Hi Our team is providing Linux servers to different departments in our company. We want to change our configuration management tool and use puppet in the future. I read the book “Pulling Strings with Puppet” and the documentation on the puppet webpage. When I understood correctly, the way to go is to use modules. So we would create modules for ssh, ldap, ntp etc… But the problem I have is, that different IT Departements use different configurations (different ssh config, different ntp conf etc…) So would I put the logic inside this modules or is it better to create different ssh modules for different departments? (I think the second one is not a good choice, since with that we have the same resources defined in the different modules and I think this is a problem, isn’t it?) Another question I have is about the services directory. Is my understanding right, that services is just a grouping of modules? Thanks in advance Rene --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2009/4/3 Rene <rene.zbinden@gmail.com>> > Hi > > Our team is providing Linux servers to different departments in our > company. We want to change our configuration management tool and use > puppet in the future. I read the book “Pulling Strings with Puppet” > and the documentation on the puppet webpage. > > When I understood correctly, the way to go is to use modules. So we > would create modules for ssh, ldap, ntp etc… But the problem I have > is, that different IT Departements use different configurations > (different ssh config, different ntp conf etc…) So would I put the > logic inside this modules or is it better to create different ssh > modules for different departments? (I think the second one is not a > good choice, since with that we have the same resources defined in the > different modules and I think this is a problem, isn’t it?) > > Another question I have is about the services directory. Is my > understanding right, that services is just a grouping of modules? > > Thanks in advance > > Rene >You can make a fact telling to what department the computer belongs. Then you can use those facts as a selector for what to apply in your modules. Regards --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
An alternate approach maybe to create a definition in your templates.pp
referred to by the node definition in nodes.pp
so in nodes.pp:-
node ''host1'' {
include node_default
include deptA
include any_other_node_specific_bits
}
node ''host2'' {
include node_default
include deptB
include any_other_node_specific_bits
}
and in templates.pp:-
class deptA {
include oracle, ldap, apache # all of these could refer to modules
and are specific apps for this dep''t
}
class deptB {
include mysql, gcc etc # modules/ classes specific to deptB
}
class node_default
include base_class # as detailed in the book - for items common
regardless of department
}
Cheers
Paul
2009/4/3 Bjørn Dyre Dyresen <bjorn@dyresen.net>
>
>
> 2009/4/3 Rene <rene.zbinden@gmail.com>
>
>>
>> Hi
>>
>> Our team is providing Linux servers to different departments in our
>> company. We want to change our configuration management tool and use
>> puppet in the future. I read the book “Pulling Strings with Puppet”
>> and the documentation on the puppet webpage.
>>
>> When I understood correctly, the way to go is to use modules. So we
>> would create modules for ssh, ldap, ntp etc… But the problem I have
>> is, that different IT Departements use different configurations
>> (different ssh config, different ntp conf etc…) So would I put the
>> logic inside this modules or is it better to create different ssh
>> modules for different departments? (I think the second one is not a
>> good choice, since with that we have the same resources defined in the
>> different modules and I think this is a problem, isn’t it?)
>>
>> Another question I have is about the services directory. Is my
>> understanding right, that services is just a grouping of modules?
>>
>> Thanks in advance
>>
>> Rene
>>
>
>
> You can make a fact telling to what department the computer belongs. Then
> you can use those facts as a selector for what to apply in your modules.
>
> Regards
>
>
>
> >
>
--
Paul Matthews
----------------------------------------------------------------------
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Hi Rene,
if only your team manages puppet configurations, you should use only a
module to manage all the differencies.
To cope with totally different files you can to something like
class ssh {
[...]
file {
"sshd_config":
mode => 600, owner => root, group => root,
require => Package[ssh-server],
ensure => present,
path => $operatingsystem ?{
default => "/etc/ssh/sshd_config",
},
content => [ template("ssh/sshd_config-
$hostname"), template("ssh/sshd_config-$my_zone"),
template("ssh/
sshd_config") ]
}
}
Some notes:
- The file is provided as as template of the module ssh, on the
puppetmaster it should stay in /module/dir/ssh/templates/sshd_config..
- The use of the array of templates with different names is good to
provide different files accoring to a specific host (if there''s the
relevant template, a more general zone (network or also department)
that you have to define with the custom variable $my_zone, or use a
fall back general use sshd_config.
- You may also decide to switch the logic that differentiates
configuration according to departments in the same template file.
For more info and examples about this approach you might find this
link useful: http://www.example42.com/wiki/InfrastructureDesignGuidelines
Regards,
Alessandro Franceschi
Rene wrote:> Hi
>
> Our team is providing Linux servers to different departments in our
> company. We want to change our configuration management tool and use
> puppet in the future. I read the book “Pulling Strings with Puppet”
> and the documentation on the puppet webpage.
>
> When I understood correctly, the way to go is to use modules. So we
> would create modules for ssh, ldap, ntp etc… But the problem I have
> is, that different IT Departements use different configurations
> (different ssh config, different ntp conf etc…) So would I put the
> logic inside this modules or is it better to create different ssh
> modules for different departments? (I think the second one is not a
> good choice, since with that we have the same resources defined in the
> different modules and I think this is a problem, isn’t it?)
>
> Another question I have is about the services directory. Is my
> understanding right, that services is just a grouping of modules?
>
> Thanks in advance
>
> Rene
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
How would you make facter to find out which server belongs to which department? On Apr 3, 3:00 pm, Bjørn Dyre Dyresen <bj...@dyresen.net> wrote:> 2009/4/3 Rene <rene.zbin...@gmail.com> > > > > > > > Hi > > > Our team is providing Linux servers to different departments in our > > company. We want to change our configuration management tool and use > > puppet in the future. I read the book “Pulling Strings with Puppet” > > and the documentation on the puppet webpage. > > > When I understood correctly, the way to go is to use modules. So we > > would create modules for ssh, ldap, ntp etc… But the problem I have > > is, that different IT Departements use different configurations > > (different ssh config, different ntp conf etc…) So would I put the > > logic inside this modules or is it better to create different ssh > > modules for different departments? (I think the second one is not a > > good choice, since with that we have the same resources defined in the > > different modules and I think this is a problem, isn’t it?) > > > Another question I have is about the services directory. Is my > > understanding right, that services is just a grouping of modules? > > > Thanks in advance > > > Rene > > You can make a fact telling to what department the computer belongs. Then > you can use those facts as a selector for what to apply in your modules. > > Regards--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 4/6/2009 5:52 PM, pc2 wrote:> How would you make facter to find out which server belongs to which > department?Assuming they aren''t already organized with subdomains per department (server1.dept1.domain.com, server1.dept2.domain.com) where you could just use the existing "domain" fact, you''d have to write your own fact [1], then distribute it to each client. If you already know that particular server names are for different departments, but don''t have them in separate domains, you could adapt HostgroupFact [2] to identify the department. [1] http://reductivelabs.com/trac/puppet/wiki/AddingFacts -- deprecated in favor of http://reductivelabs.com/trac/puppet/wiki/PluginsInModules , but I''m still using the old method currently. [2] http://reductivelabs.com/trac/puppet/wiki/Recipes/HostgroupFact -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Paul Thank you for that advice. I think in our case, that will not work, since it is possible that depA and depB have different lets say oracle settings. Best Regards, Rene On Apr 6, 5:19 pm, paul matthews <paulsmatth...@googlemail.com> wrote:> An alternate approach maybe to create a definition in your templates.pp > referred to by the node definition in nodes.pp > > so in nodes.pp:- > > node ''host1'' { > include node_default > include deptA > include any_other_node_specific_bits > > } > > node ''host2'' { > include node_default > include deptB > include any_other_node_specific_bits > > } > > and in templates.pp:- > > class deptA { > include oracle, ldap, apache # all of these could refer to modules > and are specific apps for this dep''t > > } > > class deptB { > include mysql, gcc etc # modules/ classes specific to deptB > > } > > class node_default > include base_class # as detailed in the book - for items common > regardless of department > > } > > Cheers > Paul > > 2009/4/3 Bjørn Dyre Dyresen <bj...@dyresen.net> > > > > > > > 2009/4/3 Rene <rene.zbin...@gmail.com> > > >> Hi > > >> Our team is providing Linux servers to different departments in our > >> company. We want to change our configuration management tool and use > >> puppet in the future. I read the book “Pulling Strings with Puppet” > >> and the documentation on the puppet webpage. > > >> When I understood correctly, the way to go is to use modules. So we > >> would create modules for ssh, ldap, ntp etc… But the problem I have > >> is, that different IT Departements use different configurations > >> (different ssh config, different ntp conf etc…) So would I put the > >> logic inside this modules or is it better to create different ssh > >> modules for different departments? (I think the second one is not a > >> good choice, since with that we have the same resources defined in the > >> different modules and I think this is a problem, isn’t it?) > > >> Another question I have is about the services directory. Is my > >> understanding right, that services is just a grouping of modules? > > >> Thanks in advance > > >> Rene > > > You can make a fact telling to what department the computer belongs. Then > > you can use those facts as a selector for what to apply in your modules. > > > Regards > > -- > Paul Matthews > ------------------------------------------------------------------------~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---