in
> > > > preparation for a general module-collaboration-workflow.
> > >
> > > I''ll look through wiki page and try to get a grasp of
it. I am very
> > > interested in how the module setup works in general and shorewall
> > > specifically (I need to deploy shorewall to 100+ machines).
> >
> > yay :) good luck and have fun!
>
> Ok - here''s what I''ve do so far:
>
> 1. moved the modules directory to /etc/puppet (the default)
> 2. created the file modules.pp in $confdir/manifests with the contents
>    import "shorewall"
> 3. to site.pp, added ''import "modules.pp"''
> 4. created a node definition which has the shorewall "stuff" from
the wiki
> [1] 5. Restart puppetmaster (just to be sure everything is fine) and get
> the following in the puppetmaster log:
>
>
> Thu Dec 13 18:25:31 MST 2007 Puppet (notice): Reparsing
> /etc/puppet/puppet.conf Thu Dec 13 18:31:46 MST 2007 Puppet (err): Could
> not parse; using old configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
> Thu Dec 13 18:31:46 MST 2007 Puppet (err): undefined method
> `findclass'' for nil:NilClass
> Thu Dec 13 18:31:47 MST 2007 mount[files] (notice): File source
> /var/lib/puppet/files/cbi/common/xen/xend.init does not exist
> Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
> Thu Dec 13 18:32:06 MST 2007 Puppet (notice): Reopening log files
> Thu Dec 13 18:32:06 MST 2007 Puppet (err): Could not parse; using old
> configuration: Unknown function dirname at
> /etc/puppet/modules/shorewall/manifests/init.pp:49
>
>
> Here''s the relevent portion of the init.pp:
>
>  # private
>         define entry ($line) {
>                 $target =
"/var/lib/puppet/modules/shorewall/${name}"
>                 $dir = dirname($target)      <<<<<
---------- line 49
>                 file { $target:
>                         content => "${line}\n",
>                         mode => 0600, owner => root, group =>
root,
>                         notify => Exec["concat_${dir}"],
>                 }
>         }
>
>
> What should "dirname" be doing here?
dirname is a function from my common module, calling the ruby function of the 
same name. This is used to depend on the Exec["concat_${dir}"], which
comes
from a concatenated_file usage somewhere else.

So you need at least the common module too. Also I believe that you need to 
collect all plugins/ directories manually on the puppetmaster to bootstrap.


Regards, DavidS
>
>
>
> [1]  http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
>
> > Regards, DavidS
> >
> > - --
>
> Thanks again,
> Jeff
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users


- -- 
The primary freedom of open source is not the freedom from cost, but the free-
dom to shape software to do what you want. This freedom is /never/ exercised
without cost, but is available /at all/ only by accepting the very different
costs associated with open source, costs not in money, but in time and effort.
- -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHYtXl/Pp1N6Uzh0URAlQLAKCcpWIorq3n+sDBKdNoMBoY67M9CACeO5Q7
DqUyPfbkyeI+Ex4YEyZavn0=DbFM
-----END PGP SIGNATURE-----