Martijn Grendelman
2011-Nov-17 12:22 UTC
[Puppet Users] Collecting resources from exporting node
Hi,
I was looking at the basic example for exporting and collecting resources
at http://docs.puppetlabs.com/guides/exported_resources.html :
class ssh {
@@sshkey { $hostname: type => dsa, key => $sshdsakey }
Sshkey <<| |>>
}
I quote:
"The above code would have every host export its SSH public key, and then
collect every host’s key and install it in the ssh_known_hosts file; this
would include the host doing the exporting."
That last statement seems untrue in my experiments.
I have the following manifest:
# Export a firewall rule, requesting access to DIR/MRC replication ports
@@firewall::rule {"xtreemfs-repl-${hostname}":
rule => [
"-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35678
-j ACCEPT",
"-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35676
-j ACCEPT",
],
}
# Collect all firewall rules from DIR/MRC servers
Firewall::Rule <<| tag == ''xtreemfs::dir_mrc''
|>>
This class is included on two servers, let''s call them serverA and
serverB.
On serverA, I do get Firewall::Rule[xtreemfs-repl-serverB], but not
Firewall::Rule[xtreemfs-repl-serverA], and on serverB, it''s the other
way
around.
So exporting works (confirmed by looking at the database). So does
collecting, only not from the local node. What am I doing wrong?
Best regards,
Martijn Grendelman
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Martijn Grendelman
2011-Nov-17 16:18 UTC
Re: [Puppet Users] Collecting resources from exporting node
Hi, A small addition at the bottom...> I was looking at the basic example for exporting and collecting resources > at http://docs.puppetlabs.com/guides/exported_resources.html : > > class ssh { > @@sshkey { $hostname: type => dsa, key => $sshdsakey } > Sshkey <<| |>> > } > > I quote: > > "The above code would have every host export its SSH public key, and then > collect every host’s key and install it in the ssh_known_hosts file; this > would include the host doing the exporting." > > That last statement seems untrue in my experiments. > > I have the following manifest: > > # Export a firewall rule, requesting access to DIR/MRC replication ports > @@firewall::rule {"xtreemfs-repl-${hostname}": > rule => [ > "-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35678 > -j ACCEPT", > "-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35676 > -j ACCEPT", > ], > } > > # Collect all firewall rules from DIR/MRC servers > Firewall::Rule <<| tag == ''xtreemfs::dir_mrc'' |>> > > This class is included on two servers, let''s call them serverA and serverB. > > On serverA, I do get Firewall::Rule[xtreemfs-repl-serverB], but not > Firewall::Rule[xtreemfs-repl-serverA], and on serverB, it''s the other way > around.When adding the class to a third server, all servers get the Firewall::Rule from the two others, but never from itself.> So exporting works (confirmed by looking at the database). So does > collecting, only not from the local node. What am I doing wrong?Most curious... Best regards, Martijn Grendelman -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Martijn Grendelman
2011-Nov-18 14:04 UTC
Re: [Puppet Users] Collecting resources from exporting node
No one? Is my question not clear (TL;DR, perhaps?), or doesn''t anyone have an answer? Best regards, Martijn. On 17-11-11 17:18, Martijn Grendelman wrote:> Hi, > > A small addition at the bottom... > >> I was looking at the basic example for exporting and collecting resources >> at http://docs.puppetlabs.com/guides/exported_resources.html : >> >> class ssh { >> @@sshkey { $hostname: type => dsa, key => $sshdsakey } >> Sshkey <<| |>> >> } >> >> I quote: >> >> "The above code would have every host export its SSH public key, and then >> collect every host’s key and install it in the ssh_known_hosts file; this >> would include the host doing the exporting." >> >> That last statement seems untrue in my experiments. >> >> I have the following manifest: >> >> # Export a firewall rule, requesting access to DIR/MRC replication ports >> @@firewall::rule {"xtreemfs-repl-${hostname}": >> rule => [ >> "-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35678 >> -j ACCEPT", >> "-A firewall-user-app -p tcp -s $primary_ipaddress --dport 35676 >> -j ACCEPT", >> ], >> } >> >> # Collect all firewall rules from DIR/MRC servers >> Firewall::Rule <<| tag == ''xtreemfs::dir_mrc'' |>> >> >> This class is included on two servers, let''s call them serverA and serverB. >> >> On serverA, I do get Firewall::Rule[xtreemfs-repl-serverB], but not >> Firewall::Rule[xtreemfs-repl-serverA], and on serverB, it''s the other way >> around. > > When adding the class to a third server, all servers get the > Firewall::Rule from the two others, but never from itself. > >> So exporting works (confirmed by looking at the database). So does >> collecting, only not from the local node. What am I doing wrong? > > Most curious... > > Best regards, > Martijn Grendelman >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2011-Nov-18 22:23 UTC
[Puppet Users] Re: Collecting resources from exporting node
On Nov 18, 8:04 am, Martijn Grendelman <mart...@iphion.nl> wrote:> No one? Is my question not clear (TL;DR, perhaps?), or doesn''t anyone have > an answer?As far as I know, nodes are supposed to be able to collect their own exported resources. If that''s not working for you then perhaps Puppet has a regression in that area. You could consider filing a bug ticket, but I don''t have any suggestion for making it work in the short term. Unless you''re prepared to fix it yourself -- PuppetLabs loves patches, as long as you''ll sign their CLA. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Ken Barber
2011-Nov-28 11:18 UTC
[Puppet Users] Re: Collecting resources from exporting node
Raised:
http://projects.puppetlabs.com/issues/11049
The workaround I believe is to use explicit tags on the resource.
resource_name { "foo":
tag => "class_name",
}
Can you give that a try?
ken.
On Nov 18, 10:23 pm, jcbollinger <John.Bollin...@stJude.org>
wrote:> On Nov 18, 8:04 am, Martijn Grendelman <mart...@iphion.nl> wrote:
>
> > No one? Is my question not clear (TL;DR, perhaps?), or
doesn''t anyone have
> > an answer?
>
> As far as I know, nodes are supposed to be able to collect their own
> exported resources. If that''s not working for you then perhaps
Puppet
> has a regression in that area. You could consider filing a bug
> ticket, but I don''t have any suggestion for making it work in the
> short term. Unless you''re prepared to fix it yourself --
PuppetLabs
> loves patches, as long as you''ll sign their CLA.
>
> John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.