Puppet users - Dec 2007 - machine network interfaces, dhcpd.conf, and zone files

I''m still thinking about how my puppet deployment will go. Right now,
I''m thinking each of my machines will have their network interfaces
defined/configured by puppet. But, I''d like to generate my zone files
and dhcpd.conf from this data as well.

How do people generally do this? I expect I''ll end up generating the
nodes.pp files from some database, but I''m wondering if this is
already a solved problem.

seph

On Wed, Dec 05, 2007 at 03:38:23PM -0500, seph wrote:
> I''m still thinking about how my puppet deployment will go. Right
now,
> I''m thinking each of my machines will have their network
interfaces
> defined/configured by puppet. But, I''d like to generate my zone
files
> and dhcpd.conf from this data as well.
> 
> How do people generally do this? I expect I''ll end up generating
the
> nodes.pp files from some database, but I''m wondering if this is
> already a solved problem.
 
I started pulling things here and there to create a generic "network"
configuration interface, that would be system-independent. I''m working
on OpenBSD and Debian backends right now.

It doesn''t include BIND configuration or dhcpd configuration, as it is
a
bit outside the scope of the module, which is more directed at the
"configure this interface, this vlan, this route"-level.

My module can be checked out using Mercurial with:

hg clone https://hg.koumbit.net/module-network/

You can simply browse the code through:

http://hg.koumbit.net/module-network/file/tip

David also wrote a Debian-specific module to take care of Debian
ifupdown interfaces:

http://git.black.co.at/?p=manifests;a=tree;f=modules/ifupdown

this can be checked out from:

git clone git://git.black.co.at/manifests

alongside David''s manifests.

A.

-- 
Thoughtcrime does not entail death: thoughtcrime IS death.


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

I forgot to mention there''s some talk right now (at least I''ve
heard
that on IRC) about creating a "Interface" native type or at least
dealing with interfaces at a lower level than what I''m proposing.

-- 
Les plus beaux chants sont les chants de revendications
Le vers doit faire l''amour dans la tête des populations.
À l''école de la poésie, on n''apprend pas: on se bat!
                        - Léo Ferré, "Préface"


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On 12/5/07, The Anarcat <anarcat@anarcat.ath.cx>
wrote:
>
> I forgot to mention there''s some talk right now (at least
I''ve heard
> that on IRC) about creating a "Interface" native type or at least
> dealing with interfaces at a lower level than what I''m proposing.


yes, here''s the thread on puppet-dev (
http://mail.madstop.com/pipermail/puppet-dev/2007-November/003890.html).
 There is an existing interface type in the code but it''s pretty buggy
and
not very featured.

C

-- 
stickm@gmail.com
-==< Stick >==-


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

The Anarcat <anarcat@anarcat.ath.cx> writes:
> I started pulling things here and there to create a generic
"network"
> configuration interface, that would be system-independent. I''m
working
> on OpenBSD and Debian backends right now.
>
> It doesn''t include BIND configuration or dhcpd configuration, as
it is a
> bit outside the scope of the module, which is more directed at the
> "configure this interface, this vlan, this route"-level.
I''ve been looking at your module, and thinking I wanted to use
it. (after I add in solaris functionality)

But right now I''m trying to figure out how to integrate dhcp and bind
configuration with it. As I understand the general puppet framework,
it seems hard and counter intuitive to have puppet spit out those
files.

I think the most reasonable option is probably going to be to
programmatically generate the nodes.pp along with the dhcp and zone
files. But, I''d love to hear about how other people solved this.

seph

On Thu, Dec 06, 2007 at 11:23:26AM -0500, seph wrote:
> The Anarcat <anarcat@anarcat.ath.cx> writes:
> 
> > I started pulling things here and there to create a generic
"network"
> > configuration interface, that would be system-independent.
I''m working
> > on OpenBSD and Debian backends right now.
> >
> > It doesn''t include BIND configuration or dhcpd configuration,
as it is a
> > bit outside the scope of the module, which is more directed at the
> > "configure this interface, this vlan, this route"-level.
> 
> I''ve been looking at your module, and thinking I wanted to use
> it. (after I add in solaris functionality)
Patches are of course welcome! I can also pull from your repo if you
have one.
> But right now I''m trying to figure out how to integrate dhcp and
bind
> configuration with it. As I understand the general puppet framework,
> it seems hard and counter intuitive to have puppet spit out those
> files.
As I said, I don''t think Bind configuration belongs there. Another bind
module could pull data out of this one, but for me, we should remain
focused on configuring the *network*.

Therefore, dhcp configuration *is* appropriate, as far as it concerns
the configuration of an interface.
> I think the most reasonable option is probably going to be to
> programmatically generate the nodes.pp along with the dhcp and zone
> files. But, I''d love to hear about how other people solved this.
The idea of *generating* the nodes.pp is a bit frightning to me.

A.
-- 
Five out of four people have a problem with fractions


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

The Anarcat <anarcat@anarcat.ath.cx> writes:
>> But right now I''m trying to figure out how to integrate dhcp
and bind
>> configuration with it. As I understand the general puppet framework,
>> it seems hard and counter intuitive to have puppet spit out those
>> files.
>
> As I said, I don''t think Bind configuration belongs there. Another
bind
> module could pull data out of this one, but for me, we should remain
> focused on configuring the *network*.
The bind configuration does not. I''m not convinced the zone files do
either, but I don''t want to track that www1.internal.example.com is
10.1.1.21 in two places either.
>> I think the most reasonable option is probably going to be to
>> programmatically generate the nodes.pp along with the dhcp and zone
>> files. But, I''d love to hear about how other people solved
this.
>
> The idea of *generating* the nodes.pp is a bit frightning to me.
It feels like the least evil thing to me. Some machine/inventory db
generates nodes.pp, zone files, monitoring configs, etc.

seph

On Dec 6, 2007 9:23 AM, seph <seph@directionless.org>
wrote:
> I think the most reasonable option is probably going to be to
> programmatically generate the nodes.pp along with the dhcp and zone
> files. But, I''d love to hear about how other people solved this.
Here''s what we''re doing, on CentOS:

Network module - contains a define that sets up the
/etc/sysconfig/network-scripts/ifcfg-DEV from templates, which are
also under the network module. Since we used bonded interfaces,
there''s also a define to set up the templates for slave interfaces.

DNS module - contains the bind config files that are pushed out to the
nameservers via puppets file type (recursively, we have several
networks/domains).

DHCP module - contains the dhcp.conf file that we use, which is pretty
simple since the only DHCP server is on the puppet server itself,
since that system is also our kickstart server. This is pushed out
with a file type. Actually this module isn''t written yet, I''ve
been
lazy on that :-).

The nodes.pp then calls the network::interface define with parameters
such as the IP, the device name, network, broadcast, etc. It also has
network::slave calls to set up the slave devices to the master
''bondX''
(normally bond0). The DNS servers have the classes for the DNS module
to get the server config. There''s a dns::client as well to grab
resolv.conf. Finally when I write the DHCP module, it will be on the
servers running dhcpd.

Hope that''s clear as mud :-).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 06 December 2007, seph wrote:
> The Anarcat <anarcat@anarcat.ath.cx> writes:
> >> But right now I''m trying to figure out how to integrate
dhcp and bind
> >> configuration with it. As I understand the general puppet
framework,
> >> it seems hard and counter intuitive to have puppet spit out those
> >> files.
> >
> > As I said, I don''t think Bind configuration belongs there.
Another bind
> > module could pull data out of this one, but for me, we should remain
> > focused on configuring the *network*.
>
> The bind configuration does not. I''m not convinced the zone files
do
> either, but I don''t want to track that www1.internal.example.com
is
> 10.1.1.21 in two places either.
There has to be one defining place for such information. Either puppet or a 
SQL DB (e.g. in concert with powerdns), but only one.

The way to go here is probably 
http://reductivelabs.com/trac/puppet/wiki/VirtualResources#ExportedResources 
although this is still marked as experimental, it works as advertised and can 
be used to publish interface information from a node to a name server.
> >> I think the most reasonable option is probably going to be to
> >> programmatically generate the nodes.pp along with the dhcp and
zone
> >> files. But, I''d love to hear about how other people
solved this.
> >
> > The idea of *generating* the nodes.pp is a bit frightning to me.
>
> It feels like the least evil thing to me. Some machine/inventory db
> generates nodes.pp, zone files, monitoring configs, etc.
You can use functions in the manifest to create additional resources on the 
fly. While this surely isn''t for the faint of heart, it''s
probably more
flexible in the long run.


Regards, DavidS
- -- 
The primary freedom of open source is not the freedom from cost, but the free-
dom to shape software to do what you want. This freedom is /never/ exercised
without cost, but is available /at all/ only by accepting the very different
costs associated with open source, costs not in money, but in time and effort.
- -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHWVXb/Pp1N6Uzh0URAnd9AJ94N9vgnjYmm8HFQmrr1hzlx5211gCfWNlo
3c/XQ2nF8mBk2XGgHRdZExo=Yuvz
-----END PGP SIGNATURE-----

On Thu, Dec 06, 2007 at 01:54:06PM -0500, seph wrote:
> The bind configuration does not. I''m not convinced the zone files
do
> either, but I don''t want to track that www1.internal.example.com
is
> 10.1.1.21 in two places either.
 
I don''t see why you say you''d need to define it in two places:

node "www1.example.com" {
    $address = "10.1.1.21"
    network::interface { "eth0": address => $address }
    bind::record { "a" : address => $address } # or whatever 
}

-- 
Si l''image donne l''illusion de savoir
C''est que l''adage pretend que pour croire,
L''important ne serait que de voir
                        - Lofofora


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users