So here''s the scenario, roughly 800 hosts as puppet clients, single puppet master server, all running Open Solaris. Most of them are identical, I have roughly 25% or so that have different firewall rulesets. Currently my site.pp looks like this: # /etc/puppet/manifests/site.pp import "classes/*" node default { include ipf include sshd_conf include disable_rpcbind } What I''d like to do is have some way to split up the nodes by classification, i.e. import nodes/typea, import nodes/typeb, import nodes/typec then have node typea { include ipf-typea } node typeb include ipf-typeb } node typec include ipf-typec } Or something along those lines, and nodes/typea contains a list of all the typea stores, nodes/typeb includes a list of the typeb hosts, etc. Is this possible? Thanks, Josh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Sep 8, 2008 at 1:54 PM, josh <dorqus@gmail.com> wrote:> > So here''s the scenario, roughly 800 hosts as puppet clients, single > puppet master server, all running Open Solaris. > > Most of them are identical, I have roughly 25% or so that have > different firewall rulesets. > > Currently my site.pp looks like this: > > # /etc/puppet/manifests/site.pp > > import "classes/*" > > node default { > include ipf > include sshd_conf > include disable_rpcbind > } > > What I''d like to do is have some way to split up the nodes by > classification, i.e. import nodes/typea, import nodes/typeb, import > nodes/typec > then have > > node typea { > include ipf-typea > } > > node typeb > include ipf-typeb > } > node typec > include ipf-typec > } > > Or something along those lines, and nodes/typea contains a list of > all the typea stores, nodes/typeb includes a list of the typeb hosts, > etc. > > Is this possible? > > Thanks, > JoshPretty much just the way you did it. site.pp: import "classes/*" import "nodes/*" under nodes/ typea.pp: node typea1{ stuff } node typea2{ stuff } typeb.pp: node typeb1{ stuff } Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 9/8/2008 3:12 PM, Evan Hisey wrote:> typea.pp: > > node typea1{ > stuff > } > node typea2{ > stuff > }Or for ones that are truly identical: node typea1, typea2 { stuff } -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Josh, If I understand you correctly, you can do exactly what you describe with the list of nodes in your site.pp You can get a bit more dynamic and sophisticated using an external node script to do the classification. http://reductivelabs.com/trac/puppet/wiki/ExternalNodes On Mon, Sep 8, 2008 at 12:54 PM, josh <dorqus@gmail.com> wrote:> > So here''s the scenario, roughly 800 hosts as puppet clients, single > puppet master server, all running Open Solaris. > > Most of them are identical, I have roughly 25% or so that have > different firewall rulesets. > > Currently my site.pp looks like this: > > # /etc/puppet/manifests/site.pp > > import "classes/*" > > node default { > include ipf > include sshd_conf > include disable_rpcbind > } > > What I''d like to do is have some way to split up the nodes by > classification, i.e. import nodes/typea, import nodes/typeb, import > nodes/typec > then have > > node typea { > include ipf-typea > } > > node typeb > include ipf-typeb > } > node typec > include ipf-typec > } > > Or something along those lines, and nodes/typea contains a list of > all the typea stores, nodes/typeb includes a list of the typeb hosts, > etc. > > Is this possible? > > Thanks, > Josh > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks to everyone for their quick replies. I will give this a shot! Josh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Ah one more question which I neglected to ask. How do I specify that if a node is not in typea or typeb that it''s default? i.e. I now have: include nodes/* and in nodes: typea.pp: node foo, bar, baz { include ipf.a } typeb.pp: node bear, monkey, lion { include ipf.b } but for any other node I want it to include class ipf.other, but don''t want to specify each of the other 600 or so hosts in a "typec.pp" file or whatever., or will that just get covered by this statement in site.pp: node default { include ipf include sshd_conf include disable_rpcbind } --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If there is a default node, and you aren''t using external nodes, and the current node is not specified, it will use default. - --Paul On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: http://getfiregpg.org iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 =KjYQ -----END PGP SIGNATURE-----> > Ah one more question which I neglected to ask. > > How do I specify that if a node is not in typea or typeb that it''s > default? > > i.e. I now have: > > include nodes/* > > and in nodes: > > typea.pp: > > node foo, bar, baz { > include ipf.a > } > > typeb.pp: > > node bear, monkey, lion { > include ipf.b > } > > but for any other node I want it to include class ipf.other, but don''t > want to specify each of the other 600 or so hosts in a "typec.pp" file > or whatever., or will that just get covered by this statement in > site.pp: > > node default { > include ipf > include sshd_conf > include disable_rpcbind > } > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks Paul. I''m having an issue with wildcards in the nodes/typea.pp file, there are inconsistent domain names for the clients, so I might have foo.domain.net, or foo.domaain.com, or foo.something or just foo, so I tried using the following node foo*, bar*, baz* { include ipf.typea } But I get the following error on the client: Could not retrieve catalog: Could not parse for environment development: Could not match ''*,'' at /etc/puppet/manifests/nodes/ typea.pp:1 On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If there is a default node, and you aren''t using external nodes, and > the current node is not specified, it will use default. > > - --Paul > > On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment:http://getfiregpg.org > > iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD > 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 > =KjYQ > -----END PGP SIGNATURE----- > > > > > Ah one more question which I neglected to ask. > > > How do I specify that if a node is not in typea or typeb that it''s > > default? > > > i.e. I now have: > > > include nodes/* > > > and in nodes: > > > typea.pp: > > > node foo, bar, baz { > > include ipf.a > > } > > > typeb.pp: > > > node bear, monkey, lion { > > include ipf.b > > } > > > but for any other node I want it to include class ipf.other, but don''t > > want to specify each of the other 600 or so hosts in a "typec.pp" file > > or whatever., or will that just get covered by this statement in > > site.pp: > > > node default { > > include ipf > > include sshd_conf > > include disable_rpcbind > > }--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Josh, Sorry, no wildcard matching yet! - --Paul On Mon, Sep 8, 2008 at 2:23 PM, josh wrote: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: http://getfiregpg.org iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr NE4An2eU7sJvhQGpVX3XomGX4UKgqg92 =D2Kf -----END PGP SIGNATURE-----> > Thanks Paul. > I''m having an issue with wildcards in the nodes/typea.pp file, there > are inconsistent domain names for the clients, so I might have > foo.domain.net, or foo.domaain.com, or foo.something or just foo, > so I tried using the following > > node foo*, bar*, baz* { > include ipf.typea > } > > But I get the following error on the client: > > Could not retrieve catalog: Could not parse for environment > development: Could not match ''*,'' at /etc/puppet/manifests/nodes/ > typea.pp:1 > > > > > > On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> If there is a default node, and you aren''t using external nodes, and >> the current node is not specified, it will use default. >> >> - --Paul >> >> On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (Darwin) >> Comment:http://getfiregpg.org >> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 >> =KjYQ >> -----END PGP SIGNATURE----- >> >> >> >> > Ah one more question which I neglected to ask. >> >> > How do I specify that if a node is not in typea or typeb that it''s >> > default? >> >> > i.e. I now have: >> >> > include nodes/* >> >> > and in nodes: >> >> > typea.pp: >> >> > node foo, bar, baz { >> > include ipf.a >> > } >> >> > typeb.pp: >> >> > node bear, monkey, lion { >> > include ipf.b >> > } >> >> > but for any other node I want it to include class ipf.other, but don''t >> > want to specify each of the other 600 or so hosts in a "typec.pp" file >> > or whatever., or will that just get covered by this statement in >> > site.pp: >> >> > node default { >> > include ipf >> > include sshd_conf >> > include disable_rpcbind >> > } > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
OK thanks Paul..... hrm back to the drawing board then, or I just manually set the domain name on each box first. On Sep 8, 5:32 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Josh, > > Sorry, no wildcard matching yet! > > - --Paul > > On Mon, Sep 8, 2008 at 2:23 PM, josh wrote: > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment:http://getfiregpg.org > > iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr > NE4An2eU7sJvhQGpVX3XomGX4UKgqg92 > =D2Kf > -----END PGP SIGNATURE----- > > > > > Thanks Paul. > > I''m having an issue with wildcards in the nodes/typea.pp file, there > > are inconsistent domain names for the clients, so I might have > > foo.domain.net, or foo.domaain.com, or foo.something or just foo, > > so I tried using the following > > > node foo*, bar*, baz* { > > include ipf.typea > > } > > > But I get the following error on the client: > > > Could not retrieve catalog: Could not parse for environment > > development: Could not match ''*,'' at /etc/puppet/manifests/nodes/ > > typea.pp:1 > > > On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > > >> If there is a default node, and you aren''t using external nodes, and > >> the current node is not specified, it will use default. > > >> - --Paul > > >> On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: > > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.8 (Darwin) > >> Comment:http://getfiregpg.org > > >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD > >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 > >> =KjYQ > >> -----END PGP SIGNATURE----- > > >> > Ah one more question which I neglected to ask. > > >> > How do I specify that if a node is not in typea or typeb that it''s > >> > default? > > >> > i.e. I now have: > > >> > include nodes/* > > >> > and in nodes: > > >> > typea.pp: > > >> > node foo, bar, baz { > >> > include ipf.a > >> > } > > >> > typeb.pp: > > >> > node bear, monkey, lion { > >> > include ipf.b > >> > } > > >> > but for any other node I want it to include class ipf.other, but don''t > >> > want to specify each of the other 600 or so hosts in a "typec.pp" file > >> > or whatever., or will that just get covered by this statement in > >> > site.pp: > > >> > node default { > >> > include ipf > >> > include sshd_conf > >> > include disable_rpcbind > >> > }--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Sep 8, 2008 at 11:40 PM, josh <dorqus@gmail.com> wrote:> > OK thanks Paul..... hrm back to the drawing board then, or I just > manually set the domain name on each box first. >Hello, i do some matching for domains inside the classes: case $domain { "domain1": { $hostopt="from=\"172.17.1.100\"" } "domain2": { $hostopt="from=\"172.17.24.100\"" } "domain3": { $hostopt="from=\"172.19.2.100\"" } } class ssh_user { ssh_authorized_key{ "user": ensure => present, key => "ssheyhere" name => "user@host", type => "ssh-rsa", options => $hostopt, target => "/home/user/.ssh/authorized_keys", } } but its not always the easiest way, something like a default for all hosts which also have some node specific clasess, or groups would be nice greetings> On Sep 8, 5:32 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Josh, >> >> Sorry, no wildcard matching yet! >> >> - --Paul >> >> On Mon, Sep 8, 2008 at 2:23 PM, josh wrote: >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (Darwin) >> Comment:http://getfiregpg.org >> >> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr >> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92 >> =D2Kf >> -----END PGP SIGNATURE----- >> >> >> >> > Thanks Paul. >> > I''m having an issue with wildcards in the nodes/typea.pp file, there >> > are inconsistent domain names for the clients, so I might have >> > foo.domain.net, or foo.domaain.com, or foo.something or just foo, >> > so I tried using the following >> >> > node foo*, bar*, baz* { >> > include ipf.typea >> > } >> >> > But I get the following error on the client: >> >> > Could not retrieve catalog: Could not parse for environment >> > development: Could not match ''*,'' at /etc/puppet/manifests/nodes/ >> > typea.pp:1 >> >> > On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> If there is a default node, and you aren''t using external nodes, and >> >> the current node is not specified, it will use default. >> >> >> - --Paul >> >> >> On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: GnuPG v1.4.8 (Darwin) >> >> Comment:http://getfiregpg.org >> >> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD >> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 >> >> =KjYQ >> >> -----END PGP SIGNATURE----- >> >> >> > Ah one more question which I neglected to ask. >> >> >> > How do I specify that if a node is not in typea or typeb that it''s >> >> > default? >> >> >> > i.e. I now have: >> >> >> > include nodes/* >> >> >> > and in nodes: >> >> >> > typea.pp: >> >> >> > node foo, bar, baz { >> >> > include ipf.a >> >> > } >> >> >> > typeb.pp: >> >> >> > node bear, monkey, lion { >> >> > include ipf.b >> >> > } >> >> >> > but for any other node I want it to include class ipf.other, but don''t >> >> > want to specify each of the other 600 or so hosts in a "typec.pp" file >> >> > or whatever., or will that just get covered by this statement in >> >> > site.pp: >> >> >> > node default { >> >> > include ipf >> >> > include sshd_conf >> >> > include disable_rpcbind >> >> > } > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Interesting, thanks. None of the puppet clients really have a DNS domain set, they don''t use DNS for anything. Some of them have hostname.domain.net, some hostname.domain.com, others hostname.domainfromthedslmodem, some just hostname, I guess I could force all hosts to be the same TLD using your method. On Sep 9, 4:45 am, Heiko <rupe...@gmail.com> wrote:> On Mon, Sep 8, 2008 at 11:40 PM, josh <dor...@gmail.com> wrote: > > > OK thanks Paul..... hrm back to the drawing board then, or I just > > manually set the domain name on each box first. > > Hello, > > i do some matching for domains inside the classes: > > case $domain { > > "domain1": { $hostopt="from=\"172.17.1.100\"" } > "domain2": { $hostopt="from=\"172.17.24.100\"" } > "domain3": { $hostopt="from=\"172.19.2.100\"" } > > } > > class ssh_user { > > ssh_authorized_key{ > "user": > ensure => present, > key => "ssheyhere" > name => "user@host", > type => "ssh-rsa", > options => $hostopt, > target => "/home/user/.ssh/authorized_keys", > } > > } > > but its not always the easiest way, something like a default for all > hosts which also have some node specific clasess, or groups would be > nice > > greetings > > > On Sep 8, 5:32 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > > >> Josh, > > >> Sorry, no wildcard matching yet! > > >> - --Paul > > >> On Mon, Sep 8, 2008 at 2:23 PM, josh wrote: > > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.8 (Darwin) > >> Comment:http://getfiregpg.org > > >> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr > >> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92 > >> =D2Kf > >> -----END PGP SIGNATURE----- > > >> > Thanks Paul. > >> > I''m having an issue with wildcards in the nodes/typea.pp file, there > >> > are inconsistent domain names for the clients, so I might have > >> > foo.domain.net, or foo.domaain.com, or foo.something or just foo, > >> > so I tried using the following > > >> > node foo*, bar*, baz* { > >> > include ipf.typea > >> > } > > >> > But I get the following error on the client: > > >> > Could not retrieve catalog: Could not parse for environment > >> > development: Could not match ''*,'' at /etc/puppet/manifests/nodes/ > >> > typea.pp:1 > > >> > On Sep 8, 4:50 pm, "Paul Lathrop" <p...@tertiusfamily.net> wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- > >> >> Hash: SHA1 > > >> >> If there is a default node, and you aren''t using external nodes, and > >> >> the current node is not specified, it will use default. > > >> >> - --Paul > > >> >> On Mon, Sep 8, 2008 at 1:41 PM, josh wrote: > > >> >> -----BEGIN PGP SIGNATURE----- > >> >> Version: GnuPG v1.4.8 (Darwin) > >> >> Comment:http://getfiregpg.org > > >> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD > >> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9 > >> >> =KjYQ > >> >> -----END PGP SIGNATURE----- > > >> >> > Ah one more question which I neglected to ask. > > >> >> > How do I specify that if a node is not in typea or typeb that it''s > >> >> > default? > > >> >> > i.e. I now have: > > >> >> > include nodes/* > > >> >> > and in nodes: > > >> >> > typea.pp: > > >> >> > node foo, bar, baz { > >> >> > include ipf.a > >> >> > } > > >> >> > typeb.pp: > > >> >> > node bear, monkey, lion { > >> >> > include ipf.b > >> >> > } > > >> >> > but for any other node I want it to include class ipf.other, but don''t > >> >> > want to specify each of the other 600 or so hosts in a "typec.pp" file > >> >> > or whatever., or will that just get covered by this statement in > >> >> > site.pp: > > >> >> > node default { > >> >> > include ipf > >> >> > include sshd_conf > >> >> > include disable_rpcbind > >> >> > }--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On another note, I do know the IP addresses of the boxes, can I use IP''s in the nodes, or does it have to be via host name? (since that''s what''s in the certificate?) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2008/9/11 josh <dorqus@gmail.com>:> On another note, I do know the IP addresses of the boxes, can I use > IP''s in the nodes, or does it have to be via host name? (since that''s > what''s in the certificate?)Has to be what''s in the CN of the cert. I know its been suggested already, but I''d take a look at using an external node classification tool. Another option would be coming up with an easy test you could run on the system that determined if that host needs a particular firewall ruleset and using that to create a custom facter fact. Then in your firewall module you could so something like: case $custom_firewall_fact { "typeA": { include firewall::typeA } "typeB": { include firewall::typeB } default: { include firewall::standard_edition } } .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---