Michael DeHaan wrote: > On Thu, Feb 11, 2010 at 7:20 PM, Nat <[email protected]> wrote: >> Hi, >> >> We have got puppet set up and running at our main office with no >> issues. >> We are using an external node classifier instead of directly creating >> node definition files. >> >> We would like to manage our remote offices using puppet also. A little >> about our set up. From our main site we have VPN links out to a remote >> site. each site is generally identical with the same number of servers >> and roughly the same services running on each server. Essentially >> the only differences at each remote site the subnet and related IP >> addresses. >> >> Since we are using an external node classifier we do not explicitly >> have node definition so we can not inherit a class and override a >> default value. >> Is there a way to do this using node classifiers? >> >> >> An example will probably show this better >> >> Site1: >> + location UK >> + subnet 192.168.1.0/24 >> + gateway 192.168.1.254 (acts also as nameserver and local >> dns etc >> for all servers at site >> 1, for example ntp will >> use the closest time >> source geographically) >> + sever1 ip - 192.168.1.1 gateway of 192.168.1.254 >> + sever2 ip - 192.168.1.2 gateway of 192.168.1.254 >> Site 2: >> + location US >> + subnet 192.168.2.0/24 >> + gateway 192.168.2.254 (acts also as nameserver and local >> dns etc >> for all servers at site >> 2, for example ntp will >> use the closest time >> source geographically) >> + sever1 ip - 192.168.2.1 gateway of 192.168.2.254 >> + sever2 ip - 192.168.2.2 gateway of 192.168.2.254 >> >> As you can see most details are identical between sites except for a >> few >> network and geographical differences. >> >> Has there been any consensus within the community on the best way to >> manage situations like this? >> > > I was talking with Eric yesterday about his external nodes regex classifier: > > http://github.com/reductivelabs/puppet/tree/master/ext/regexp_nodes/ > > This might be a start to some sort of evolved smart node idea (that we > could stick in Dashboard and also build a CLI tool to) that could > support the concept of variable inheritance. So not just define what > machines are webservers (rather than what webservers are what machine) > but use similar regexen (or another system of groups) to classify what > machines live in what areas -- and blend the two groups together. > > Dan Bode mentions he sees several logical groups here -- there's what > type of a machine you have, whether it's a stage/prod machine, and > what location (datacenter) it is in (i.e. what is the machine's > geographic location). Some variables may come from one or more of > those sources, and they can have some basic defaults. (This is > somewhat similar to Cobbler's "blender" inheritance for groups of > things... allowing extension of arrays and adding keys to hashes, or > overriding of scalars, as we evaluate the group orders. The > location groups and the classification groups would not need to be > chained (i..e one a parent of another) but we'd want to support the > idea of inherited subgroups (acme-datacenter is a subset of > us-datacenters is a subset of datacenters). Apologies if I'm being > confusing :) > > There's obviously a lot to do here, but I can see the need for a > intelligent external nodes classifier that understands those kinds of > ideas that can really model a multi-site environment as a first class > concept. > > --Michael >
I don't want to sound a fanboy or one of Volcane's minions, but I think his idea is spot on for this kind of thing. If it had LDAP/other DB support it would be even more ridiculously awesome. At the base of this problem, your base solution is you just need a function that can look up arbitrary data. Hostname can come into play, but with extlookup you can choose an order of precedence (IE overriding: hostname.csv trumps domain.csv or vice versa and it's all configurable). I use CSV files cause I am lazy, it is easy, and my environment is small. Someone at $FORTUNE500 could use LDAP if the tool was extended slightly. As I recall however, extlookup.rb is not included in mainline puppet because Luke disagrees with the implementation I think. Could be wrong here. Best to ask him. I deploy it as part of my deploy:cold cap task for new masters. My uses for extlookup: * combined with ERB to create iptables firewalls * in puppetdoc, $location shows you where it lives since you can set it in the csv files (huge, huge win) * override DNS stupidity, which a lot people have. Or to simple force hostnames in case a master is having performance issues and you need to re route some clients. You just change the value in the csv. * Current list of admins to realize even can be done in the csv. The point is, a tool like this should be in puppet, extlookup.rb right now kicks a lot of ass. RL can do what they want obviously, but they should look at this tool. Mike, have you checked this tool out? You should if you haven't had the chance yet. It's just a custom parser function, two lines in your site.pp and a master restart. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
