Puppet users - May 2010 - Best-practice way of handling IP addresses

Hi,

naturally, there are many places in a typical puppet manifest where
one needs to use IP addresses:

* network config
* Listen directives in server daemons
* hosts file
* ...

I was wondering if there is some ''best practice'' way of
specifying the
IP addresses of all the hosts in one place and then using these
variables whenever necessary? (BTW, are there global variables in
puppet?)

Thanks for your insight,

Andreas

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

You can get the ipadress with facter (and use it in your puppet classes, 
templates ...)

Benoit

Le 22/05/2010 11:08, andreash a écrit :
> Hi,
>
> naturally, there are many places in a typical puppet manifest where
> one needs to use IP addresses:
>
> * network config
> * Listen directives in server daemons
> * hosts file
> * ...
>
> I was wondering if there is some ''best practice'' way of
specifying the
> IP addresses of all the hosts in one place and then using these
> variables whenever necessary? (BTW, are there global variables in
> puppet?)
>
> Thanks for your insight,
>
> Andreas
>
>    
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

thanks for your input. I had already thought about that, but initially
wanted to be able to set the ip addresses using puppet. Or is that a
bad idea?

Cheers,

Andreas.

On 22 Mai, 20:42, Benoit Cattié <pup...@benoit.cattie.net>
wrote:
> Hi,
>
> You can get the ipadress with facter (and use it in your puppet classes,
> templates ...)
>
> Benoit
>
> Le 22/05/2010 11:08, andreash a écrit :
>
>
>
> > Hi,
>
> > naturally, there are many places in a typical puppet manifest where
> > one needs to use IP addresses:
>
> > * network config
> > * Listen directives in server daemons
> > * hosts file
> > * ...
>
> > I was wondering if there is some ''best practice'' way
of specifying the
> > IP addresses of all the hosts in one place and then using these
> > variables whenever necessary? (BTW, are there global variables in
> > puppet?)
>
> > Thanks for your insight,
>
> > Andreas
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

It''s usually much easier to use DHCP for desktops, and some servers. 
Also, the computer will (usually) need an ip address before the first puppet
run.

On May 22, 2010, at 1:59 PM, andreash wrote:
> Hi,
> 
> thanks for your input. I had already thought about that, but initially
> wanted to be able to set the ip addresses using puppet. Or is that a
> bad idea?
> 
> Cheers,
> 
> Andreas.
> 
> On 22 Mai, 20:42, Benoit Cattié <pup...@benoit.cattie.net> wrote:
>> Hi,
>> 
>> You can get the ipadress with facter (and use it in your puppet
classes,
>> templates ...)
>> 
>> Benoit
>> 
>> Le 22/05/2010 11:08, andreash a écrit :
>> 
>> 
>> 
>>> Hi,
>> 
>>> naturally, there are many places in a typical puppet manifest where
>>> one needs to use IP addresses:
>> 
>>> * network config
>>> * Listen directives in server daemons
>>> * hosts file
>>> * ...
>> 
>>> I was wondering if there is some ''best practice''
way of specifying the
>>> IP addresses of all the hosts in one place and then using these
>>> variables whenever necessary? (BTW, are there global variables in
>>> puppet?)
>> 
>>> Thanks for your insight,
>> 
>>> Andreas
>> 
>> --
>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 05/22/2010 04:59 PM, andreash wrote:
> Hi,
> 
> thanks for your input. I had already thought about that, but initially
> wanted to be able to set the ip addresses using puppet. Or is that a
> bad idea?
> 
Hi, you should probably use DHCP static leases, but in situations where
you can''t, it is possible to create a define that uses an ERB template
so you can config network interfaces from inside puppet. I do this right
now with Ubuntu, though I think it would be even easier on RHEL/CentOS.

-- 
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L''ennui est contre-révolutionnaire

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

I think the idea with the static DHCP leases is a good one :) But even
then, wouldn''t I want to set the DHCP config via puppet, so I would
need to define all the IPs inside puppet?

Cheers,

Andreas.

On 23 Mai, 15:50, Joe McDonagh <joseph.e.mcdon...@gmail.com>
wrote:
> On 05/22/2010 04:59 PM, andreash wrote:
>
> > Hi,
>
> > thanks for your input. I had already thought about that, but initially
> > wanted to be able to set the ip addresses using puppet. Or is that a
> > bad idea?
>
> Hi, you should probably use DHCP static leases, but in situations where
> you can''t, it is possible to create a define that uses an ERB
template
> so you can config network interfaces from inside puppet. I do this right
> now with Ubuntu, though I think it would be even easier on RHEL/CentOS.
>
> --
> Joe McDonagh
> AIM: YoosingYoonickz
> IRC: joe-mac on freenode
> L''ennui est contre-révolutionnaire
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On May 22, 8:42 pm, Benoit Cattié <pup...@benoit.cattie.net>
wrote:
> Hi,
>
> You can get the ipadress with facter (and use it in your puppet classes,
> templates ...)
That was what I also had in mind first when I needed to specify a
host''s IP address as bind address in some xinetd spawned
server''s
config file.

However, how do you pick the proper IP address if you have to deal
with multihomed hosts like I have with most of our hosts?

This is for example what facter spits out on one such multihomed host
of ours:

$ facter|grep ipaddress
ipaddress => 192.168.1.12
ipaddress_bond0 => 192.168.1.12
ipaddress_eth0 => 10.25.218.220
ipaddress_eth2 => 10.25.139.12
ipaddress_eth2_1 => 10.25.139.15

One would assume that the "variable" $ipaddress is the host''s
"real"
IP, especially as it''s also the one bound to the only bonded NIC.
But here it''s actually the one bound to eth2

$ dig $(hostname -f) A +short
10.25.139.12

$ /sbin/ip a s eth2|grep inet\
    inet 10.25.139.12/24 brd 10.25.139.255 scope global eth2
    inet 10.25.139.15/24 brd 10.25.139.255 scope global secondary
eth2:1


So I thought that I could let this dilemma best be sorted out by the
host''s resolver,
and by applying some of my Perl knowledge to Ruby (of which in turn I
so far almost know nothing about)
thought that some ERB markup like this within a Puppet template might
help (at least in the irb shell it seems to work):

<% require ''socket'' -%>
<% bind_ip = Socket.gethostbyname(Socket.gethostname)
[-1].unpack(''C4'').join(''.'')  -%>

But probably there are better solutions, especially those that Puppet
or Ruby experts would apply,
and which as a Puppet newbie I am likewise eager to hear about.




-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

DWIM <ralph.grothe@itdz-berlin.de> writes:
> On May 22, 8:42 pm, Benoit Cattié <pup...@benoit.cattie.net> wrote:
>>
>> You can get the ipadress with facter (and use it in your puppet
classes,
>> templates ...)
>
> That was what I also had in mind first when I needed to specify a
> host''s IP address as bind address in some xinetd spawned
server''s
> config file.
>
> However, how do you pick the proper IP address if you have to deal
> with multihomed hosts like I have with most of our hosts?
Hah!  You don''t, because those facts were written to match the vague
relationship that distributions express (one IP per "device") rather
than the
reality of the relationships.

[...]
> $ /sbin/ip a s eth2|grep inet\
>     inet 10.25.139.12/24 brd 10.25.139.255 scope global eth2
>     inet 10.25.139.15/24 brd 10.25.139.255 scope global secondary eth2:1
NB: That tagging of that second address as ''eth2:1'' is not
necessary, and many
of our servers have secondary addresses without any of the alias mess
attached.  Just sayin''

[...]
> But probably there are better solutions, especially those that Puppet or
> Ruby experts would apply, and which as a Puppet newbie I am likewise eager
> to hear about.
I would strongly suggest you are going about this the wrong way: if you have a
multi-homed host, and you need to bind the service to a specific IP address,
you have a *good* reason for doing that.

So, specify to your service which address it should be bound to, rather than
trying to do something magical about it all.  Tell the system which IP you
need the service to be listening on.


Otherwise, if you don''t actually have a good reason, or know which IP
it
should be bound to, why are you trying to bind it to an IP anyhow?

        Daniel
-- 
✣ Daniel Pittman            ✉ daniel@rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 05/23/2010 10:08 AM, andreash wrote:
> Hi,
> 
> I think the idea with the static DHCP leases is a good one :) But even
> then, wouldn''t I want to set the DHCP config via puppet, so I
would
> need to define all the IPs inside puppet?
> 
> Cheers,
> 
> Andreas.
> 
> On 23 Mai, 15:50, Joe McDonagh <joseph.e.mcdon...@gmail.com> wrote:
>> On 05/22/2010 04:59 PM, andreash wrote:
>>
>>> Hi,
>>
>>> thanks for your input. I had already thought about that, but
initially
>>> wanted to be able to set the ip addresses using puppet. Or is that
a
>>> bad idea?
>>
>> Hi, you should probably use DHCP static leases, but in situations where
>> you can''t, it is possible to create a define that uses an ERB
template
>> so you can config network interfaces from inside puppet. I do this
right
>> now with Ubuntu, though I think it would be even easier on RHEL/CentOS.
>>
>> --
>> Joe McDonagh
>> AIM: YoosingYoonickz
>> IRC: joe-mac on freenode
>> L''ennui est contre-révolutionnaire
>>
>> --
>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
> 
Yes, you keep the dhcpd.conf in puppet and serve it out via source or as
a template via content in a file resource, then notify a dhcpd service
definition. The dhcpd.conf is pretty much part of the bootstrap phase,
so I don''t think you''d want to rely on a stored config
export/collect
setup to build the file.

-- 
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L''ennui est contre-révolutionnaire

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.