On Feb 7, 8:17 am, thinkwell <[email protected]> wrote: > Hello everyone, > > First-time poster investigating Puppet for managing CentOS-based > firewall distros at various locations. I have approximately 130 > machines to administrate so some type of config management is > certainly needed. > > I've been working through Puppet tutorials and I'm wondering if Puppet > will do what I need; all machines are very similar. However each > machine will have small differences. For example, > > 1. SSH Ports: Machines have custom SSH ports so that's one variable > that would prevent me from just copying sshd_config. > > 2. Squid ACLs: All machines will have certain Squid ACLs, but many > machines will vary otherwise, say in cache size for example. > > 3. Iptables: All machines have standardized Iptables rules in /etc/ > rc.d/rc.firewall.local. But again each machine has rules on a per-host > basis. > > Originally, what I thought I could do is have certain sections of the > config files managed by Puppet, with other sections managed by local > edits on a per-host basis. But I'm gathering that's not how Puppet > works - you manage the whole config file and apply various config > versions based on Facter facts, node types, etc. If that's my only > option, I'll have to maintain custom conf files on Puppetmaster for > every host! > > I'm open to advice generally, and comments specifically on how to > manage small per-host variations. Create custom Facter conditionals > for hosts?
The kind of work you describe is well within Puppet's capabilities. In particular, Puppet supports defining file contents via ERB templates. That allows you to write the common parts of files exactly as normal (all in one place), and to interpolate the custom parts from Puppet variables. And that's just to start. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
