On 9/22/10 12:02 PM, "Francisco Reyes" <li...@stringsutils.com> wrote:
> Mike Hoskins writes:
>
>> How many hosts? Machine types?
>
> About 60 hosts with 3 main types.
Cool.
>> For starters (I know it is just boring semantics, sorry if it points out the
>> obvious) -- pick some central dir (beside /) to hold your semaphores (files)
>> lest your fs become untidy.
>
> Will do. Was easiest to type in example. :-)
Got it.
>> Determining a host's "role" by absence or presence of a file (perhaps
>> touched as part of your net-install/provisioning?)
>
> Yes.
> Our setup is basically:
> Kickstart to install CentOS
> From the new machine we get a tar from a centrail repository(manual process)
> Tar file has our entire setup with "targets"
> Based on the machine target (ie a web server) we will setup the flag files.
>
> Right now by the time we finish the install a machine is mostly ready to
> run. There are still some parts that need to be done manually, but it's
> minimal.
Excellent, you're on the right path...and now cfengine can help make manual
tasks = 0 over time.
>> also use RegCmp and hostname patterns (e.g. prod-ldap-master01)... There
>> are many possible implementations, but your idea is sound.
>
> Names may not always work for us because there are some "hybrid"
> machines that may do a few things, but for cfengine purposes they will be of
> one of the defined 3 types
> web
> smtp
> database
Yeah, that approach seldom works well due to "role sharing".
>> some day) is to build an inventory management database early on. Ours has a
>> notion of "role" derived from various things like location, environment,
>> product and purpose. We have a module that pulls this information from the
>> central database (caching locally for some period of time). Then if we want
>> to change the role of 100 machines, we don't need to manipulate files...just
>> run a SQL to update the database, and grab some coffee.
>
> So how do you propagate the knowledge from the DB to cfengine?
A module makes a web call (literally wget, curl, whatever in shell), which
our inventory database returns as a series of name=value pairs. The module
gets ran vi PrepModule, and turns these into classes/macros. The module
generates a cache that is retired every 3 minutes (or instantly if cfagent
is ran with -Dclean_cache) to avoid hammering the database, but also enusre
reasonably fresh data.
This module is really nothing fancy, I'd be happy to send you a copy just so
you can see how simple the concept really is... Also, while we are mostly a
python shop (Java snuck in here or there ;) I would absolutely suggest
sticking to shell when writing modules to avoid library issues...but maybe
that's just me.
>> We use import a lot, so there is a minimal set of "common" policy which
>> gets ran everywhere, and the rest only runs on hosts matching specific roles.
>
> Right now we will have some common policies such as, /etc/resolver, and
> others based on role.
Sure, that makes sense... One thing we've tried to do is use imports over
time to minimize (as much as feasible) the code which must parse/run on each
node. This just seemed more efficient, and also attempts to further
insulate against policy mishaps (though that should be caught in QA).
> I plan to work on the basics and slowly get more and more into the
> management system (likely cfengine).
>
> Can classes be nested?
> In addition to the 3 types (Web, smtp and DB) I also have 2 locations. So
> perhaps a better picture is..
>
> Location1
> web
> smtp
> DB
> Location2
> web
> smtp
> DB
Basically... Any class can be on or off, simultaneously. So I'd think of
the above layout as the following collection of classes:
location1.web
location1.smtp
location1.db
location2.web
location2.smtp
location2.db
> If classes can't be nested I guess it could be kept flat by having 6 files
> to check. Initially I will start with just one location just to start with a
> simpler setup.
Good luck!
--
Mike Hoskins : micho...@cisco.com : +1 (415) 506-UNIX (8649)
To avoid criticism, do nothing, say nothing, be nothing.
-- Elbert Hubbard
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
