Puppet users - Sep 2008 - Exclusions in site.pp?

So here''s the scenario, roughly 800 hosts as puppet clients, single
puppet master server, all running Open Solaris.

Most of them are identical, I have roughly 25% or so that have
different firewall rulesets.

Currently my site.pp looks like this:

# /etc/puppet/manifests/site.pp

import "classes/*"

node default {
    include ipf
    include sshd_conf
    include disable_rpcbind
}

What I''d like to do is have some way to split up the nodes by
classification, i.e. import nodes/typea, import nodes/typeb, import
nodes/typec
then have

node typea {
   include ipf-typea
}

node typeb
  include ipf-typeb
}
node typec
  include ipf-typec
}

Or something along those lines, and nodes/typea contains  a list of
all the typea stores, nodes/typeb includes a list of the typeb hosts,
etc.

Is this possible?

Thanks,
Josh



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, Sep 8, 2008 at 1:54 PM, josh <dorqus@gmail.com>
wrote:
>
> So here''s the scenario, roughly 800 hosts as puppet clients,
single
> puppet master server, all running Open Solaris.
>
> Most of them are identical, I have roughly 25% or so that have
> different firewall rulesets.
>
> Currently my site.pp looks like this:
>
> # /etc/puppet/manifests/site.pp
>
> import "classes/*"
>
> node default {
>    include ipf
>    include sshd_conf
>    include disable_rpcbind
> }
>
> What I''d like to do is have some way to split up the nodes by
> classification, i.e. import nodes/typea, import nodes/typeb, import
> nodes/typec
> then have
>
> node typea {
>   include ipf-typea
> }
>
> node typeb
>  include ipf-typeb
> }
> node typec
>  include ipf-typec
> }
>
> Or something along those lines, and nodes/typea contains  a list of
> all the typea stores, nodes/typeb includes a list of the typeb hosts,
> etc.
>
> Is this possible?
>
> Thanks,
> Josh
Pretty much just the way you did it.

site.pp:
 import "classes/*"

 import "nodes/*"

under nodes/

typea.pp:

node typea1{
  stuff
}
node typea2{
  stuff
}

typeb.pp:

node typeb1{
  stuff
}


Evan

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 9/8/2008 3:12 PM, Evan Hisey wrote:
> typea.pp:
> 
> node typea1{
>   stuff
> }
> node typea2{
>   stuff
> }
Or for ones that are truly identical:

node typea1, typea2 {
   stuff
}

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Josh,

If I understand you correctly, you can do exactly what you describe with the
list of nodes in your site.pp

You can get a bit more dynamic and sophisticated using an external node
script to do the classification.
http://reductivelabs.com/trac/puppet/wiki/ExternalNodes


On Mon, Sep 8, 2008 at 12:54 PM, josh <dorqus@gmail.com> wrote:
>
> So here''s the scenario, roughly 800 hosts as puppet clients,
single
> puppet master server, all running Open Solaris.
>
> Most of them are identical, I have roughly 25% or so that have
> different firewall rulesets.
>
> Currently my site.pp looks like this:
>
> # /etc/puppet/manifests/site.pp
>
> import "classes/*"
>
> node default {
>    include ipf
>    include sshd_conf
>    include disable_rpcbind
> }
>
> What I''d like to do is have some way to split up the nodes by
> classification, i.e. import nodes/typea, import nodes/typeb, import
> nodes/typec
> then have
>
> node typea {
>   include ipf-typea
> }
>
> node typeb
>  include ipf-typeb
> }
> node typec
>  include ipf-typec
> }
>
> Or something along those lines, and nodes/typea contains  a list of
> all the typea stores, nodes/typeb includes a list of the typeb hosts,
> etc.
>
> Is this possible?
>
> Thanks,
> Josh
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks to everyone for their quick replies.  I will give this a shot!

Josh

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ah one more question which I neglected to ask.

How do I specify that if a node is not in typea or typeb that it''s
default?

i.e. I now have:

include nodes/*

and in nodes:

typea.pp:

node foo, bar, baz {
  include ipf.a
}

typeb.pp:

node bear, monkey, lion {
  include ipf.b
}

but for any other node I want it to include class ipf.other, but don''t
want to specify each of the other 600 or so hosts in a "typec.pp" file
or whatever., or will that just get covered by this statement in
site.pp:

node default {
    include ipf
    include sshd_conf
    include disable_rpcbind
}



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If there is a default node, and you aren''t using external nodes, and
the current node is not specified, it will use default.

- --Paul

On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: http://getfiregpg.org

iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
=KjYQ
-----END PGP SIGNATURE-----
>
> Ah one more question which I neglected to ask.
>
> How do I specify that if a node is not in typea or typeb that it''s
> default?
>
> i.e. I now have:
>
> include nodes/*
>
> and in nodes:
>
> typea.pp:
>
> node foo, bar, baz {
>  include ipf.a
> }
>
> typeb.pp:
>
> node bear, monkey, lion {
>  include ipf.b
> }
>
> but for any other node I want it to include class ipf.other, but
don''t
> want to specify each of the other 600 or so hosts in a "typec.pp"
file
> or whatever., or will that just get covered by this statement in
> site.pp:
>
> node default {
>    include ipf
>    include sshd_conf
>    include disable_rpcbind
> }
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks Paul.
I''m having an issue with wildcards in the nodes/typea.pp file, there
are inconsistent domain names for the clients, so I might have
foo.domain.net, or foo.domaain.com, or foo.something or just foo,
so I tried using the following

node foo*, bar*, baz* {
  include ipf.typea
}

But I get the following error on the client:

Could not retrieve catalog: Could not parse for environment
development: Could not match ''*,'' at
/etc/puppet/manifests/nodes/
typea.pp:1





On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If there is a default node, and you aren''t using external nodes,
and
> the current node is not specified, it will use default.
>
> - --Paul
>
> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment:http://getfiregpg.org
>
> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> =KjYQ
> -----END PGP SIGNATURE-----
>
>
>
> > Ah one more question which I neglected to ask.
>
> > How do I specify that if a node is not in typea or typeb that
it''s
> > default?
>
> > i.e. I now have:
>
> > include nodes/*
>
> > and in nodes:
>
> > typea.pp:
>
> > node foo, bar, baz {
> >  include ipf.a
> > }
>
> > typeb.pp:
>
> > node bear, monkey, lion {
> >  include ipf.b
> > }
>
> > but for any other node I want it to include class ipf.other, but
don''t
> > want to specify each of the other 600 or so hosts in a
"typec.pp" file
> > or whatever., or will that just get covered by this statement in
> > site.pp:
>
> > node default {
> >    include ipf
> >    include sshd_conf
> >    include disable_rpcbind
> > }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Josh,

Sorry, no wildcard matching yet!

- --Paul

On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: http://getfiregpg.org

iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
=D2Kf
-----END PGP SIGNATURE-----
>
> Thanks Paul.
> I''m having an issue with wildcards in the nodes/typea.pp file,
there
> are inconsistent domain names for the clients, so I might have
> foo.domain.net, or foo.domaain.com, or foo.something or just foo,
> so I tried using the following
>
> node foo*, bar*, baz* {
>  include ipf.typea
> }
>
> But I get the following error on the client:
>
> Could not retrieve catalog: Could not parse for environment
> development: Could not match ''*,'' at
/etc/puppet/manifests/nodes/
> typea.pp:1
>
>
>
>
>
> On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net>
wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> If there is a default node, and you aren''t using external
nodes, and
>> the current node is not specified, it will use default.
>>
>> - --Paul
>>
>> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.8 (Darwin)
>> Comment:http://getfiregpg.org
>>
>> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
>> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
>> =KjYQ
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> > Ah one more question which I neglected to ask.
>>
>> > How do I specify that if a node is not in typea or typeb that
it''s
>> > default?
>>
>> > i.e. I now have:
>>
>> > include nodes/*
>>
>> > and in nodes:
>>
>> > typea.pp:
>>
>> > node foo, bar, baz {
>> >  include ipf.a
>> > }
>>
>> > typeb.pp:
>>
>> > node bear, monkey, lion {
>> >  include ipf.b
>> > }
>>
>> > but for any other node I want it to include class ipf.other, but
don''t
>> > want to specify each of the other 600 or so hosts in a
"typec.pp" file
>> > or whatever., or will that just get covered by this statement in
>> > site.pp:
>>
>> > node default {
>> >    include ipf
>> >    include sshd_conf
>> >    include disable_rpcbind
>> > }
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

OK thanks Paul..... hrm back to the drawing board then, or I just
manually set the domain name on each box first.

On Sep 8, 5:32 pm, "Paul Lathrop" <p...@tertiusfamily.net>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Josh,
>
> Sorry, no wildcard matching yet!
>
> - --Paul
>
> On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment:http://getfiregpg.org
>
> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
> =D2Kf
> -----END PGP SIGNATURE-----
>
>
>
> > Thanks Paul.
> > I''m having an issue with wildcards in the nodes/typea.pp
file, there
> > are inconsistent domain names for the clients, so I might have
> > foo.domain.net, or foo.domaain.com, or foo.something or just foo,
> > so I tried using the following
>
> > node foo*, bar*, baz* {
> >  include ipf.typea
> > }
>
> > But I get the following error on the client:
>
> > Could not retrieve catalog: Could not parse for environment
> > development: Could not match ''*,'' at
/etc/puppet/manifests/nodes/
> > typea.pp:1
>
> > On Sep 8, 4:50 pm, "Paul Lathrop"
<p...@tertiusfamily.net> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
>
> >> If there is a default node, and you aren''t using external
nodes, and
> >> the current node is not specified, it will use default.
>
> >> - --Paul
>
> >> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.8 (Darwin)
> >> Comment:http://getfiregpg.org
>
> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> >> =KjYQ
> >> -----END PGP SIGNATURE-----
>
> >> > Ah one more question which I neglected to ask.
>
> >> > How do I specify that if a node is not in typea or typeb that
it''s
> >> > default?
>
> >> > i.e. I now have:
>
> >> > include nodes/*
>
> >> > and in nodes:
>
> >> > typea.pp:
>
> >> > node foo, bar, baz {
> >> >  include ipf.a
> >> > }
>
> >> > typeb.pp:
>
> >> > node bear, monkey, lion {
> >> >  include ipf.b
> >> > }
>
> >> > but for any other node I want it to include class ipf.other,
but don''t
> >> > want to specify each of the other 600 or so hosts in a
"typec.pp" file
> >> > or whatever., or will that just get covered by this statement
in
> >> > site.pp:
>
> >> > node default {
> >> >    include ipf
> >> >    include sshd_conf
> >> >    include disable_rpcbind
> >> > }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, Sep 8, 2008 at 11:40 PM, josh <dorqus@gmail.com>
wrote:
>
> OK thanks Paul..... hrm back to the drawing board then, or I just
> manually set the domain name on each box first.
>
Hello,

i do some matching for domains inside the classes:

case $domain {

        "domain1":       {
$hostopt="from=\"172.17.1.100\"" }
        "domain2":      {
$hostopt="from=\"172.17.24.100\"" }
        "domain3":     {
$hostopt="from=\"172.19.2.100\"" }

}

class ssh_user {

                ssh_authorized_key{
                        "user":
                                ensure => present,
                                key => "ssheyhere"
                                name => "user@host",
                                type => "ssh-rsa",
                                options => $hostopt,
                                target =>
"/home/user/.ssh/authorized_keys",
                        }
}


but its not always the easiest way, something like a default for all
hosts which also have some node specific clasess, or groups would be
nice


greetings
> On Sep 8, 5:32 pm, "Paul Lathrop" <p...@tertiusfamily.net>
wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Josh,
>>
>> Sorry, no wildcard matching yet!
>>
>> - --Paul
>>
>> On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.8 (Darwin)
>> Comment:http://getfiregpg.org
>>
>> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
>> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
>> =D2Kf
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> > Thanks Paul.
>> > I''m having an issue with wildcards in the nodes/typea.pp
file, there
>> > are inconsistent domain names for the clients, so I might have
>> > foo.domain.net, or foo.domaain.com, or foo.something or just foo,
>> > so I tried using the following
>>
>> > node foo*, bar*, baz* {
>> >  include ipf.typea
>> > }
>>
>> > But I get the following error on the client:
>>
>> > Could not retrieve catalog: Could not parse for environment
>> > development: Could not match ''*,'' at
/etc/puppet/manifests/nodes/
>> > typea.pp:1
>>
>> > On Sep 8, 4:50 pm, "Paul Lathrop"
<p...@tertiusfamily.net> wrote:
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>>
>> >> If there is a default node, and you aren''t using
external nodes, and
>> >> the current node is not specified, it will use default.
>>
>> >> - --Paul
>>
>> >> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.4.8 (Darwin)
>> >> Comment:http://getfiregpg.org
>>
>> >>
iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
>> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
>> >> =KjYQ
>> >> -----END PGP SIGNATURE-----
>>
>> >> > Ah one more question which I neglected to ask.
>>
>> >> > How do I specify that if a node is not in typea or typeb
that it''s
>> >> > default?
>>
>> >> > i.e. I now have:
>>
>> >> > include nodes/*
>>
>> >> > and in nodes:
>>
>> >> > typea.pp:
>>
>> >> > node foo, bar, baz {
>> >> >  include ipf.a
>> >> > }
>>
>> >> > typeb.pp:
>>
>> >> > node bear, monkey, lion {
>> >> >  include ipf.b
>> >> > }
>>
>> >> > but for any other node I want it to include class
ipf.other, but don''t
>> >> > want to specify each of the other 600 or so hosts in a
"typec.pp" file
>> >> > or whatever., or will that just get covered by this
statement in
>> >> > site.pp:
>>
>> >> > node default {
>> >> >    include ipf
>> >> >    include sshd_conf
>> >> >    include disable_rpcbind
>> >> > }
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Interesting, thanks.
None of the puppet clients really have a DNS domain set, they don''t
use DNS for anything.  Some of them have hostname.domain.net, some
hostname.domain.com, others hostname.domainfromthedslmodem, some just
hostname,
I guess I could force all hosts to be the same TLD using your method.

On Sep 9, 4:45 am, Heiko <rupe...@gmail.com>
wrote:
> On Mon, Sep 8, 2008 at 11:40 PM, josh <dor...@gmail.com> wrote:
>
> > OK thanks Paul..... hrm back to the drawing board then, or I just
> > manually set the domain name on each box first.
>
> Hello,
>
> i do some matching for domains inside the classes:
>
> case $domain {
>
>         "domain1":       {
$hostopt="from=\"172.17.1.100\"" }
>         "domain2":      {
$hostopt="from=\"172.17.24.100\"" }
>         "domain3":     {
$hostopt="from=\"172.19.2.100\"" }
>
> }
>
> class ssh_user {
>
>                 ssh_authorized_key{
>                         "user":
>                                 ensure => present,
>                                 key => "ssheyhere"
>                                 name => "user@host",
>                                 type => "ssh-rsa",
>                                 options => $hostopt,
>                                 target =>
"/home/user/.ssh/authorized_keys",
>                         }
>
> }
>
> but its not always the easiest way, something like a default for all
> hosts which also have some node specific clasess, or groups would be
> nice
>
> greetings
>
> > On Sep 8, 5:32 pm, "Paul Lathrop"
<p...@tertiusfamily.net> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
>
> >> Josh,
>
> >> Sorry, no wildcard matching yet!
>
> >> - --Paul
>
> >> On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.8 (Darwin)
> >> Comment:http://getfiregpg.org
>
> >> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
> >> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
> >> =D2Kf
> >> -----END PGP SIGNATURE-----
>
> >> > Thanks Paul.
> >> > I''m having an issue with wildcards in the
nodes/typea.pp file, there
> >> > are inconsistent domain names for the clients, so I might
have
> >> > foo.domain.net, or foo.domaain.com, or foo.something or just
foo,
> >> > so I tried using the following
>
> >> > node foo*, bar*, baz* {
> >> >  include ipf.typea
> >> > }
>
> >> > But I get the following error on the client:
>
> >> > Could not retrieve catalog: Could not parse for environment
> >> > development: Could not match ''*,'' at
/etc/puppet/manifests/nodes/
> >> > typea.pp:1
>
> >> > On Sep 8, 4:50 pm, "Paul Lathrop"
<p...@tertiusfamily.net> wrote:
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
>
> >> >> If there is a default node, and you aren''t using
external nodes, and
> >> >> the current node is not specified, it will use default.
>
> >> >> - --Paul
>
> >> >> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Version: GnuPG v1.4.8 (Darwin)
> >> >> Comment:http://getfiregpg.org
>
> >> >>
iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> >> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> >> >> =KjYQ
> >> >> -----END PGP SIGNATURE-----
>
> >> >> > Ah one more question which I neglected to ask.
>
> >> >> > How do I specify that if a node is not in typea or
typeb that it''s
> >> >> > default?
>
> >> >> > i.e. I now have:
>
> >> >> > include nodes/*
>
> >> >> > and in nodes:
>
> >> >> > typea.pp:
>
> >> >> > node foo, bar, baz {
> >> >> >  include ipf.a
> >> >> > }
>
> >> >> > typeb.pp:
>
> >> >> > node bear, monkey, lion {
> >> >> >  include ipf.b
> >> >> > }
>
> >> >> > but for any other node I want it to include class
ipf.other, but don''t
> >> >> > want to specify each of the other 600 or so hosts in
a "typec.pp" file
> >> >> > or whatever., or will that just get covered by this
statement in
> >> >> > site.pp:
>
> >> >> > node default {
> >> >> >    include ipf
> >> >> >    include sshd_conf
> >> >> >    include disable_rpcbind
> >> >> > }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On another note, I do know the IP addresses of the boxes, can I use
IP''s in the nodes, or does it have to be via host name? (since
that''s
what''s in the certificate?)

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/9/11 josh <dorqus@gmail.com>:
> On another note, I do know the IP addresses of the boxes, can I use
> IP''s in the nodes, or does it have to be via host name? (since
that''s
> what''s in the certificate?)
Has to be what''s in the CN of the cert.  I know its been suggested
already, but I''d take a look at using an external node classification
tool.

Another option would be coming up with an easy test you could run on
the system that determined if that host needs a particular firewall
ruleset and using that to create a custom facter fact.  Then in your
firewall module you could so something like:

case $custom_firewall_fact {
    "typeA":  { include firewall::typeA }
    "typeB":  { include firewall::typeB }
    default:    { include firewall::standard_edition }
}

.r''

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---