Puppet users - Sep 2013 - next steps in puppet deployment - host specific rules?

I''ve got a basic puppet deployment up and running with some basic
modules
in place for configuration management. Running 3.3.0 on server and clients.

My next stumbling block is how to I manage hosts that have host or 
application specific needs?

Example:
I have basic sudo file that I am managing via puppet, in it I''ve got
our
standard admins listed under root.  I can deploy this to most machines, but 
what about one off machines that have a slightly different grouping of 
admins?

Another example:
I''ve got a baseline Iptables module setup (using the puppetlabs module)
that covers a set of baseline iptable rules.  What if I have a machine that 
needs slightly different ports open? I don''t want to include that in
the
baseline, it''s pointless.  How do I do a "if machine/node =
specialcase
then do blah" type rule?

Thanks.

Tim

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Tim,
    For managing server specific parameters i will suggest you to use 
hiera, please refer link http://docs.puppetlabs.com/hiera/1/puppet.html
So for 1st example: you can either use heira or use parametrized class so 
that you can pass server specific parameters ( admin list) from site.pp. 
i.e. different value of admin list for different node.

For 2nd example:
   Create fact to find your special case machines. and you can use 
condition 

if $<fact_name> == "special case"
{ 
  <then condition>
  here use different port number for iptables rule.
}
 
Thanks and Regards,

Sneha More,
NTT DATA GTS, OSS Center, India, (Pune)


On Friday, September 27, 2013 2:30:25 AM UTC+5:30, TimV
wrote:
>
> I''ve got a basic puppet deployment up and running with some basic
modules
> in place for configuration management. Running 3.3.0 on server and clients.
>
> My next stumbling block is how to I manage hosts that have host or 
> application specific needs?
>
> Example:
> I have basic sudo file that I am managing via puppet, in it I''ve
got our
> standard admins listed under root.  I can deploy this to most machines, but
> what about one off machines that have a slightly different grouping of 
> admins?
>
> Another example:
> I''ve got a baseline Iptables module setup (using the puppetlabs
module)
> that covers a set of baseline iptable rules.  What if I have a machine that
> needs slightly different ports open? I don''t want to include that
in the
> baseline, it''s pointless.  How do I do a "if machine/node =
specialcase
> then do blah" type rule?
>
> Thanks.
>
> Tim
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

On Thursday, September 26, 2013 4:00:25 PM UTC-5, TimV
wrote:
>
> I''ve got a basic puppet deployment up and running with some basic
modules
> in place for configuration management. Running 3.3.0 on server and clients.
>
> My next stumbling block is how to I manage hosts that have host or 
> application specific needs?
>
> Example:
> I have basic sudo file that I am managing via puppet, in it I''ve
got our
> standard admins listed under root.  I can deploy this to most machines, but
> what about one off machines that have a slightly different grouping of 
> admins?
>
> Another example:
> I''ve got a baseline Iptables module setup (using the puppetlabs
module)
> that covers a set of baseline iptable rules.  What if I have a machine that
> needs slightly different ports open? I don''t want to include that
in the
> baseline, it''s pointless.  How do I do a "if machine/node =
specialcase
> then do blah" type rule?
>
>
There are at least three parts, and I''m not sure which one
you''re asking
about.

First is the issue of associating the needed data with the special-case 
node(s).  The most basic mechanism for that is to use node definitions 
matching just the special case machine(s).  If you''re using an ENC, of 
course, you also can program it to issue the appropriate information for 
the special case nodes.  Alternatively, you can also program the special 
cases directly into your classes, though that''s not a very good
practice.
Or you can use node-sensitive external data, such as hiera can provide for 
you.

Second is the issue of getting the data into your classes.  Here your 
alternatives are global variables, class / definition parameters, and data 
access functions such as hiera().  The latter two can be used together via 
Puppet 3''s automatic data binding feature, and that''s the only
way I
personally can recommend using class parameters.

Third is the issue of pushing out the custom data into actual client-side 
resources.  Resource parameters are the main mechanism for that, but they 
are more flexible than you may give them credit for.  In particular, do not 
miss the significance of the template() function and its use for 
interpolating Puppet variables into, for example, the
''content'' of a File
resource.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.