Hi, I''m figuring out a way to build a ssh-gateway. For that to work I want access to the internal ipaddresses that are used by my slaves (which get assigned by dhcp and thus are not predictable). This way I can change the host-file on my ssh-gateway so that hostnames point to the right nodes. So I want something like: SSH-gateway-hostfile: 192.168.1.12 hostname1 192.168.1.67 hostname2 Is there a way to access facts on from nodes other than the node you''re working on? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jan 1, 2011, at 12:53 AM, bowlby wrote:> Hi, > > I''m figuring out a way to build a ssh-gateway. For that to work I want > access to the internal ipaddresses that are used by my slaves (which > get assigned by dhcp and thus are not predictable). This way I can > change the host-file on my ssh-gateway so that hostnames point to the > right nodes. > > So I want something like: > > SSH-gateway-hostfile: > 192.168.1.12 hostname1 > 192.168.1.67 hostname2 > > Is there a way to access facts on from nodes other than the node > you''re working on?I think you could do this with storedconfigs+puppet_concat. The idea is that you make the file fragments using storedconfigs and then put the pieces together using puppet_concat. This solution tries to get around your original question. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Jan 01, 2011 at 12:53:11AM -0800, bowlby wrote:> Hi, > > I''m figuring out a way to build a ssh-gateway. For that to work I want > access to the internal ipaddresses that are used by my slaves (which > get assigned by dhcp and thus are not predictable). This way I can > change the host-file on my ssh-gateway so that hostnames point to the > right nodes. > > So I want something like: > > SSH-gateway-hostfile: > 192.168.1.12 hostname1 > 192.168.1.67 hostname2 > > Is there a way to access facts on from nodes other than the node > you''re working on? >Have a look at exported resources [1]. All your nodes that need an entry can export a resource @@host { $fqdn: ip => $ipaddress, host_aliases => $hostname, ensure => present, target => ''/ssh_gateway_hostfile'', tag => ''ssh-gateway'', } And on your gateway you''ll do Host <<| tag == ''ssh-gateway'' |>> You have to enable stored configuration for that [2]. Then you run puppet agent on all your slave nodes and after that on your ssh gateway. [1] http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources [2] http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks! Stefans suggestion seemed elegant and productive, and proved to be so. On Sat, Jan 1, 2011 at 6:48 PM, Stefan Schulte <stefan.schulte@taunusstein.net> wrote:> On Sat, Jan 01, 2011 at 12:53:11AM -0800, bowlby wrote: >> Hi, >> >> I''m figuring out a way to build a ssh-gateway. For that to work I want >> access to the internal ipaddresses that are used by my slaves (which >> get assigned by dhcp and thus are not predictable). This way I can >> change the host-file on my ssh-gateway so that hostnames point to the >> right nodes. >> >> So I want something like: >> >> SSH-gateway-hostfile: >> 192.168.1.12 hostname1 >> 192.168.1.67 hostname2 >> >> Is there a way to access facts on from nodes other than the node >> you''re working on? >> > > Have a look at exported resources [1]. All your nodes that need an entry > can export a resource > > @@host { $fqdn: > ip => $ipaddress, > host_aliases => $hostname, > ensure => present, > target => ''/ssh_gateway_hostfile'', > tag => ''ssh-gateway'', > } > > And on your gateway you''ll do > > Host <<| tag == ''ssh-gateway'' |>> > > You have to enable stored configuration for that [2]. Then you run > puppet agent on all your slave nodes and after that on your ssh gateway. > > [1] http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources > [2] http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration > > -Stefan > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sorry for reviving this old post but I''m having trouble with the above setup. Everytime one of my slaves changes it''s IP the hostfile on the ssh- gateway gets updated. So for, so good. But the update just adds an entry to the hosts-file, thereby leaving the old entry intact. So I end up with: 10.72.1.21 server1 10.72.1.45 server1 10.72.1.90 server1 etc. Is there an easy solution to this? Thanks! On Jan 3, 9:38 am, Bram Enning <bramenn...@gmail.com> wrote:> Thanks! Stefans suggestion seemed elegant and productive, and proved to be so. > > On Sat, Jan 1, 2011 at 6:48 PM, Stefan Schulte > > <stefan.schu...@taunusstein.net> wrote: > > On Sat, Jan 01, 2011 at 12:53:11AM -0800, bowlby wrote: > >> Hi, > > >> I''m figuring out a way to build a ssh-gateway. For that to work I want > >> access to the internal ipaddresses that are used by my slaves (which > >> get assigned by dhcp and thus are not predictable). This way I can > >> change the host-file on my ssh-gateway so that hostnames point to the > >> right nodes. > > >> So I want something like: > > >> SSH-gateway-hostfile: > >> 192.168.1.12 hostname1 > >> 192.168.1.67 hostname2 > > >> Is there a way to access facts on from nodes other than the node > >> you''re working on? > > > Have a look at exported resources [1]. All your nodes that need an entry > > can export a resource > > > @@host { $fqdn: > > ip => $ipaddress, > > host_aliases => $hostname, > > ensure => present, > > target => ''/ssh_gateway_hostfile'', > > tag => ''ssh-gateway'', > > } > > > And on your gateway you''ll do > > > Host <<| tag == ''ssh-gateway'' |>> > > > You have to enable stored configuration for that [2]. Then you run > > puppet agent on all your slave nodes and after that on your ssh gateway. > > > [1]http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources > > [2]http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configura... > > > -Stefan > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
If you''re managing all of the entries in /etc hosts with puppet, you
can use the resources resource to purge entries that do not have
resources declared in the catalog.
resources { host: purge => true }
WARNING this will delete entries you have not declared in the catalog.
Test things out with --noop
-Jeff
On Jan 28, 2011, at 1:03 PM, bowlby <bramenning@gmail.com> wrote:
> Sorry for reviving this old post but I''m having trouble with the
above
> setup.
>
> Everytime one of my slaves changes it''s IP the hostfile on the
ssh-
> gateway gets updated. So for, so good. But the update just adds an
> entry to the hosts-file, thereby leaving the old entry intact. So I
> end up with:
>
> 10.72.1.21 server1
> 10.72.1.45 server1
> 10.72.1.90 server1
> etc.
>
> Is there an easy solution to this?
>
> Thanks!
>
>
> On Jan 3, 9:38 am, Bram Enning <bramenn...@gmail.com> wrote:
>> Thanks! Stefans suggestion seemed elegant and productive, and proved to
be so.
>>
>> On Sat, Jan 1, 2011 at 6:48 PM, Stefan Schulte
>>
>> <stefan.schu...@taunusstein.net> wrote:
>>> On Sat, Jan 01, 2011 at 12:53:11AM -0800, bowlby wrote:
>>>> Hi,
>>
>>>> I''m figuring out a way to build a ssh-gateway. For
that to work I want
>>>> access to the internal ipaddresses that are used by my slaves
(which
>>>> get assigned by dhcp and thus are not predictable). This way I
can
>>>> change the host-file on my ssh-gateway so that hostnames point
to the
>>>> right nodes.
>>
>>>> So I want something like:
>>
>>>> SSH-gateway-hostfile:
>>>> 192.168.1.12 hostname1
>>>> 192.168.1.67 hostname2
>>
>>>> Is there a way to access facts on from nodes other than the
node
>>>> you''re working on?
>>
>>> Have a look at exported resources [1]. All your nodes that need an
entry
>>> can export a resource
>>
>>> @@host { $fqdn:
>>> ip => $ipaddress,
>>> host_aliases => $hostname,
>>> ensure => present,
>>> target => ''/ssh_gateway_hostfile'',
>>> tag => ''ssh-gateway'',
>>> }
>>
>>> And on your gateway you''ll do
>>
>>> Host <<| tag == ''ssh-gateway'' |>>
>>
>>> You have to enable stored configuration for that [2]. Then you run
>>> puppet agent on all your slave nodes and after that on your ssh
gateway.
>>
>>>
[1]http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources
>>>
[2]http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configura...
>>
>>> -Stefan
>>
>>> --
>>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Fri, Jan 28, 2011 at 01:03:24PM -0800, bowlby wrote:> Sorry for reviving this old post but I''m having trouble with the above > setup. > > Everytime one of my slaves changes it''s IP the hostfile on the ssh- > gateway gets updated. So for, so good. But the update just adds an > entry to the hosts-file, thereby leaving the old entry intact. So I > end up with: > > 10.72.1.21 server1 > 10.72.1.45 server1 > 10.72.1.90 server1 > etc. > > Is there an easy solution to this? > > Thanks!Since the fqdn is the key this should NOT happen. Puppet should detect the change of the ip. Can you please post the complete resource definition? -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Stephan,
You''re resonse got me thinking. I was using this on Amazon EC2:
@@host { $fqdn:
ip => $ipaddress,
host_aliases => ["${hostname_alias}",
"${domain_name}", "${hostname}"],
ensure => present,
target => "/etc/hosts",
tag => ''ssh-gateway'',
}
I''m using my own variables $hostname_alias and domain_name to get
hostnames that humans can read (instead of the Amazon supplied random
hostnames).
So I should have used:
@@host { $hostname_alias:
ip => $ipaddress,
host_aliases => ["${hostname_alias}",
"${domain_name}", "${hostname}"],
ensure => present,
target => "/etc/hosts",
tag => ''ssh-gateway'',
}
This way it works fine.
Greetings!
On Fri, Jan 28, 2011 at 11:13 PM, Stefan Schulte
<stefan.schulte@taunusstein.net> wrote:> On Fri, Jan 28, 2011 at 01:03:24PM -0800, bowlby wrote:
>> Sorry for reviving this old post but I''m having trouble with
the above
>> setup.
>>
>> Everytime one of my slaves changes it''s IP the hostfile on the
ssh-
>> gateway gets updated. So for, so good. But the update just adds an
>> entry to the hosts-file, thereby leaving the old entry intact. So I
>> end up with:
>>
>> 10.72.1.21 server1
>> 10.72.1.45 server1
>> 10.72.1.90 server1
>> etc.
>>
>> Is there an easy solution to this?
>>
>> Thanks!
>
> Since the fqdn is the key this should NOT happen. Puppet should detect
> the change of the ip. Can you please post the complete resource
> definition?
>
> -Stefan
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Hey,> I''m figuring out a way to build a ssh-gateway. For that to work I want > access to the internal ipaddresses that are used by my slavesWhat are you trying to do? Are you trying to cluster SSH?> (which > get assigned by dhcp and thus are not predictable).You know that DHCP also provides options to make it less random? You could use dynamic DNS entries, or fixed IPs per MAC address.... Regards, Stefan. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Stephan, I''m using Amazon EC2 instances as slaves and want to connect to these slaves via ssh but do not want the world to see port 22 is accessible. So the world just sees port 80. On the internal network I want an ssh-gateway to which I can connect. On the ssh-gateway I just want to issue ''ssh user@hostname_alias'' to connect to slave ''hostname_alias''. Amazons DHCP and hostnaming is unpredictable and not human-readable, that''s why I''m jumping through these hoops. Greetings EC2 instances get a different IP and hostname On Sat, Jan 29, 2011 at 12:18 PM, Stefan Schlesinger <sts@ono.at> wrote:> Hey, > >> I''m figuring out a way to build a ssh-gateway. For that to work I want >> access to the internal ipaddresses that are used by my slaves > > What are you trying to do? Are you trying to cluster SSH? > >> (which >> get assigned by dhcp and thus are not predictable). > > You know that DHCP also provides options to make it less random? > You could use dynamic DNS entries, or fixed IPs per MAC address.... > > Regards, Stefan. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.