Puppet users - Feb 2011 - Config Deployment: baseline manifest to all hosts, different sudoers,autofs..etc(manifest) to hosts, by hostname?

Hi all,

I think this has been asked in one form or another, but my problem so
far is i''m not sure of the terminology or nomenclature to use in my
search string to find out my answer...

So, here is my question..

I have lots of systems/instances, like most of us, and like most of
they are spread across different tiers and environments.

ie. dev/stg/prod

i''ve setup my puppet master to look for environment variables and
based off of that the client will look under /etc/puppet/development
or ./lab or ./prod ...etc..etc (that works great)

Now i''ve reached the point where I have a global baseline config/
manifest that every host in each environment(dev/stg/prod) will get -
that works great as well.

My problem now is that we have different host "groups", that require
different files set of files outside of what the global base_line
manifest provides.

for intance..

host that contain "wwwfe" in their host name need a different sudoers
file then hosts that contain "profile" in thier hostname

is there a way that i can say...

provide the base_line to every machines/instance, but only provide the
"www-sudoers" file to host that contain "wwwfe" in their
hostname

or...

provide the profile_sudoers file only to hosts that contain the
"profile" in their host names?

not sure if they is even the correct way to go about this....
currently I don''t have any external node configuration(ie. ldap) so
i''m doing everything by hand in the nodes.pp file

Thanks guy/gals, I really appreciate all the help!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Currently puppet supports regex matching on node names

also puppet looks if a node is named default and applies this manifest
but there is also an "inherit" where nodes can inherit another one
(but
only one!) so it might help to split your manifests up to different
nodes and inherit them either to regex , specific node names or the
default one

Regards,
Mike

Am 24.02.2011 15:16, schrieb Jed:
> Hi all,
> 
> I think this has been asked in one form or another, but my problem so
> far is i''m not sure of the terminology or nomenclature to use in
my
> search string to find out my answer...
> 
> So, here is my question..
> 
> I have lots of systems/instances, like most of us, and like most of
> they are spread across different tiers and environments.
> 
> ie. dev/stg/prod
> 
> i''ve setup my puppet master to look for environment variables and
> based off of that the client will look under /etc/puppet/development
> or ./lab or ./prod ...etc..etc (that works great)
> 
> Now i''ve reached the point where I have a global baseline config/
> manifest that every host in each environment(dev/stg/prod) will get -
> that works great as well.
> 
> My problem now is that we have different host "groups", that
require
> different files set of files outside of what the global base_line
> manifest provides.
> 
> for intance..
> 
> host that contain "wwwfe" in their host name need a different
sudoers
> file then hosts that contain "profile" in thier hostname
> 
> is there a way that i can say...
> 
> provide the base_line to every machines/instance, but only provide the
> "www-sudoers" file to host that contain "wwwfe" in
their hostname
> 
> or...
> 
> provide the profile_sudoers file only to hosts that contain the
> "profile" in their host names?
> 
> not sure if they is even the correct way to go about this....
> currently I don''t have any external node configuration(ie. ldap)
so
> i''m doing everything by hand in the nodes.pp file
> 
> Thanks guy/gals, I really appreciate all the help!
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

At the least, can someone be so kind as to tell me the term to search
about -- i''ve googled a bit, and I think "node override" is
what im
after?

On Feb 24, 9:16 am, Jed <jedbl...@gmail.com>
wrote:
> Hi all,
>
> I think this has been asked in one form or another, but my problem so
> far is i''m not sure of the terminology or nomenclature to use in
my
> search string to find out my answer...
>
> So, here is my question..
>
> I have lots of systems/instances, like most of us, and like most of
> they are spread across different tiers and environments.
>
> ie. dev/stg/prod
>
> i''ve setup my puppet master to look for environment variables and
> based off of that the client will look under /etc/puppet/development
> or ./lab or ./prod ...etc..etc (that works great)
>
> Now i''ve reached the point where I have a global baseline config/
> manifest that every host in each environment(dev/stg/prod) will get -
> that works great as well.
>
> My problem now is that we have different host "groups", that
require
> different files set of files outside of what the global base_line
> manifest provides.
>
> for intance..
>
> host that contain "wwwfe" in their host name need a different
sudoers
> file then hosts that contain "profile" in thier hostname
>
> is there a way that i can say...
>
> provide the base_line to every machines/instance, but only provide the
> "www-sudoers" file to host that contain "wwwfe" in
their hostname
>
> or...
>
> provide the profile_sudoers file only to hosts that contain the
> "profile" in their host names?
>
> not sure if they is even the correct way to go about this....
> currently I don''t have any external node configuration(ie. ldap)
so
> i''m doing everything by hand in the nodes.pp file
>
> Thanks guy/gals, I really appreciate all the help!
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

For the way you are doing thing, the easiest answer is: use templates.  Here
is an example from my sshd_config.erb file that may be of use to you:

----------------- CUT HERE ---------------------
pps = cprt_classes.split('','') rescue []
my_login_groups = [''root'', ''wheel'',
''sysadmin'']
my_login_groups << ''xdeploy'' if
pps.index(''scheduler'') != nil
my_login_groups << ''java'' if
pps.index(''scheduler'') != nil
my_login_groups << ''netdb'' if
pps.index(''bind::server'') != nil
my_login_groups << ''hudson'' if
pps.index(''hudson'') != nil
my_login_groups << ''jira'' if
pps.index(''jira'') != nil
my_login_groups << ''security'' if fqdn ==
''qlvsbild002.example.com''
my_login_groups << ''dev'' if fqdn ==
''qrnsoems001.example.com''
-%>
AllowGroups <%= my_login_groups.join('' '') %>
----------------- CUT HERE ---------------------

Another way to do this would be with override classes.  Here is an (fully
contrived and untested) example.

class standard {
  file { "/etc/passwd":  source =>
"puppet:///modules/standard/passwd" }
}

class standard::germany inherits standard {
  File["/etc/passwd"]{source =>
"puppet:///modules/standard/passwd.germany"
}
}

node /^.*.de/ { include standard::germany }
node default { include standard }


On Fri, Feb 25, 2011 at 5:14 AM, Jed <jedblack@gmail.com> wrote:
> At the least, can someone be so kind as to tell me the term to search
> about -- i''ve googled a bit, and I think "node override"
is what im
> after?
>
> On Feb 24, 9:16 am, Jed <jedbl...@gmail.com> wrote:
> > Hi all,
> >
> > I think this has been asked in one form or another, but my problem so
> > far is i''m not sure of the terminology or nomenclature to use
in my
> > search string to find out my answer...
> >
> > So, here is my question..
> >
> > I have lots of systems/instances, like most of us, and like most of
> > they are spread across different tiers and environments.
> >
> > ie. dev/stg/prod
> >
> > i''ve setup my puppet master to look for environment variables
and
> > based off of that the client will look under /etc/puppet/development
> > or ./lab or ./prod ...etc..etc (that works great)
> >
> > Now i''ve reached the point where I have a global baseline
config/
> > manifest that every host in each environment(dev/stg/prod) will get -
> > that works great as well.
> >
> > My problem now is that we have different host "groups", that
require
> > different files set of files outside of what the global base_line
> > manifest provides.
> >
> > for intance..
> >
> > host that contain "wwwfe" in their host name need a
different sudoers
> > file then hosts that contain "profile" in thier hostname
> >
> > is there a way that i can say...
> >
> > provide the base_line to every machines/instance, but only provide the
> > "www-sudoers" file to host that contain "wwwfe" in
their hostname
> >
> > or...
> >
> > provide the profile_sudoers file only to hosts that contain the
> > "profile" in their host names?
> >
> > not sure if they is even the correct way to go about this....
> > currently I don''t have any external node configuration(ie.
ldap) so
> > i''m doing everything by hand in the nodes.pp file
> >
> > Thanks guy/gals, I really appreciate all the help!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

You can use regex matches against your nodes'' facts, $hostname for
example, to select classes or resources to include.  Actually, you can
do this at at least two levels:

At node level:

node /wwwfe/ {
  include "base_line"
  include "wwwfe"
}

OR

node default {
  include "base_line"
}

node /wwwfe/ inherits default {
  include "wwwfe"
}

---

At statement level:

node default {
  include "base_line"

  case $hostname {
    /wwwfe/: { include "wwwfe" }
  }
}


Doing it at statement level, using ''case'' or
''if'' statements, can
better support machines that have multiple specializations.

If you want to manage the same file on all nodes, varying its contents
according to nodes'' facts, then Brian''s suggestion to use
templates is
perhaps a better alternative (though that''s not the only use case for
templates).

If you want to manage variants of a resource of another type, then you
may find it useful to use subclasses to override resource properties.
You might then declare default resources directly or indirectly in
class "base_line", and specialize the properties of some of them on
specific node groups by including appropriate subclasses on the nodes
of those groups.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks so much guys,  I really really appreciate you taking the time
to respond to my question.

I''ve been reading quite a bit , but could not really find out how to
do this....

I''ll give these method a try and report back

Thanks again!



On Feb 25, 10:51 am, jcbollinger <John.Bollin...@stJude.org>
wrote:
> You can use regex matches against your nodes'' facts, $hostname for
> example, to select classes or resources to include.  Actually, you can
> do this at at least two levels:
>
> At node level:
>
> node /wwwfe/ {
>   include "base_line"
>   include "wwwfe"
>
> }
>
> OR
>
> node default {
>   include "base_line"
>
> }
>
> node /wwwfe/ inherits default {
>   include "wwwfe"
>
> }
>
> ---
>
> At statement level:
>
> node default {
>   include "base_line"
>
>   case $hostname {
>     /wwwfe/: { include "wwwfe" }
>   }
>
> }
>
> Doing it at statement level, using ''case'' or
''if'' statements, can
> better support machines that have multiple specializations.
>
> If you want to manage the same file on all nodes, varying its contents
> according to nodes'' facts, then Brian''s suggestion to use
templates is
> perhaps a better alternative (though that''s not the only use case
for
> templates).
>
> If you want to manage variants of a resource of another type, then you
> may find it useful to use subclasses to override resource properties.
> You might then declare default resources directly or indirectly in
> class "base_line", and specialize the properties of some of them
on
> specific node groups by including appropriate subclasses on the nodes
> of those groups.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.