Puppet users - Jul 2009 - Influencing a class from another one?

I can''t figure how to do this cleanly, here''s the story:

I have an rsyslog class with a template generating /etc/rsyslog.conf

I have some other classes (namely, ossec::server, does what it says)
that need to influence what''s going on inside rsyslog.conf, in
particular I want local0.* not to be logged in /var/log/messages on
the machines that include ossec::server

How can I do that? I can''t seem to be able to do it with variables.

Any help appreciated.



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Can you create fact that determines your condition (if ossec server is  
to be or is installed I take it)? You can then refer to the fact in  
your rsyslog code.

---
Thanks,

Allan Marcus
505-667-5666



On Jul 2, 2009, at 3:03 PM, niczar wrote:
>
> I can''t figure how to do this cleanly, here''s the story:
>
> I have an rsyslog class with a template generating /etc/rsyslog.conf
>
> I have some other classes (namely, ossec::server, does what it says)
> that need to influence what''s going on inside rsyslog.conf, in
> particular I want local0.* not to be logged in /var/log/messages on
> the machines that include ossec::server
>
> How can I do that? I can''t seem to be able to do it with
variables.
>
> Any help appreciated.
>
>
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Other solution would be to create a rsyslog type and call it in the   
ossec::server class.

I have a sendmail class that has this syslog type:

         syslog { "/var/log/maillog":
                 selector => "mail.debug",
                 ensure => present,
                 owner => root,
                 group => mail,
                 mode => 644,
         }

I have a rsyslog provider that knows how to format this data into the  
proper /etc/rsyslog.conf syntax.

- JimP

On Jul 2, 2009, at 6:38 PM, Allan Marcus wrote:
>
> Can you create fact that determines your condition (if ossec server is
> to be or is installed I take it)? You can then refer to the fact in
> your rsyslog code.
>
> ---
> Thanks,
>
> Allan Marcus
> 505-667-5666
>
>
>
> On Jul 2, 2009, at 3:03 PM, niczar wrote:
>
>>
>> I can''t figure how to do this cleanly, here''s the
story:
>>
>> I have an rsyslog class with a template generating /etc/rsyslog.conf
>>
>> I have some other classes (namely, ossec::server, does what it says)
>> that need to influence what''s going on inside rsyslog.conf, in
>> particular I want local0.* not to be logged in /var/log/messages on
>> the machines that include ossec::server
>>
>> How can I do that? I can''t seem to be able to do it with
variables.
>>
>> Any help appreciated.
>>
>>
>>
>>>
>
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google  
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
> To unsubscribe from this group, send email to puppet-users 
> +unsubscribe@googlegroups.com
> For more options, visit this group at http://groups.google.com/ 
> group/puppet-users?hl=en
> -~----------~----~----~----~------~----~------~--~---
--- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $
     __o  jim@pirzyk.org -------------------------------------------
  _''\<,_
(*)/ (*) I''d rather be out biking.

niczar wrote:
> I can''t figure how to do this cleanly, here''s the story:
> 
> I have an rsyslog class with a template generating /etc/rsyslog.conf
> 
> I have some other classes (namely, ossec::server, does what it says)
> that need to influence what''s going on inside rsyslog.conf, in
> particular I want local0.* not to be logged in /var/log/messages on
> the machines that include ossec::server
> 
> How can I do that? I can''t seem to be able to do it with
variables.
> 
> Any help appreciated.
>
The rsyslog class needs to setup a way to include "foreign" 
configuration statements, like by using a directory include or a 
concatenated_file. Then any other class can put configuration there and 
rsyslog will pick it up easily.

Take care to get the notifications right, so the service reloads as 
neccessary. Probably best done with a rsyslog::config_file define.



Regards, DavidS

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 3, 12:38 am, Allan Marcus <al...@lanl.gov>
wrote:
> Can you create fact that determines your condition (if ossec server is  
> to be or is installed I take it)? You can then refer to the fact in  
> your rsyslog code.
Hm, no, whether or not ossec::server is installed is decided in my
puppet config file, it doesn''t strike me as very logical to go check
on the machine.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 3, 9:56 am, David Schmitt <da...@dasz.at> wrote:
> The rsyslog class needs to setup a way to include "foreign"
> configuration statements, like by using a directory include or a
> concatenated_file. Then any other class can put configuration there and
> rsyslog will pick it up easily.
What is a concatenated_file?
> Take care to get the notifications right, so the service reloads as
> neccessary. Probably best done with a rsyslog::config_file define.
>
> Regards, DavidS
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Think he means this : http://nephilim.ml.org/~rip/puppet/concatfile/

(Volcane on IRC recommended/wrote it; the idea is for e.g. each service
that needs a firewall rule can create a fragment of an iptables config,
which is then concatenated into a single config file by the iptables class.)

On Sat, Jul 4, 2009 at 12:02 AM, niczar<nico@altiva.fr>
wrote:
>
>
>
> On Jul 3, 9:56 am, David Schmitt <da...@dasz.at> wrote:
>
>> The rsyslog class needs to setup a way to include "foreign"
>> configuration statements, like by using a directory include or a
>> concatenated_file. Then any other class can put configuration there and
>> rsyslog will pick it up easily.
>
> What is a concatenated_file?
>
>> Take care to get the notifications right, so the service reloads as
>> neccessary. Probably best done with a rsyslog::config_file define.
>>
>> Regards, DavidS
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Dick Davies wrote:
> Think he means this : http://nephilim.ml.org/~rip/puppet/concatfile/
> 
> (Volcane on IRC recommended/wrote it; the idea is for e.g. each service
> that needs a firewall rule can create a fragment of an iptables config,
> which is then concatenated into a single config file by the iptables
class.)
Actually, I meant 
http://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/concatenated_file.pp;hb=HEAD
which is mostly the same, since Volcane and I were heavily influenced by 
each other.

Regards, DavidS
> 
> On Sat, Jul 4, 2009 at 12:02 AM, niczar<nico@altiva.fr> wrote:
>>
>>
>> On Jul 3, 9:56 am, David Schmitt <da...@dasz.at> wrote:
>>
>>> The rsyslog class needs to setup a way to include
"foreign"
>>> configuration statements, like by using a directory include or a
>>> concatenated_file. Then any other class can put configuration there
and
>>> rsyslog will pick it up easily.
>> What is a concatenated_file?
>>
>>> Take care to get the notifications right, so the service reloads as
>>> neccessary. Probably best done with a rsyslog::config_file define.
>>>
>>> Regards, DavidS
>>>
> 
> > 
> 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 6, 11:00 am, David Schmitt <da...@dasz.at>
wrote:
> Dick Davies wrote:
> > Think he means this :http://nephilim.ml.org/~rip/puppet/concatfile/
>
> > (Volcane on IRC recommended/wrote it; the idea is for e.g. each
service
> > that needs a firewall rule can create a fragment of an iptables
config,
> > which is then concatenated into a single config file by the iptables
class.)
>
> Actually, I
meanthttp://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/co...
> which is mostly the same, since Volcane and I were heavily influenced by
> each other.
Well thank you, that seems to answer my question; however I can''t help
but think there''s gotta be a better way to do this. This looks like a
limitation in core puppet. I don''t find the idea of performing such
computations on the client very puppet-like.

Regards,
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

niczar wrote:
> On Jul 6, 11:00 am, David Schmitt <da...@dasz.at> wrote:
>> Dick Davies wrote:
>>> Think he means this :http://nephilim.ml.org/~rip/puppet/concatfile/
>>> (Volcane on IRC recommended/wrote it; the idea is for e.g. each
service
>>> that needs a firewall rule can create a fragment of an iptables
config,
>>> which is then concatenated into a single config file by the
iptables class.)
>> Actually, I
meanthttp://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/co...
>> which is mostly the same, since Volcane and I were heavily influenced
by
>> each other.
> 
> Well thank you, that seems to answer my question; however I can''t
help
> but think there''s gotta be a better way to do this. This looks
like a
> limitation in core puppet. I don''t find the idea of performing
such
> computations on the client very puppet-like.
If you have all information on the puppetmaster, you can use a function 
like generate() or template() to create the file there. In some cases -- 
especially when using export/collect -- the master doesn''t have enough 
information readily available for such functions to work. Indeed in 
these latter cases, it is not only a limitation of puppet''s core, but 
generally restritictions on information flow. Especially when trying to 
exchange information between independent modules.


Regards, DavidS

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---