Puppet users - Jun 2009 - removing resources no longer specified

Currently, if I want to remove resources from a node that I''ve 
previously configured, I''m doing ''anti'' patterns. Is
there away for
puppet to do it for me? For example, if I started with:

define website () {
     file { "/etc/apache2/sites-enabled/$name.conf":
         content => template("website/apache2.conf.erb")
     }
}
node ''oldwebserver'' {
     package { apache2:
         ensure => installed,
     }
     website { "www.example.com":
     }
}

And then I wanted to get ride of that website from that specific node:

define website::anti () {
     file { "/etc/apache2/sites-enabled/$name.conf":
         ensure => absent
     }
}
node ''oldwebserver'' {
     package { apache2:
         ensure => absent,
     }
     website::anti { "www.example.com":
     }
}

But can puppet make this easier for me? What I''d like to do instead is:
node ''oldwebserver'' {
}

At the moment puppet doesn''t behave in that manner, it simply leaves
the
Package and File resources in their last configured state, and forgets 
about them. So I was wondering if it is possible for a storeconfigs 
database to store some history of configs?

If it is possible (or if it''s possible to build that feature in), is it
possible with that history to determine when a resource changes from 
existing in the manifest, to not existing in the manifest?

If that is possible (or could be built in), could you make puppet 
automatically remove that resource from the client system if it detects 
a resource has been removed?

-- 
+-Geoff Crompton
+--Debian System Administrator
+---Trinity College

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, Jun 15, 2009 at 09:27:02AM +1000, Geoff Crompton
wrote:
> Currently, if I want to remove resources from a node that I''ve 
> previously configured, I''m doing ''anti''
patterns. Is there away for
> puppet to do it for me? For example, if I started with:
> 
This sort of functionality is something I''ve been thinking about for a
while. If it is something we could work out I think it is something
that would take puppet to another level.

Maybe the implementation would be something like this.

For native types you would define something like

file {
    ''/etc/apache/sites-enabled/moo'':
        source => ''puppet:///config/moo'',
        reverse => true,
}

for custom defines or more complex types where you need to do more
than the obvious.

file {
    ''/etc/apache/sites-enabled/moo'':
        source => ''puppet:///config/moo'',
        reverse => Exec["$name:anti"}
}

exec {
    ''/etc/apache/sites-enabled/moo:anti'':
        command => "mv /etc/apache/sites-enabled/moo /backups/moo",
        notify => Service[''apache'']
}

Puppet would then do some sort of diff between the configurations to
work out what has disappeared since the last run.

This is obviously a lot more complex and probably has some really ugly
corner cases.

Apache sites-available/enabled files are the biggest use case for
myself. It would be great to know that if I just remove the
declaration from my nodes.pp then the file automatically disappears on
the server without me having to worry about it.

On second thoughts probably scratch the first example above as you
would then probably also have potentially need to add reverse_notify
etc which might be overkill.

Cheers,
John


--
John
Blog                        http://www.inodes.org/blog
OLPC Friends                     http://olpcfriends.org


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Geoff Crompton schrieb:
> Currently, if I want to remove resources from a node that I''ve 
> previously configured, I''m doing ''anti''
patterns. Is there away for
> puppet to do it for me? For example, if I started with:
[...]
> If that is possible (or could be built in), could you make puppet 
> automatically remove that resource from the client system if it detects 
> a resource has been removed?
I''ve using two recipes to solve such problems:

The first is extensive use of purging. For example, I put apache''s 
virtual host definitions into a directory that is set to purge, with one 
file per virtual host. So if I stop managing a virtual host, puppet will 
automatically remove the file containing the configuration and notify 
(via the directory) apache to reload.

The other recipe doesn''t use puppet directly, but is only enabled by
it:
One Server Per Node. Lightweight containers like Linux-VServer, OpenVZ, 
BSD''s jail or Solaris'' zones allow us technically to have a
separate OS
instance for every service we run. Puppet allows us to manage them too. 
Once you have this in place, you can just destroy the container if you 
no longer need the service, or re-image its contents when there are 
fundamental changes.



Regards, DavidS
-- 
dasz.at OG              Tel: +43 (0)664 2602670     Web: http://dasz.at
Klosterneuburg                                         UID: ATU64260999

        FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi.

We also do this for most of our classes and it increases the code that  
has to be written.

Usually we have something like:

class foo {
	$presence_real = $presence {
	"" => "present'',
	"absent" => "absent"
	}
	file{"xyz":
	ensure => $presence_real,
	}
	package{"a_package":
	ensure => $presence_real
	}
	case $presence_real {
		"present": {
			exec{"echo ''hello world'' >/tmp/hello":
		 	onlyif => "test ! -e /tmp/hello",
			}	
		}
		"absent": {
			file{"/tmp/hello":
		 	ensure => $presence_real,
			}
		}
	}	
	# and so on
}

class foo::none {
	$presence = "absent"
	include foo
}

This works pretty well, but there is a lot of redundant code within  
all of our classes now.

In the last days I got the idea that it might be nice if puppet would  
create these ''anti'' classes by itself

all resources in "class foo" that have an ensure parameter could be  
set to "absent" when the class is referenced via:

include foo::none

The other option would be to introduce arguments to classes. I think  
this is a feature request already.

include foo { ensure => "absent" }

Of course this would not solve the problem for all types ("exec" is  
hard...), but it is a good start. And it would save a lot of code  
already.

Bye,
udo.

On 15.06.2009, at 01:27, Geoff Crompton wrote:
>
> Currently, if I want to remove resources from a node that I''ve
> previously configured, I''m doing ''anti''
patterns. Is there away for
> puppet to do it for me? For example, if I started with:
>
> define website () {
>     file { "/etc/apache2/sites-enabled/$name.conf":
>         content => template("website/apache2.conf.erb")
>     }
> }
> node ''oldwebserver'' {
>     package { apache2:
>         ensure => installed,
>     }
>     website { "www.example.com":
>     }
> }
>
> And then I wanted to get ride of that website from that specific node:
>
> define website::anti () {
>     file { "/etc/apache2/sites-enabled/$name.conf":
>         ensure => absent
>     }
> }
> node ''oldwebserver'' {
>     package { apache2:
>         ensure => absent,
>     }
>     website::anti { "www.example.com":
>     }
> }
>
> But can puppet make this easier for me? What I''d like to do
instead
> is:
> node ''oldwebserver'' {
> }
>
> At the moment puppet doesn''t behave in that manner, it simply
leaves
> the
> Package and File resources in their last configured state, and forgets
> about them. So I was wondering if it is possible for a storeconfigs
> database to store some history of configs?
>
> If it is possible (or if it''s possible to build that feature in),
is
> it
> possible with that history to determine when a resource changes from
> existing in the manifest, to not existing in the manifest?
>
> If that is possible (or could be built in), could you make puppet
> automatically remove that resource from the client system if it  
> detects
> a resource has been removed?
>
> -- 
> +-Geoff Crompton
> +--Debian System Administrator
> +---Trinity College
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google  
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
-- 
:: udo waechter - root@zoide.net :: N 52º16''30.5" E
8º3''10.1"
:: genuine input for your ears: http://auriculabovinari.de
::                          your eyes: http://ezag.zoide.net
::                          your brain: http://zoide.net

>
> But can puppet make this easier for me? What I''d like to do
instead is:
> node ''oldwebserver'' {
> }
>
> At the moment puppet doesn''t behave in that manner, it simply
leaves the
> Package and File resources in their last configured state, and forgets
> about them. So I was wondering if it is possible for a storeconfigs
> database to store some history of configs?
>
> If it is possible (or if it''s possible to build that feature in),
is it
> possible with that history to determine when a resource changes from
> existing in the manifest, to not existing in the manifest?
>
> If that is possible (or could be built in), could you make puppet
> automatically remove that resource from the client system if it detects
> a resource has been removed?
>
Well there was a long discussion about this on the list a while back.
In a nutshell having puppet automagiclly removing things was generally
a bad idea as it could have very large nasty unexpected side effects.
one of the goals of a good configuration management system is no
surprises.

Udo''s include foo {ensure => absent} idea might be a way around the
surprise issue. Still explicitly set by the user, but using puppets
internal knowledge to make things happen.

Evan

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---